Patient Data Management
We collect, hold and process data about our patients for the purpose of providing you with safe and effective healthcare.
We are responsible for keeping your sensitive and personal data up-to-date, accurate and secure.
We use secure NHSE IT networks and systems that are password protected to manage patient data.
We use encrypted and password protected NHS.net for all email communications.
Patient medical records are kept digitally on a secure clinical IT system. Older paper records are either kept in a locked cupboard on site or at an NHS approved archive facility offsite.
All of our staff are fully trained on Information Governance (IG) procedures and mandatory training is completed on an annual basis. IG training is included in our induction programme for all new starters and all staff sign a confidentiality agreement.
We only share relevant and necessary information with other health professionals and here are some examples of how we do this:
- Summary Care Record via a secure web portal allowing other healthcare professionals E.G. ambulance staff or A&E clinicians to access key health information to enable them to provide safe and effective immediate care. Please inform a receptionist if you would like more information or would prefer to 'opt out'. You can also decide to 'opt in' to share more detailed data.
- Local Care Record via a secure electronic data transfer system. This allows GP's and hospitals to have immediate access to necessary and relevant health data. For example GP's can view requested test results or x-rays without waiting for the hospital to send them to the practice. Please inform a receptionist if you would like more information or would prefer to 'opt out' of this service.
- Remote consultations at the Extended Primary Care Service via our secure clinical IT system. This allows clinical staff at the Extended Primary Care Service based at Spa Medical to view your medical records when you have an appointment with them. You will be asked give your consent for them to do this before your appointment starts.
- Referrals via encrypted nhs.net email or via our secure eReferrals IT system. When you agree to a clinician making a referral you are giving us your consent to do this.
- National immunisation and screening programmes collect data via secure NHS IT systems to help the NHS and Department of Health plan for population based health and prevention programmes.
Please be aware that there are some circumstances that we are legally required to break confidentiality without your consent in order to prevent death or serious harm or if there is a risk to the public. However, we will only do this if there is a legal basis and will disclose the minimum information required.
If we receive a request to share your data with other organisations we will act according to standard protocols. For instance, if a solicitor contacts us on your behalf, it is they that will need to have checked your ID and confirm to us that they are acting on your behalf with your knowledge and consent. Alternatively, if an insurance company requests information about you we would need to check with you directly to ensure you are aware of the request and happy for us to share your data.
Your information will only be shared in accordance with your rights under the EU's General Data Protection Regulation 2018 (GDPR), the UK Data Protection Act Law (under review 2018), the Common Law Duty of Confidentiality, the NHS Constitution and in keeping with the NHS Codes of Practices that guide the use of information.
For the last 10 years, patient data from GP surgeries has been collected (where a patient has not opted out) via a central general practice extraction service, this service is in the process of being replaced by an improved system called General Practice Data for Planning and Research (GPDGR) that is managed by NHS Digital. This practice is supporting vital health and care planning and research by sharing your data with NHS digital. For more information about this service and advice on how to opt out if you don't want your data shared see the GP Practice Privacy Notice for General Practice Data for Planning and Research.
To find out more about how the NHS uses your data for research and planning, and how to set your preferences for whether it can be used or not then go to https://www.nhs.uk/your-nhs-data-matters/
To find out more information about how the NHS manages and uses patient information then see the Privacy Notice.
Information Governance Lead – Tilly Wright
Caldicott Guardian – Dr Nancy Kuchemann
For more information please ask at reception for a time to meet with our Practice Manager, Tilly Wright.
Access to your Medical Records
You are entitled to access data that the practice holds on you.
You can make a request for a copy of your personal data at reception. You can make this request verbally and do not need to give written consent, however you would need to provide photo ID proof of who you are e.g. passport or driving licence. We will provide a copy within 28 days of your request. There is no fee for this.
Please note that we do not have to provide multiple copies of personal data or to respond to repeated requests for the same personal data.
You can also view your summary personal data if you have patient online access. Click here for further information
You can also view your full personal data at the practice. Please ask at reception to arrange an appointment to do this.
Non-NHS Forms, Reports & Letters
If a doctor writes a medical report for an outside agency such as an insurance company or solicitors, you are entitled to view the report before it is sent. Please note there is a time limit of 21 days for you to view any reports so please ask at reception for details.
You will need to provide your explicit consent for us to share your confidential data with any other organisation. This consent must be in written form.
When a doctor writes a letter about you, you are entitled to a copy; please discuss with the doctor or ask at reception for details.
Please note that we charge a fee for all non-nhs contracted work such as writing medical reports. Please ask at reception for details of the range of fees. We accept cash or cheques only and all fees must be paid in advance of the work being completed.
As part of a mandatory, national programme GP Practices have to make a Summary Care Record (SCR) for every patient. The SCR allows other healthcare professionals such as ambulance staff or A&E staff to see key medical information about you to enable them to provide safe and effective care.
- Current medications
- Allergies and any bad reactions in the past to medications
- Name, address and NHS number
Patients have the option to 'opt out' of the SCR. Please let a receptionist know if you would like to 'opt out'.
Patients also have the option to 'opt in' to sharing more detailed information on the SCR. The enriched detail listed below is to better help healthcare professionals provide safe and effective care, particularly for people who may be frail of living with multiple health conditions.
- Significant medical history (past and present)
- Reason for medication
- Anticipatory care information such as managing long term conditions
- End of life care information
Please see the links to further information below.
If you wish to opt out download and complete the opt out form and return to the practice or you can ask at reception.
Your GP practice holds copies of your patient health record electronically and in paper format. Both contain the healthcare information about you that your GP needs including your medical history, medications, allergies, immunisations and vaccinations.
If you have previously registered with a different GP in England, upon registering at this practice your electronic health record will, where possible, be transferred automatically from your previous practice through the use of an NHS system called GP2GP.