Data Protection Act – Application for CCTV Data Access

Please submit this form if you would like to request CCTV data access.

A response will be provided as soon as possible and in any event within 40 days.

Click here to access the form

Please Click Here to View Our Certificate

If you would prefer to have a chaperone during your consultation, please inform the member of staff when making your appointment and we will make the necessary arrangements.

• Download the complaints template
• Download the third party consent form
• Download the complaints brochure

Dearden Avenue Medical Practice and its staff will do its utmost to provide every patient with excellent service. However, we understand that it may sometimes be necessary to bring to our attention something that you are unhappy with. Patients who wish to complain must follow the following procedure and can expect the following. Any persons outside the patient list or practice workforce will need to complain to an outside organisation.

In the first instance patients are encouraged to complain verbally at Reception, the reception team may be able to resolve the problem there and then. If this is not possible the patient can ask to speak to the Practice Manager or the senior GP Partner. Every effort will be made for a conversation to take place within 24-48 hours. If a resolution cannot be met verbally the complainant will be asked to make a formal compliant in writing, by email, over the phone, or in person.

When making a complaint, it is advised that the complaint is made as soon as possible. We recommend that complaints are made no later than twelve months after the date of the event or twelve months after the date of which you became aware of the event. Complaints made after this period may not be upheld as it would be difficult to investigate events older than twelve months.

If it is felt a more formal method is necessary patients can complain or comment in writing direct to the practice manager via email or post (details below). You can expect an acknowledgement of your complaint within three working days. Depending on the nature of your complaint a full response can be expected from three working days up to twenty eight days. The response will be sent via email or post and every effort will be made to get this back to you ASAP. If for any reason patients feel complaining to the Practice manager is not appropriate, then a complaint can be made to the senior GP. However if the management team deem it appropriate for the Practice Manager to respond to the complaint made to the GP then the response will come from her.

In cases where the complaint requires investigation to a deeper level, the practice reserves the right to seek advice and guidance from their chosen legal advisor or medical union. If this happens, the complaint response may take longer than the 28 day period due to the time it takes to receive feedback from the external sources.

We are hopeful that most complaints and comments can be resolved at this level. However patients who feel this has not happened can complain or comment to the ombudsman. This is an NHS Organisation which is completely independent from the practice, details are also listed below.

We understand that some patients might find it difficult to make a complaint. Some may need extra support or even an advocate to help support and represent them during the complaints process. We are happy for patients to seek support from external advocacy services and as such have included the details of a local independent service based in Salford below.

Mind in Salford

Mind in Salford
The Angel Centre
St Phillips Place
Salford
M3 6FA

Telephone: 0161 212 4880

Offices are open from 09:30 to 17:00 Monday to Friday (except bank holidays)

It is understood, due to the nature of General Practice that patients may need to contact external organisations to seek advice of complain. Details of some of these organisations are listed below.

Practice Complaints Managers

Dr T.Khan – Senior Partner
4 Longshaw Drive
Little Hulton
Manchester
M28 0BB

Telephone: 0161 983 0011

NHS England
P O Box 16738
Redditch
B97 9PT

Telephone: 03003112233

Email : [email protected]

Website: www.england.nhs.uk/contact-us/complaint

Parliamentary and Health Service Ombudsman

Millbank Tower,
Millbank,
London
SW1P 4QP

Telephone: 0345 015 4033

Email: [email protected]

Fax: 0300 061 4000

The HSO Published Principals of good Complaint Handling, in November 2008, outlining the approach the HSO believes the NHS and other public bodies should adopt when responding after things go wrong. More information is available from the HSO website.

Health and Social Care Act 2008 (Regulated Activities) Regulations 2014: Regulation 16 (Notification to CQC by the provider organization)

Introduction

The Data Protection Act 2018 (DPA) is a UK Act of Parliament that brings the European General Data Protection Regulations (GDPR) in to British Law and updates the Data Protection Act 1998. The DPA requires a clear direction on policy for security of information held within the practice and provides individuals with a right of access to a copy of information held about them.

The practice needs to collect personal information about people with whom it deals in order to carry out its business and provide its services. Such people include patients, employees (present, past and prospective), suppliers and other business contacts. The information we hold will include personal, sensitive and corporate information.  In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. No matter how it is collected, recorded and used (e.g. on a computer or on paper) this personal information must be dealt with properly to ensure compliance with the Data Protection Act 2018.

The lawful and proper treatment of personal information by the practice is extremely important to the success of our business and in order to maintain the confidence of our service users and employees. We ensure that the practice treats personal information lawfully and correctly.

This policy provides direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information.

1.0 Data Protection Principles

We support fully and comply with the six principles of the Act which are summarised below:

• Personal data shall be processed fairly and lawfully.
• Personal data shall be obtained/processed for specific lawful purposes, and will only be used for the purpose for which it was collected.
• Personal data held must be adequate, relevant and not excessive.
• Personal data must be accurate and kept up to date, and every reasonable step will be taken to ensure any personal data that is inaccurate is erased or rectified without delay.
• Personal data shall not be kept for longer than necessary.
• Personal data shall be processed in a manner that ensures appropriate security of the personal data.

2.0 Employee Responsibilities

All employees will, through appropriate training and responsible management:

• comply at all times with the above Data Protection Act principles
• observe all forms of guidance, codes of practice and procedures about the collection and use of personal information
• understand fully the purposes for which the practice uses personal information
• collect and process appropriate information, and only in accordance with the purposes for which it is to be used by the practice to meet its service needs or legal requirements
• ensure the information is correctly input into the practice’s systems
• ensure the information is destroyed (in accordance with the provisions of the Act) when it is no longer required
• on receipt of a request from an individual for information held about them by or on behalf of immediately notify the practice manager
• not send any personal information outside of the United Kingdom without the authority of the Caldicott Guardian / IG Lead
• understand that breaches of this Policy may result in disciplinary action, including dismissal

3.0 Practice Responsibilities

The practice will:

• Ensure that there is always one person with overall responsibility for data protection. Currently this person is Dr. Taimur Khan, should you have any questions about data protection. Practice Manager (within their scope/remit) will take on these responsibilities if the first named individual is absent with illness or on annual leave.
• Maintain its registration with the Information Commissioner’s Office
• Ensure that all subject access requests are dealt with as per our Access to Medical Records policy.
• Provide training for all staff members who handle personal information
• Provide clear lines of report and supervision for compliance with data protection and also have a system for breach reporting.
• Carry out regular checks to monitor and assess new processing of personal data and to ensure the practice’s notification to the Information Commissioner is updated to take account of any changes in processing of personal data.
• Develop and maintain DPA procedures to include roles and responsibilities, notification, subject access and training.
• Update on website explaining to patients the practice policy) plus a copy of the Information Commissioners certificate.
• Make available a leaflet and or a poster in reception on Access to Medical Records [*] for the information of patients. Also display the certificate of registration with the Information Commissioners office.
• Take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally. compliant. This will include training on confidentiality issues, DPA principles, working security procedures, and the application of best practice in the workplace.
• Undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.
• Maintain a system of “Significant Event Reporting” through a no-blame culture to capture and address incidents which threaten compliance.
• Ensure confidentiality clauses are included in all contracts of employment.
• Ensure that all aspects of confidentiality and information security are promoted to all staff.
• Remain committed to the security of patient and staff records.
• Ensure that any personal staff data requested by the CCG or NHS, i.e. age, sexual orientation and religion etc., is not released without the written consent of the staff member.

We need to hold personal information about you on our computer system and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.

Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both a legal and contractual duty to keep your details private.

All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.

In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstances you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.

To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends, or spouses unless we have prior written consent, and we do not leave messages with others.

You have a right to see your records if you wish. Please ask reception if you would like further details and our patient information leaflet. An appointment will be required. In some circumstances a fee may be payable.

Privacy Notice

Please see our Privacy Notice page.

The privacy notice explains in detail why we use your personal data which we, the GP practice, (Data Controller), collects and processes about you. A Data Controller determines how the data will be processed and used with the GP practice and with others who we share this data with. We are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles under the General Data Protection Regulation (GDPR) and Data Protection Act 2018. The notice also explains how we handle that data and keep it safe.

The Freedom of Information Act creates a right of access to recorded information and obliges a public authority to:

• Have a publication scheme in place
• Allow public access to information held by public authorities.

The act covers any recorded organisational information such as reports, policies or strategies, that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. However, it does not cover personal information such as patient records, which are covered by the Data Protection Act.

Public authorities include government departments, local authorities, the NHS, state schools and police forces.

The act is enforced by the Information Commissioner who regulates both the Freedom of Information Act and the Data Protection Act.

The surgery publication scheme

A publication scheme requires an authority to make information available to the public as part of its normal business activities. The scheme lists information under seven broad classes, which are:

• Who we are and what we do
• What we spend and how we spend it
• What our priorities are and how we are doing it
• How we make decisions
• Our policies and procedures
• Lists and registers
• The services we offer

You can request our publication scheme leaflet at the surgery.

Who can request information?

Under the act, any individual, anywhere in the world, is able to make a request to a practice for information. An applicant is entitled to be informed in writing, by the practice, whether the practice holds information of the description specified in the request and if that is the case, have the information communicated to him/her. An individual can request information, regardless of whether he/she is the subject of the information or affected by its use. 

How should requests be made?

Requests must:

• be made in writing (this can be electronically e.g. email/fax)
• state the name of the applicant and an address for correspondence
• describe the information requested.

What cannot be requested?

Personal data about staff and patients covered under Data Protection Act.

Information Coming Soon.

We aim to keep our surgery clean and tidy and offer a safe environment to our patients and staff. We are proud of our modern, purpose built practice and endeavour to keep it clean and well maintained at all times.

If you have any concerns about cleanliness or infection control, please report these to our reception staff.

Our GPs and nursing staff follow our Infection Control Policy to ensure the care we deliver and the equipment we use is safe.

We take additional measures to ensure we maintain the highest standards:

• Encourage staff and patients to raise any issues or report any incidents relating to cleanliness and infection control. We can discuss these and identify improvements we can make to avoid any future problems
• Carry out an annual infection control audit to make sure our infection control procedures are working
• Provide annual staff updates and training on cleanliness and infection control
• Review our policies and procedures to make sure they are adequate and meet national guidance
• Maintain the premises and equipment to a high standard within the available financial resources and ensure that all reasonable steps are taken to reduce or remove all infection risk
• Use washable or disposable materials for items such as couch rolls, modesty curtains, floor coverings, towels etc., and ensure that these are laundered, cleaned or changed frequently to minimise risk of infection
• Make alcohol hand rub gel available throughout the building

We have allocated a named accountable GP for all of our registered patients. If you do not know who your named GP is, please ask a member of our reception team. Unfortunately, we are unable to notify patients in writing of any change of GP due to the costs involved.

Introduction

This privacy notice explains in detail why we use your personal data which we, the GP practice, (Data Controller), collects and processes about you.  A Data Controller determines how the data will be processed and used with the GP practice and with others who we share this data with.  We are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles under the General Data Protection Regulation (GDPR) and Data Protection Act 2018.  This notice also explains how we handle that data and keep it safe.

Caldicott Guardian

The GP Practice also has a Caldicott Guardian. A Caldicott Guardian is a senior person within a health or social care organisation, preferably a health professional, who makes sure that the personal information about those who use its services is used legally, ethically and appropriately, and that confidentiality is maintained.  The Caldicott Guardian for the GP practice is: Dr. Taimur Khan, [email protected].

Data Protection Officer (DPO)

Under GDPR all public bodies must nominate a Data Protection Officer.  The DPO is responsible for advising on compliance, training and awareness and is the main point of contact with the Information Commissioner’s Office (ICO).  The DPO for the practice is: Dr. Taimur Khan, [email protected].

We will continually review and update this privacy notice to reflect changes in our services and to comply with changes in the Law.  When such changes occur, we will revise the last updated date as documented in the version status in the header of this document.

What we do?

We are here to provide care and treatment to you as our patients.  In order to do this, the GP practice keeps personal demographic data about you such as your name, address, date of birth, telephone numbers, email address, NHS Number etc and your health and care information.  Information is needed so we can provide you with the best possible health and care.  We also use your data to:

• Confirm your identity to provide these services and those of your family / carers
• Understand your needs to provide the services that you request
• Obtain your opinion on our services (with consent)
• Prevent and detect fraud and corruption in the use of public funds
• Make sure we meet our statutory obligations, including those related to diversity and equalities
• Adhere to a legal requirement that will allow us to use or provide information (e.g. a formal Court Order or legislation)

Definition of Data Types

We use the following types of information / data:

Personal Data

This contains details that identify individuals even from one data item or a combination of data items. The following are demographic data items that are considered identifiable such as name, address, NHS Number, full postcode, date of birth. Under GDPR, this now includes location data and online identifiers.

Special categories of data (previously known as sensitive data)

This is personal data consisting of information as to: race, ethnic origin, political opinions, health, religious beliefs, trade union membership, sexual life and previous criminal convictions. Under GDPR, this now includes biometric data and genetic data.

Personal Confidential Data (PCD)

This term came from the Caldicott review undertaken in 2013 and describes personal information about identified or identifiable individuals, which should be kept private or secret. It includes personal data and special categories of data but it is adapted to include dead as well as living people and ‘confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’.

Pseudonymised Data or Coded Data

Individual-level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity. When data has been pseudonymised it still retains a level of detail in the replaced data by use of a key / code or pseudonym that should allow tracking back of the data to its original state.

Anonymised Data

This is data about individuals but with all identifying details removed. Data can be considered anonymised when it does not allow identification of the individuals to whom it relates, and it is not possible that any individual could be identified from the data by any further processing of that data or by processing it together with other information which is available or likely to be available.

Aggregated Data

This is statistical information about multiple individuals that has been combined to show general trends or values without identifying individuals within the data.

Our data processing activities

The law on data protection under the GDPR sets out a number of different reasons for which personal data can be processed for.  The law states that we have to inform you what the legal basis is for processing personal data and also if we process special category of data such as health data what the condition is for processing.

The types of processing we carry out in the GP practice and the legal bases and conditions we use to do this are outlined below:

Provision of Direct Care and administrative purposes within the GP practice

Type of Data

• Personal Data – demographics
• Special category of data – Health data

Source of Data

• Patient and other health and care providers

Legal basis for processing personal data and Condition for processing special category of data

• Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
• Article 9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems

Common Law Duty of Confidentiality basis

• Implied Consent

Direct care means a clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. This is carried out by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship with. In addition, this also covers administrative purposes which are in the patient’s reasonable expectations.

To explain this, a patient has a legitimate relationship with a GP in order for them to be treated and the GP practice staff process the data in order to keep up to date records and to send referral letters etc.

Other local administrative purposes include waiting list management, performance against national targets, activity monitoring, local clinical audit and production of datasets to submit for national collections.

This processing covers the majority of our tasks to deliver health and care services to you.  When we use the above legal basis and condition to process your data for direct care, consent under GDPR is not needed.  However, we must still satisfy the common law duty of confidentiality and we rely on implied consent. For example, where a patient agrees to a referral from one healthcare professional to another and where the patient agrees this implies their consent.

Medicines Management and Optimisation

Type of Data

• Personal Data – demographics
• Special category of data – Health data

Source of Data

• GP Practice

Legal Basis and Condition for processing special category of data under GDPR

• Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
• Article 9 (2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems

Common Law Duty of Confidentiality basis

• Implied Consent

Salford CCG pharmacists work with GP practices to provide advice on medicines and prescribing queries, process repeat prescription requests and review prescribing of medicines to ensure that it is safe and cost-effective. This may require the use of identifiable information.

In cases where identifiable data is required, this is done with practice agreement and in the case of repeat prescription processing with patient consent. No data is removed from the practice’s clinical system and no changes are made to patient’s records without permission from the GP. Patient records are viewed [insert how they are viewed e.g. remotely via secure laptops from the CCG’s premises, in the GP practice, in care homes or patient homes].

Where specialist support is required (e.g. to order a drug that comes in solid form in gas or liquid form) [insert CCG] medicines optimisation pharmacists will order this on behalf of a GP to support your care. Identifiable data is used for this purpose.

Identifiable data is also used by our pharmacists in order to review and authorise (if appropriate) requests for high cost drugs which are not routinely funded. In cases where identifiable data is used, this is done with the consent of the patients.

Purposes other than direct care (secondary use)

This is information which is used for non-healthcare purposes. Generally this could be for research purposes, audits, service management, safeguarding, commissioning, complaints and patient and public involvement.

When your personal information is used for secondary use this should, where appropriate, be limited and de-identified so that the secondary uses process is confidential.

Safeguarding

Type of Data

• Personal Data – demographics
• Special category of data – Health data

Source of Data

Patient and other health and care providers

Legal Basis and Condition for processing special category of data under GDPR

• Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
• Article 9 (2)(b) – Processing is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or the data subject in the field of …social protection law

Common Law Duty of Confidentiality basis

• Overriding Public Interest / children and adult safeguarding legislation

Information is provided to care providers to ensure that adult and children’s safeguarding matters are managed appropriately. Access to personal data and health information will be shared in some limited circumstances where it’s legally required for the safety of the individuals concerned. For the purposes of safeguarding children and vulnerable adults, personal and healthcare data is disclosed under  the provisions of the Children Acts 1989 and 2006 and Care Act 2014.

Risk Stratification

Type of Data

• Personal Data – demographics
• Special category of data – Health data

Source of Data

• GP Practice and other care providers

Legal Basis and Condition for processing special category of data under GDPR

• Article 6 (1)(c) – Processing is necessary for compliance with a legal obligation
• Article 9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems
• Section 251 NHS Act 2006

Risk stratification entails applying computer based algorithms, or calculations to identify those patients who are most at risk from certain medical conditions and who will benefit from clinical care to help prevent or better treat their condition. To identify those patients individually from the patient community would be a lengthy and time-consuming process which would by its nature potentially not identify individuals quickly and increase the time to improve care.  A GP / health professional reviews this information before a decision is made.

The use of personal and health data for risk stratification has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority (known as Section 251 approval). This approval allows your GP or staff within your GP Practice who are responsible for providing your care, to see information that identifies you, but CCG staff will only be able to see information in a format that does not reveal your identity.

NHS England encourages GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable admissions.

Knowledge of the risk profile of our population helps to commission appropriate preventative services and to promote quality improvement.

Risk stratification tools use various combinations of historic information about patients, for example, age, gender, diagnoses and patterns of hospital attendance and admission and primary care data collected in GP practice systems.

Our data processor for Risk Stratification purposes is Risk Strat Provider probably will be NW DSCRO and CCG’s BI Teams.

If you do not wish information about you to be included in our risk stratification programme, please contact the GP Practice. We can add a code to your records that will stop your information from being used for this purpose. Please see the section below regarding objections for using data for secondary uses.

National Clinical Audits

Type of Data

• Personal Data – demographics
• Special category of data – health data

Source of Data

• GP Practice

Legal Basis and Condition for processing special category of data under GDPR

• Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
• Article 9 (2)(j) – Processing is necessary for…scientific or historical research purposes…
• Common law duty of confidentiality – explicit consent or if there is a legal statute for this which you will be informed of

The GP practice contributes to national clinical audits and will send the data which are required by NHS Digital when the law allows. This may include demographic data such as data of birth and information about your health which is recorded in coded form, for example, the clinical code for diabetes or high blood pressure.

Research

Type of Data

• Personal Data – demographics
• Special category of data – health data

Source of Data

• GP Practice

Legal Basis and Condition for processing special category of data under GDPR

• Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
• Article 9 (2)(j) – Processing is necessary for…scientific or historical research purposes…
• Common law duty of confidentiality – explicit consent or if there is a legal statute for this which you will be informed of

All NHS organisations (including Health & Social Care in Northern Ireland) are expected to participate and support health and care research. The Health Research Authority and government departments in Northern Ireland, Scotland and Wales set standards for NHS organisations to make sure they protect your privacy and comply with the law when they are involved in research. Our research ethics committees review research studies to make sure that the research uses of data about you are in the public interest, and meet ethical standards.

Health and care research may be exploring prevention, diagnosis or treatment of disease, which includes health and social factors in any disease area. Research may be sponsored by companies developing new medicines or medical devices, NHS organisations, universities or medical research charities. The research sponsor decides what information will be collected for the study and how it will be used.

Health and care research should serve the public interest, which means that research sponsors have to demonstrate that their research serves the interests of society as a whole. They do this by following the UK Policy Framework for Health and Social Care Research. They also have to have a legal basis for any use of personally-identifiable information.

How patient information may be used for research

When you agree to take part in a research study, the sponsor will collect the minimum personally-identifiable information needed for the purposes of the research project. Information about you will be used in the ways needed to conduct and analyse the research study. NHS organisations may keep a copy of the information collected about you. Depending on the needs of the study, the information that is passed to the research sponsor may include personal data that could identify you. You can find out more about the use of patient information for the study you are taking part in from the research team or the study sponsor. You can find out who the study sponsor is from the information you were given when you agreed to take part in the study.

For some research studies, you may be asked to provide information about your health to the research team, for example in a questionnaire. Sometimes information about you will be collected for research at the same time as for your clinical care, for example when a blood test is taken. In other cases, information may be copied from your health records. Information from your health records may be linked to information from other places such as central NHS records, or information about you collected by other organisations. You will be told about this when you agree to take part in the study.

Even though consent is not the legal basis for processing personal data for research, the common law duty of confidentiality is not changing, so consent is still needed for people outside the care team to access and use confidential patient information for research, unless you have support under the Health Service (Control of Patient Information Regulations) 2002 (‘section 251 support’) applying via the Confidentiality Advisory Group in England and Wales or similar arrangements elsewhere in the UK

Your choices about health and care research

If you are asked about taking part in research, usually someone in the care team looking after you will contact you. People in your care team may look at your health records to check whether you are suitable to take part in a research study, before asking you whether you are interested or sending you a letter on behalf of the researcher.

In some hospitals and GP practices, you may have the opportunity to sign up to a register to hear about suitable research studies that you could take part in. If you agree to this, then research nurses, researchers or administrative staff authorised by the organisation may look at your health records to see if you are suitable for any research studies.

It’s important for you to be aware that if you are taking part in research, or information about you is used for research, your rights to access, change or move information about you are limited. This is because researchers need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from a study, the sponsor will keep the information about you that it has already obtained. They may also keep information from research indefinitely.

If you would like to find out more about why and how patient data is used in research, please visit the Understanding Patient Data website:  understandingpatientdata.org.uk/what-you-need-know

In England you can register your choice to opt out via the “Your Data Matters” webpage: www.nhs.uk/your-nhs-data-matters

If you do choose to opt out you can still agree to take part in any research study you want to, without affecting your ability to opt out of other research. You can also change your choice about opting out at any time.

To find out more about GDPR and using personal data for research, please visit the Health Research Authority website: www.hra.nhs.uk/hra-guidance-general-data-protection-regulation

Complaints

Type of Data

• Personal Data – demographics
• Special category of data – health data

Source of Data

• Data Subject, Primary Care, Secondary Care and Community Care

Legal Basis and Condition for processing special category of data under GDPR

• Article 6 (1)(a) – Explicit Consent
• Article 9 (2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems
• Common law duty of confidentiality – explicit consent

If you contact the GP Practice about a complaint, we require your explicit consent to process this complaint for you.  You will be informed of how and with whom your data will be shared by us, including if you have or you are a representative you wish the GP practice to deal with on your behalf.

Purposes requiring consent

There are also other areas of processing undertaken where consent is required from you. Under GDPR, consent must be freely given, specific, you must be informed and a record must be made that you have given your consent, to confirm you have understood.

Patient and Public Involvement

Type of Data

• Personal Data – demographics

Source of Data

• GP Practice

Legal Basis and Condition for processing special category of data under GDPR

• Article 6 (1)(a) – Explicit Consent
• Article 9 (2)(a) – Explicit Consent

If you have asked us to keep you regularly informed and up to date about the work of the GP Practice or if you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process personal confidential data which you share with us.

We obtain your consent for this purpose. Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document.

Using anonymous or coded information

This type of data may be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development and monitor NHS performance where the law allows this. Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units and research institutions.

National Data Opt Out

Whenever you use a health or care service, such as attending the practice, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit: www.nhs.uk/your-nhs-data-matters

On this web page you will:

• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

www.hra.nhs.uk/information-about-patients (which covers health and care research); and, understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

We welcome all comments on the services provided by the practice.

We are continually looking to turn our patients’ feedback into real improvements in the services we provide. We use it to focus on the things that matter most to our patients, carers and their families.

We’ll let the staff involved know and share the good practice across our teams.

You may write to us or contact us by phone.

There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.

Why do I need a Summary Care Record?

Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.

This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.

Who can see it?

Only healthcare staff involved in your care can see your Summary Care Record.

How do I know if I have one?

Over half of the population of England now have a Summary Care Record. You can find out whether Summary Care Records have come to your area by contacting the practice.

Do I have to have one?

No, it is not compulsory. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery. You can opt-out by completing our Summary Care Record Opt Out form.

Help us to help you

We aim to provide the best possible service to our patients and hope you will feel that we achieve that aim.

The care of your health is a partnership between yourself and the primary health care team. The success of that partnership depends on an understanding of each other’s needs and co-operation between us.

Doctor’s Responsibilities

• You will be greeted courteously
• You have a right to confidentiality
• You have the right to see your medical records subject to the limitations of the law
• You will be seen the same day, if your problem is urgent
• You will be seen by your doctor whenever possible
• You will be informed if there will be a delay of more than 20 minutes for your appointment
• You will be referred to a consultant when your GP thinks it necessary
• You will be given the result of any test or investigation on request or at your next appointment
• Your repeat prescription will be ready for collection 48 hours after your request
• Your suggestions and comments about the services offered will be considered sympathetically and any complaint dealt with quickly

Patient’s Responsibilities

• Please treat all surgery staff with the same respect – we are all just doing our job
• Do not ask for information about anyone other than yourself
• Tell us of any change of name or address, so that our records are accurate
• Only request an urgent appointment if appropriate. Home visits should only be requested if you are too ill to attend the surgery and night visits should be for emergencies only – the doctor on-call will be at work as usual the next day
• Please cancel your appointment if you are unable to attend
• Please be punctual but be prepared to wait if your own consultation is delayed by an unexpected emergency
• Please allow sufficient time for your consultant’s letter of the results of any tests to reach us
• You will be advised of the usual length of time to wait
• Use the tear-off slip to request your repeat prescription whenever possible. Please attend for review when asked, before your next prescription is due
• Do let us know whenever you feel we have not met our responsibility to you
• We would, of course, be pleased to hear when you feel praise is due

Our Practice supports the government’s ‘Zero Tolerance’ campaign for Health Service Staff. This states that GPs and their staff have a right to care for others without fear of being attacked or abused. To successfully provide these services a mutual respect between all the staff and patients has to be in place. All our staff aims to be polite, helpful, and sensitive to all patients’ individual needs and circumstances.

The aim of this policy is to tackle the increasing problem of violence against staff working in the NHS and ensures that doctors and their staff have a right to care for others without fear of being attacked or abused. Our Staff has the right to be treated with dignity and respect at all times. They should be able to do their jobs without being PHYSICALLY or VERBALLY ABUSED. Most people respect this. Anyone found abusing the staff in person or on the telephone will be asked to leave the practice. This behaviour will NOT be tolerated.

We expect all patients to be responsible and avoid attending the surgery under the influence of alcohol or illegal drugs.

In order for the practice to maintain good relations with their patients the practice would like to ask all its patients to read and take note of the occasional types of behaviour that would be found unacceptable:

• Using bad language or swearing at practice staff/patients
• Any physical violence towards any member of the Primary Health Care Team or other patients, such as pushing or shoving
• Verbal abuse towards the staff in any form including verbally insulting the staff
• Racial abuse and sexual harassment will not be tolerated within this practice
• Persistent or unrealistic demands that cause stress to staff will not be accepted. Requests will be met wherever possible and explanations given when they cannot
• Making sure all our patients irrespective of their sexual orientation for example: gender identity or trans status,lesbian, gay, bisexual or homosexual are given equal treatment and respect as any other patient would get
• Inappropriate use of language sometimes dismissed as “harmless banter/negative remarks/disrespectful remarks/prejudiced attitude”, in relation to being homophobic, biphobia or transphobic will strictly be not tolerated on the Practices premises
• Causing damage/stealing from the Practice’s premises, staff or patients
• Obtaining drugs and/or medical services fraudulently

We ask you to treat your GPs and their staff courteously at all times.

All incidents will be followed up and the patient will be sent a formal warning or removed from the practice list if his/her behaviour has been unreasonable. We will have no hesitation in having the patient removed from the building by the police should his/her behaviour warrant it.

Removal from the practice list

The removal of patients from our list is an exceptional and rare event and is a last resort in an impaired patient-practice relationship. When trust has irretrievably broken down, it is in the patient’s interest, just as much as that of the practice, that they should find a new practice. An exception to this is on immediate removal on the grounds of violence e.g. when the Police are involved.