Confidentiality & Medical Records

The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

• To provide further medical treatment for you e.g. from district nurses and hospital services.
• To help you get other services e.g. from the social work department. This requires your consent.
• When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.

If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.

Freedom of Information

Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.

Access to Records

In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.

ACR project for patients with diabetes (and/or other conditions)

The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care. Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care. Further information about this is available at: https://lp.healthy.io/minuteful_info/.

Complaints

We make every effort to give the best service possible to everyone who attends our practice.

However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.

To pursue a complaint please contact the practice manager who will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from reception.

Violence Policy

The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.

Processors of personal data

In order to deliver the best possible service, the practice contracts Processors to process personal data, including patient data on our behalf.

When we use a Processor to process personal data we will always have an appropriate legal agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by a Processor include:

• Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services and document management services.
• Delivery services (for example if we were to arrange for delivery of any medicines to you).
• Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).
  

GPES Data for Pandemic Planning and Research (COVID-19)

We are legally required to share data with NHS Digital for purpose under section 259(1)(a) of the Health and Social Care Act 2012 to support vital planning and research for COVID-19 purposes. For further details, please refer to: https://digital.nhs.uk/binaries/content/assets/website-assets/corporate-information/directions-and-data-provision-notices/data-provision-notices/gpesdatapandemicplanningresearchdpnv1.0.pdf

Population Health Management Data Platform

Population Health Management (PHM) Privacy Notice 

Under data protection law we must tell you about how we use your personal information. This includes the personal information that we share with other organisations and why we do so. Our main GP practice privacy notice is on our website. This additional privacy notice provides details about Population Health Management.

What is Population Health Management (PHM)?
PHM is aimed at improving the health of both local and national populations. It is about improving the physical and mental health outcomes and wellbeing of people and making sure that access to services is fair, timely, and equal. It helps to reduce the occurrence of ill health and looks at all the wider factors that affect health and care.

PHM is an approach being implemented across the NHS and this Practice. Population Health Management requires health and social care, to work together with communities and partner agencies, for example, GP practices, community service providers, hospitals and other health and social care providers. Organisations will share and combine de-identified information (where information identifying you has been removed) with each other in order to get a view of health and services for the population in a particular area. This information sharing is subject to robust security arrangements and risk assessments.

How will my Personal Information be used?
The information needed for PHM will include information about your health and social care. Information about you and your care will be used in a format that does not directly identify you, which we refer to within this privacy notice as pseudonymised. This information will be combined and anything that can identify you (like your name or NHS Number) will be removed and replaced with a unique code. This means that the people working with the data will only see the code and cannot see which patient the information relates to. The information will be used for a number of health and social care related activities such as -

• Identifying groups of patients that could benefit from direct interventions
• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

Who will my personal information be shared with?
Your GP, other health or care providers, Local Councils within NE London and the NHS NEL Integrated Care Board may send the information they hold on their systems to each other. All of these organisations are legally obliged to protect your information and maintain confidentiality in the same way that your GP or hospital provider is.

Is using my personal data in this way lawful?
Health Care Providers are permitted by data protection law to use information where it is “necessary for medical purposes”. This includes caring for you directly as well as management of health services more generally. The legal basis for sharing your information is GDPR Article 6 (1) (e) “Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”

Sharing and using your information in this way helps to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used where allowed by law and in this case, anonymised data is used so that you cannot be identified.

Can I object to my data being used as part of this programme?
Yes. You have the right to opt out of sharing your personal data being used in this way. You can do this in two ways -

1. Opt out of all sharing of your data for other uses outside your GP Practice. This is called a Type 1 opt out and you should request this directly to us, your GP practice. This will be applied not only to this programme but to any others we take part in.
2. National Data Opt-out (opting out of NHS Digital sharing your data). You can find out more about and register a National Data Opt-out, or change your choice on nhs.uk/your-nhs-data-matters or by calling 0300 3035678.

This applies to identifiable patient data about your health which is called confidential patient information. If you don’t want your confidential patient information to be shared with other organisations for purposes except your own care - either GP data, or other data it holds, such as hospital data - you can register a National Data Opt-out.

If you have registered a National Data Opt-out, NHS Digital won’t share any confidential patient information about you with other organisations, unless there is an exemption to this, such as where there is a legal requirement or where it is in the public interest to do so, such as helping to manage contagious diseases like coronavirus. You can find out more about exemptions on the NHS website.