This site uses cookies to store information on your computer. Some cookies on this site are essential, and the site won't work as expected without them. Read More

  Beech Grove
Sherburn in Elmet
North Yorkshire
LS25 6ED [Map]
Tel: 01977 682208
Fax: 01977 681665


Data Sharing

Sherburn Group Practices Privacy Notice including Electronic Palliative Care Co-ordination System (EPaCCS)



Fair Processing Notice - Adults


Security of information


Confidentiality affects everyone. We as a GP Surgery have a legal basis to gather, store and process large amounts of information on a daily basis. This includes medical records, personal records and computerised information for the purposes of preventive or occupational medicine; medical diagnosis; or if the process is necessary for the performance of a task carried out in the public interest. This information is used by many people throughout the course of their daily work.


Our duty to protect information and confidentiality is taken very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and the security of all information for which we are responsible, whether computerised or on paper. This includes regular staff training on the legal obligations they have to maintain confidentiality and security of information at all times.


We have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.


The Sherburn Group Practice takes staff training extremely seriously. This is to ensure that nobody will access or use your information without a relevant reason, and to stop accidental loss, damage and destruction of any of your medical, personal and electronic records.


Why do we collect information about you?


To make sure you get the best care doctors, nurses and the team of healthcare staff caring for you keep records about your health and any care or treatment you may receive from the NHS. These records help to make sure that you receive the best possible care. These may be written down in your paper records or held on a computer. They may include:

  • Basic details about you such as name, address, date of birth, next of kin, etc.,
  • Contact we have had with you such as appointments or clinic visits,
  • Notes and reports about your health, treatment and care,
  • Results of x-rays, scans and laboratory tests,
  • Relevant information from people who care for you and know you well such as health professionals and relatives.

Always check that your details are correct when you visit us and please tell us of any changes as soon as possible.


How your personal information is used?


Your records are used to manage and deliver the care you receive to make sure that:

  • The doctors, nurses and other healthcare members of staff involved in your care have correct and up to date information, to look at your health and decide on the right care for you,
  • Healthcare staff have the information they need to be able to look at and improve the quality and type of care you receive,
  • Your concerns and worries can be properly investigated if a complaint is raised,
  • The right information is available if you see another doctor or are referred to a specialist or another part of the NHS.

Who do we share personal information with?


Everyone working within the NHS has a legal duty to keep information confidential. Similarly, anyone who receives information from us has a legal duty concerning your confidentiality. The partner organisations with which we share information are:

  • Other NHS Trusts and hospitals that are involved in your care,
  • CCGs. (Clinical Commissioning Groups),
  • General Practitioners (GPs),
  • Ambulance Services,
  • Adults’ and children’s social care services.

You may be receiving care from other sectors as well as the NHS. Therefore, we may need to share information to other agencies about you, so we can all work together for your benefit. We will only do this if they have a legitimate need, or we have your permission. These agencies include:

  • Social Care Services.
  • Education Services.
  • Local Authorities.
  • Voluntary and private sector providers working with the NHS.
  • General Medical Council

We will not provide your information to any other third parties without your permission unless there are exceptional circumstances, such as, if the health and safety of you and others is at risk or if the law requires us to pass on information.


Primary Care Network


We are a member of Tadcaster and Selby Rural Primary Care Network (PCN). This means we will be working closely with a number of other Practices, and health care organisations to provide healthcare services to you.


During the course of our work we may share information with these Practices and health care organisations/professionals.  We will only share this information where it relates to your direct healthcare needs. 


When we do this, we will always ensure that appropriate agreements are in place to protect your information and keep it safe and secure.  This is also what the Law requires us to do.


If you would like to see the information the PCN holds about you please contact the Information Governance lead at your practice and they will arrange this for you.


The Yorkshire & Humber Care Record


The Yorkshire & Humber Care Record is a shared system that allows Healthcare staff within the Humber, Coast and Vale Health and Social Care community to appropriately access the most up-to-date and correct information about patients, to deliver the best possible care.


The Yorkshire & Humber Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing.


If you would like any further information, or would like to discuss this further, please contact us using the details provided below.


Disclosure of information


You have the right to object to how and with whom we share the information that is within your records that could identify you. This will be noted within your records so that all staff involved with your care and treatment are aware of your decision. By choosing this option, it may mean that the delivery of your care or treatment more difficult. You can also change your mind at any time about your decision.


If your consent is relevant, you are required to provide this in writing. This is essential as you may change your preference regarding consent further down the line. You as an individual also have the right to withdraw your consent at any time.


How your personal information is used to improve the NHS


Your information will also be used to help us manage the NHS and protect the health of the public by being used to:

  • Review the care we provide to make sure it is of the highest standard and quality,
  • Make sure our services can meet your needs in the future,
  • Investigate your queries, complaints and legal claims,
  • Make sure the Surgery receives payment for the care you receive,
  • Prepare statistics on NHS performance,
  • Audit NHS accounts and services,
  • Undertaking heath research and development,
  • Helping to train and educate healthcare staff.

The National Data Guardian opt-out programme is a new service that allows people to opt out of their confidential patient information being used for research and planning, which has over taken the Type two opt out.


Please see



Call recording


Telephone calls to the practice are routinely recorded.  Data is captured for the following purposes:

  • To prevent crime or misuse,
  • To make sure that staff act in compliance with Trust procedures,
  • To ensure quality control,
  • Training, monitoring and service improvement

SMS text messaging


When attending the surgery for an outpatient appointment or a procedure you may be asked to confirm that the surgery has the correct contact number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.


How you can access your records


The Data Protection legislation gives you a right to access the information we hold about you in our records. Requests must be made in writing. The practice will provide your information to you 30 calendar days from receipt of:

  • A completed application form, containing adequate supporting information to enable us to verify your identity and locate your records,
  • An indication of what information you are requesting, to enable the surgery to locate it in an efficient manner.

You as an individual have the right to have erased any records that have been inaccurately added to your medical records, personal records or other computerised system. If you think any information is inaccurate or incorrect, please contact us using the details below.


Ultimately, if you are unhappy with the way we have handled your information you have the right to make a complaint to the Practice Manager or to the Information Commissioner’s Office (the ICO).




The retention period for medical records once you have been discharged from care is eight years. Once this period is up your records will then be destroyed within the guidelines set out by the Data Protection legislation. There are some exemptions to this, such as maternity and child’s records; these will be kept for 25 years.


Data controller


The Data controller responsible for keeping your information confidential is:


Tansy Shearston

Managing Partner

Sherburn Group Practice

Beech Grove


LS25 6ED


Telephone:  01977 682208


Freedom of Information


The Freedom of information Act 2000 provides any person with the right to obtain information held by the practice subject to exemptions.




The Data Protection Legislation requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:

Information Commissioner’s Office
Wycliffe House
Water Lane

Telephone: 08456 306060
Website: www.ico.gov.uk





Electronic Palliative Care Co-ordination System (EPaCCS) in Humber, Coast and Vale


Why we need to process your personal data?

Patients who are at the end of life come into contact with many health and care professionals. The challenge has been in enabling different care providers to share information about an individual patient’s care and end-of-life preferences in a safe, up-to-date and efficient way.


Treatment choices, how and where care is delivered and the preferred place of death are at the heart of end-of-life care. Patient choices are not static and often change during the last weeks and months of life. Typically, preferences for end-of-life care are collected by GPs and inputted into their GP system. However, this may not always reflect the latest wishes of the patient and may not be available to all of a patient’s health and care providers.


EPaCCS enables the recording and sharing of a patient’s care preferences and key details about their care at the end-of-life.  As it is electronic it can easily be shared 24/7 between all of the clinicians and carers involved in the patient’s care across organisational and geographical boundaries.


An EPaCCS record can be created, updated and shared by any member of a patient’s health and care team, subject to locally-determined pathway and user administration settings. The EPaCCS record is a summary record, intended to provide an easily accessible view of the information that carers need in an end-of-life setting.


We process personal information because it is necessary to comply with our legal obligations and perform our public duty.

Data Controllers

Sherburn Group Practice with other health and social care organisations involved in delivering end-of-life care to patients are Data Controllers in Common for the purpose of using the shared EPaCCS system.


To find out more about EPaCCS and how it supports end-of-life care in Humber, Coast and Vale go to: https://humbercoastandvale.org.uk/how/digital-futures/#EPaCCS


If you have any queries please contact:


How do we collect information about you?

Personal information relating to you will be received from a number of areas.  Some of the information about your medical history, such as medications and conditions, will come from your GP record.  Information about your preferences for how and where you receive care at the end-of-life will be provided by you when you share this information with the different health and care professionals who care for you.


We only collect the personal information necessary about you in order to help us deliver the right service or meet legal obligations.

What information will we share about you?


We will share information about you that will help the health and care professionals who provide your care make the best decisions about your treatment and ensure that your preferences and wishes are respected.


This includes: your demographic details (name, contact details, NHS number, gender), your medications, diagnoses and problems, CPR decision, preferred placed of care and preferred place of death. 

How do we use your information?

Your information will be used to ensure that the health and care providers that care for you have the information they need to provide the best care for you and to ensure that your wishes and preferences at the end-of-life are known, shared and respected.

Who will we share your personal information with?

The information within EPaCCS will only be shared with health and care professionals that are directly involved in delivering your care. These organisations include: GP practices, hospitals, hospices, care homes, Out-of-Hours services, NHS 111, community service providers and social care providers. 

What is the reason for processing your personal information?

As health and social care providers we have determined that the appropriate legal justification upon which this information can be shared for the purposes of the EPaCCS end-of-life shared care record is the delivery of direct care. This is in line with the recommendations of Caldicott Reviews of 1997, 2013, the provisions of the Data Protection Act (DPA) 2018 and the General Data Protection Regulation (EU) 2016/679 (GDPR).

The applicable articles in GDPR are:

  • Article 6 (1)(e) – “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;” 
  • Article 9 (2)(H) - “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3” 

How long will we keep your personal information for?

We will only keep your personal information for as long as we need to, so we can give you the service you need, unless we must keep it for legal reasons. You have the right to remove your approval for us processing your end-of-life preferences at any time.


It will only be held for the periods stated in our records management policy and retention schedule, after which it will be securely destroyed. 

What are my rights in relation to my personal information?


You have the right to:

  • · ask to see the personal information we hold about you;
  • · ask us to change it if it is wrong;
  • · ask us to delete the information we hold about you;
  • · ask us to limit the way we use your personal information;
  • · have your information transferred to another Authority;
  • · complain to the Information Commissioner’s Office.


You can withdraw your approval for the processing of your personal information and sharing of your end-of-life preferences at any time. 

Who can I complain to?

You have the right to submit a complaint if you are unhappy with the way your information is handled or disagree with a decision made by us regarding your information.


In the first instance, please contact the service you are dealing with to try to resolve the matter.


If you remain unhappy with the outcome you receive, you may wish to contact the Information Commissioner for an independent review. https://ico.org.uk/concerns/ 

Contact details for our Data Protection Officer

Tansy Shearston

Managing Partner

Email: tshearston@nhs.net

Tel:  01977 682208




Total visitors:281882 | Disclaimer