GDPR (General Data Protection Regulation)
Fair Processing Notice - Adults
Security of information
Confidentiality affects everyone. We as a GP Surgery have a legal basis to gather, store and process large amounts of information on a daily basis. This includes medical records, personal records and computerised information for the purposes of preventive or occupational medicine; medical diagnosis; or if the process is necessary for the performance of a task carried out in the public interest. This information is used by many people throughout the course of their daily work.
Our duty to protect information and confidentiality is taken very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and the security of all information for which we are responsible, whether computerised or on paper. This includes regular staff training on the legal obligations they have to maintain confidentiality and security of information at all times.
We have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.
The Sherburn Group Practice takes staff training extremely seriously. This is to ensure that nobody will access or use your information without a relevant reason, and to stop accidental loss, damage and destruction of any of your medical, personal and electronic records.
Why do we collect information about you?
To make sure you get the best care doctors, nurses and the team of healthcare staff caring for you keep records about your health and any care or treatment you may receive from the NHS. These records help to make sure that you receive the best possible care. These may be written down in your paper records or held on a computer. They may include:
- Basic details about you such as name, address, date of birth, next of kin, etc.,
- Contact we have had with you such as appointments or clinic visits,
- Notes and reports about your health, treatment and care,
- Results of x-rays, scans and laboratory tests,
- Relevant information from people who care for you and know you well such as health professionals and relatives.
Always check that your details are correct when you visit us and please tell us of any changes as soon as possible.
How your personal information is used?
Your records are used to manage and deliver the care you receive to make sure that:
- The doctors, nurses and other healthcare members of staff involved in your care have correct and up to date information, to look at your health and decide on the right care for you,
- Healthcare staff have the information they need to be able to look at and improve the quality and type of care you receive,
- Your concerns and worries can be properly investigated if a complaint is raised,
- The right information is available if you see another doctor or are referred to a specialist or another part of the NHS.
Who do we share personal information with?
Everyone working within the NHS has a legal duty to keep information confidential. Similarly, anyone who receives information from us has a legal duty concerning your confidentiality. The partner organisations with which we share information are:
- Other NHS Trusts and hospitals that are involved in your care,
- CCGs. (Clinical Commissioning Groups),
- General Practitioners (GPs),
- Ambulance Services,
- Adults’ and children’s social care services.
You may be receiving care from other sectors as well as the NHS. Therefore, we may need to share information to other agencies about you, so we can all work together for your benefit. We will only do this if they have a legitimate need, or we have your permission. These agencies include:
- Social Care Services.
- Education Services.
- Local Authorities.
- Voluntary and private sector providers working with the NHS.
- General Medical Council
We will not provide your information to any other third parties without your permission unless there are exceptional circumstances, such as, if the health and safety of you and others is at risk or if the law requires us to pass on information.
Primary Care Network
We are a member of Tadcaster and Selby Rural Primary Care Network (PCN). This means we will be working closely with a number of other Practices, and health care organisations to provide healthcare services to you.
During the course of our work we may share information with these Practices and health care organisations/professionals. We will only share this information where it relates to your direct healthcare needs.
When we do this, we will always ensure that appropriate agreements are in place to protect your information and keep it safe and secure. This is also what the Law requires us to do.
If you would like to see the information the PCN holds about you please contact the Information Governance lead at your practice and they will arrange this for you.
The Yorkshire & Humber Care Record
The Yorkshire & Humber Care Record is a shared system that allows Healthcare staff within the Humber, Coast and Vale Health and Social Care community to appropriately access the most up-to-date and correct information about patients, to deliver the best possible care.
The Yorkshire & Humber Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing.
If you would like any further information, or would like to discuss this further, please contact us using the details provided below.
Disclosure of information
You have the right to object to how and with whom we share the information that is within your records that could identify you. This will be noted within your records so that all staff involved with your care and treatment are aware of your decision. By choosing this option, it may mean that the delivery of your care or treatment more difficult. You can also change your mind at any time about your decision.
If your consent is relevant, you are required to provide this in writing. This is essential as you may change your preference regarding consent further down the line. You as an individual also have the right to withdraw your consent at any time.
How your personal information is used to improve the NHS
Your information will also be used to help us manage the NHS and protect the health of the public by being used to:
- Review the care we provide to make sure it is of the highest standard and quality,
- Make sure our services can meet your needs in the future,
- Investigate your queries, complaints and legal claims,
- Make sure the Surgery receives payment for the care you receive,
- Prepare statistics on NHS performance,
- Audit NHS accounts and services,
- Undertaking heath research and development,
- Helping to train and educate healthcare staff.
The National Data Guardian opt-out programme is a new service that allows people to opt out of their confidential patient information being used for research and planning, which has over taken the Type two opt out.
Telephone calls to the practice are routinely recorded. Data is captured for the following purposes:
- To prevent crime or misuse,
- To make sure that staff act in compliance with Trust procedures,
- To ensure quality control,
- Training, monitoring and service improvement
SMS text messaging
When attending the surgery for an outpatient appointment or a procedure you may be asked to confirm that the surgery has the correct contact number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.
How you can access your records
The Data Protection legislation gives you a right to access the information we hold about you in our records. Requests must be made in writing. The practice will provide your information to you 30 calendar days from receipt of:
- A completed application form, containing adequate supporting information to enable us to verify your identity and locate your records,
- An indication of what information you are requesting, to enable the surgery to locate it in an efficient manner.
You as an individual have the right to have erased any records that have been inaccurately added to your medical records, personal records or other computerised system. If you think any information is inaccurate or incorrect, please contact us using the details below.
Ultimately, if you are unhappy with the way we have handled your information you have the right to make a complaint to the Practice Manager or to the Information Commissioner’s Office (the ICO).
The retention period for medical records once you have been discharged from care is eight years. Once this period is up your records will then be destroyed within the guidelines set out by the Data Protection legislation. There are some exemptions to this, such as maternity and child’s records; these will be kept for 25 years.
The Data controller responsible for keeping your information confidential is:
Sherburn Group Practice
Telephone: 01977 682208
Freedom of Information
The Freedom of information Act 2000 provides any person with the right to obtain information held by the practice subject to exemptions.
The Data Protection Legislation requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from
Information Commissioner’s Office
Telephone: 08456 306060