Privacy Statement

Our Duties

As part of our legal duties, this practice is required to;

  • Maintain full and accurate records of the care and services we provide you
  • Keep records about you confidential and secure

Your Information

The practice aims to provide you with safe, high quality care that is based on accurate, up to date information.

This information allows us to work others involved in your care and this may involve sharing information with other health and social care organisations.

Information Includes:

  • Basic details such as address, date of birth and next of kin
  • Contact we have had with you
  • Notes and reports about your health
  • Details and records about your treatment and care

Others may also need to use records about you to:

  • Check the quality of care you are receiving
  • Protect the health of the general public  
  • Keep track of NHS spending
  • Help investigate any concerns or complaints you ask us to
  • Teach students or staff
  • Support health and social care research

Sometimes we share your information with third parties to support your care such as:

  • Hospitals
  • Social care
  • Community Health
  • Clinical Commissioning Groups
  • Mental Health Providers
  • NHS Digital

The Practice shares your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England). This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.

For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.nwldesp.co.uk

July 21 – the practice has engaged Interface Clinical Services to provide direct asthma related care to patients  by undertaking patient reviews for asthma control and management.  Interface Clinical Services are a NHS Business partner and the practice has a service agreement in place with them that confirms that Interface Clinical Services at the data processor will only process data for this review when instructed by the data controller (Eastmead Surgery)

October 2021 – the practice has engaged National Services for Health Improvement Ltd to undertake patient COPD reviews in October 2021. NHSI as data processors act under written instruction of Eastmead Surgery as the data controllers. Processing is necessary for the purposes of direct patient care.

Greenwell PCN – we are part to the Primary Care Network of 7 GP surgeries that make up the Greenwell PCN. As a PCN we employ staff via a limited company and we have a data sharing agreement between all 7 practices for the provision of direct care. This agreement currently applies to Social Prescribers, Pharmacists and First Contact Physio’s.

September 2021 – the practice is working with Royal Marsden partners to increase the uptake of bowel screening in patients who are turning 60 this year.  This information is shared under a data processing agreement with Royal Marsden Partners.

August 2022 – the practice is working with MISL to digitalize patient records.

Digitisation of Paper Medical Records – Privacy Notice

The NHS Long Term plan published in 2019 requires the digitization of all primary care paper medical records, commonly known as ‘Lloyd George’ records or ‘A4 medical records’

Having paper based medical records restricts the use of technology to provide ‘joined up’ services and therefore the current paper records will be transferred to a digital format and then destroyed.

This will involve the current patient paper medical records being scanned and then entered directly into a patient’s electronic medical record. This work will be completed by a third-party supplier, MISL, whose security standards have been reviewed by North West London ICB.

We are required by Data Protection law to provide you with the following information about how we handle your information.

Data Controller contact details

 

Anne Cooper – Practice Manager

 

Data Protection Officer contact details

 

Ernest Norman- Williams – [email protected]
Purpose of the processing

 

Transferring the current paper medical records into patients’ electronic medical records.

 

Lawful basis for processing

 

The following provisions of the General Data Protection Regulation permit us to digitise existing paper medical records:

 

Article 6(1)(e) – ‘processing is necessary…in the exercise of official authority vested in the controller…’’

 

Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’

Recipient or categories of recipients of the processed data

 

The paper patient records will be shared with MISL, who will scan and digitise the current paper medical records before destroying them.
Right to access and correct You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website – https://www.stclementssurgery.org/subject-access-request

 

Retention period

 

GP medical records will be kept in line with the law and national guidance. Information on how long records can be kept can be found at:  https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code/records-management-code-of-practice-2021/

or speak to the practice.

 

The paper medical records will be destroyed three months after they are transferred to an electronic format.

 

The practice holds medical records to provide medical treatment and advice and patients have a relationship with a GP in order for them to be provide health and care service to you. We therefore do not require your consent to transfer these papers records to an electronic format.

If you have any questions about this project, please contact; Anne Cooper Practice manager.

Details of Supplier:

MISL – 19 Pindar Road, Hoddesdon, Herts EN11 0DE

Published: 31/8/22

When we are sharing information to support third parties in providing your care, we will work hard to ensure it is the minimum necessary and that it is done so securely and lawfully. We aim to ensure that we only use your personal information in a way that you would reasonably expect.

When we share information that is used for healthcare management or planning, this does not allow for you to be identified.

Sometimes we will be required to share information for other reasons;

  • When required to by law
  • We have special permission for health or research purposes (e.g. if you have agreed to take part in a research trial)
  • There is a strong public interest (e.g. there is a risk of serious harm or crime)

Objections

You can choose not to have information that could identify you shared beyond your GP practice.  You can also choose to prevent information that does not identify you from being shared for planning and research.

Simply contact your GP either to register an opt-out or end an opt-out you have already registered and they will update your medical record.  Your GP practice will also be able to confirm whether or not you have registered an opt-out in the past.

If you have previously told your GP practice that you don’t want NHS Digital to share your personal confidential information for purposes other than your own care and treatment, your opt-out will have been implemented by NHS Digital from 29th April 2016 as instructed in a direction from the Secretary of State.  It will remain in place unless you change it.

As the Secretary of State’s direction; this included the policy on how to apply opt-outs was not available before April 2016 it was not possible for NHS Digital to honour opt-outs made before this date.  This means that information may have been shared without respecting these opt-outs between January 2014 and April 2016.

You can find more information on NHS Digital’s website:

See how NHS Digital uses your information.

Read about how NHS Digital handles your information and your choices.

Your Rights

Under Data Protection law, you have a right to;

  • object to certain uses of your data
  • to be provided with a copy information held about you
  • that your information will not be used for direct marketing purposes
  • have any incorrect information amended or erased

Please contact your surgery for any requests made in connection with these rights.

For a copy of your information;

  • Your request must be made in writing to your surgery
  • The surgery is required to respond to your request in writing within 40 days (a month from May 2018)
  • You will need to give the surgery your full name, address, date of birth and NHS number
  • You will be required to provide personal identification such as a driving licence or passport

Use of the Website

Generally, our website will not require you to enter personal information. When it does, for example; online appointment booking, we will apply the same confidentiality principles as those described above.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.

Data Security

We intend to protect the confidentiality, quality and integrity of your personal information and we have implemented appropriate technical and organisational measures to do so. These include staff training, up to date policies and procedures and working to align with national cyber security guidelines.