Privacy policy
Privacy Notice – Direct Care, (routine care and referrals)
The records we keep to enable us to look after you
This practice keeps data on you relating to who you are, where you live, what you do, your family, possibly your friends, your employers, your habits, your problems and diagnoses, the reasons you seek help, your appointments, where you are seen and when you are seen, who by, referrals to specialists and other healthcare providers, tests carried out here and in other places, investigations and scans, treatments and outcomes of treatments, your treatment history, the observations and opinions of other healthcare workers, within and without the NHS as well as comments and aide memoires reasonably made by healthcare professionals in this practice who are appropriately involved in your health care.
When registering for NHS care, all patients who receive NHS care are registered on a national database, the database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS.
GPs have always delegated tasks and responsibilities to others that work with them in their surgeries, on average an NHS GP has between 1,500 to 2,500 patients for whom he or she is accountable. It is not possible for the GP to provide hands on personal care for each and every one of those patients in those circumstances, for this reason GPs share your care with others, predominantly within the surgery but occasionally with outside organisations.
If your health needs require care from others elsewhere outside this practice we will exchange with them whatever information about you that is necessary for them to provide that care. When you make contact with healthcare providers outside the practice but within the NHS it is usual for them to send us information relating to that encounter. We will retain part or all of those reports. Normally we will receive equivalent reports of contacts you have with non NHS services but this is not always the case.
Your consent to this sharing of data, within the practice and with those others outside the practice is assumed and is allowed by the Law.
People who have access to your information will only normally have access to that which they need to fulfil their roles, for instance admin staff will normally only see your name, address, contact details, appointment history and registration details in order to book appointments, the practice nurses will normally have access to your immunisation, treatment, significant active and important past histories, your allergies and relevant recent contacts whilst the GP you see or speak to will normally have access to everything in your record.
You have the right to object to our sharing your data in these circumstances but we have an overriding responsibility to do what is in your best interests. Please see below.
We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.
1) Data Controller contact details |
Vine Surgery Partnership |
2) Data Protection Officer contact details |
Kevin Caldwell |
3) Purpose of the processing |
Direct Care is care delivered to the individual alone, most of which is provided in the surgery. After a patient agrees to a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care. |
4) Lawful basis for processing |
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:
Organisations and their employees will also respect and comply with their obligations under the common law duty of confidence. |
5) Recipient or categories of recipients of the processed data |
The data will be shared with Health and care professionals and support staff in this surgery and at hospitals, diagnostic and treatment centres who contribute to your personal care. |
6) Rights to object and the national data opt-out |
There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below. NHS Digital
The national data op-out model provides you with an easy way of opting-out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons. To opt-out or to find out more about your opt-out choices please go to NHS Digital’s website: Public health
Care Quality Commission
Court order Your information must be shared if it ordered by a court. This means that you are unable to object. |
7) Right to access and correct |
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law. |
8) Retention period |
The data will be retained in line with the law and national guidance. See further information on the Retention Period or speak to the practice. |
9) Right to Complain |
You have the right to complain to the Information Commissioner’s Office. or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate). There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website). |
Privacy Notice - Research
Use of your data for Research
We're excited to share news of our partnership with seasoned NIHR CRN (National Institute for Health Research Clinical Research Network) experts, seamlessly integrated into our practice team. In the pursuit of advancing medical research, these professionals, alongside our practice team, may access your patient record for pre-consented activities. This involves identifying potential eligibility for research opportunities and supporting recruitment and follow-up for clinical trials. This process operates under the lawful bases of Article 6 (public task) and Article 9 (substantial public interest) of the GDPR. Be assured, that your privacy and data security are rigorously safeguarded. This collaboration also supports NIHR and NHS's pursuit in improving equality to access research. Any eligible individuals will be contacted by the practice, and their consent will be requested before any further processing takes place.
Website Privacy Policy
We are committed to protecting the privacy of all individuals using this website.
This policy explains how we use any personal information we collect from you through this website.
Collection of personal information
You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.
By submitting your personal information, you consent to our use of the information as set out in this privacy policy.
Use of personal information
We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:
We shall use your personal information to administer, and may respond to, your request.
We shall securely store the information you supply together with any response we may provide.
If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.
Website privacy
This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.
Data storage
All data obtained by us is held and used in compliance with the Data Protection Act 2018.
Cookie Policy
Please read our Cookie Policy
Links
This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.
Access to your personal information
You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.