We will always respect your privacy, dignity and your religious and cultural beliefs particularly when intimate examinations are advisable – these will only be carried out with your express agreement and you will be offered a chaperone to attend the examination if you so wish.
You may also request a chaperone when making the appointment or on arrival at the surgery (please let the receptionist know) or at any time during the consultation.
We need to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.
Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.
All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.
In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.
To ensure your privacy, we will not disclose information over the telephone unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not leave messages with others.
You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.
The following IT systems are in use at the practice:
- Referral Management (using NHS numbers in referrals)
- Electronic Appointment Booking (the facility to book routine appointments online and, similarly, to cancel appointments
- Online booking of repeat prescriptions
- Summary Care Record (uploading details of your current medication and allergies to the national “spine” so that these are available for doctors involved in your care elsewhere)
- GP to GP transfers (the electronic transfer of records from practice to practice when you re-register
- Patient Access to records (the facility to view your medical records online).
If you are not already registered for online access and would like to be please complete our online form.
If you would like access to your medical records enabled or would like to opt out of the local or national summary care record, please contact reception.
You can be assured that anything you discuss with any member of the surgery staff, whether doctor, nurse or receptionist, will remain confidential. Even if you are under 16, nothing will be said to anyone, including parents, other family members, care workers or teachers, without your permission. The only reason why we might want to consider passing confidential information without your permission would be to protect either you or someone else from serious harm. In this situation, we would always try to discuss this with you first.
If you have any worries or queries about confidentiality, please feel free to ask a member of staff.
if you would like to discuss matters of a confidential nature, either with our receptionists or a member of the dispensary team, we have a side room available in reception for this purpose.
Access to our Practice building
You can access the Practice through the main door. We have a ramp access or step access to the area outside the front door.
We have a wheelchair available for use.
Outside the Practice there are disabled parking bays and mobility scooter parking bays.
We are Dementia Friendly
Hearing Difficulties – If you are experiencing hearing difficulties when being called in to see the doctor or nurse, please do let us know in order for us to set up an alert on your medical records and personally collect you from the waiting room.
Equality and Diversity Policy
The average pay for GPs working in Westlands Medical Centre in the last financial year was £87,050 before tax and National Insurance. This is for: 2 full time GPs, 5 part time GPs and 1 locum GP who worked in the practice for more than six months.
“NHS England require that the net earnings of doctors engaged in the practice is publicised by 31 March 2021 at the latest. However, it should be noted that the prescribed method of calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice and should not be used for any judgement about GP earnings, nor to make any comparisons with other practices.”
This practice is committed to preserving, as far as is practical, the security of data used by our information systems. This means that we will take all reasonable actions to;
Maintain the Confidentiality of all data within the practice by:
- Ensuring that only authorised persons can gain access to our systems
- Not disclosing information to anyone who has no right to see it
Maintain the integrity of all data within the practice by:
- Taking care over input
- Ensuring that all changes are reported and monitored
- Checking that the correct record is on the screen before updating
- Reporting all apparent errors and ensuring that they are resolved
Maintain the availability of all data by:
- Ensuring that all equipment is protected from intruders
- Ensuring that backups are taken at regular, predetermined intervals
- Ensuring that contingency is provided for possible failure or equipment theft and that any such contingency plans are tested and kept up to date
Additionally we will take all reasonable measures to comply with our legal responsibilities under:
Non NHS Services
Private Work Fees
Some services provided are not covered under our contract with the NHS and therefore attract charges.
Examples include the following:
- Medicals for pre-employment, adoption and driving requirements (HGV, PSV etc.). None of our doctors are qualified in aviation medicine.
- Insurance claim forms
- Prescriptions for taking medication abroad: NHS regulations permit prescriptions to be issued for a problem from which the patient is currently suffering. Unfortunately the NHS will not fund ‘just in case’ medications in case you become unwell abroad. Examples include those for urine infections or diarrhoea. These can be issued privately though, with a small fee for the prescription, as well as a dispensing charge from the pharmacy plus the cost of the medication.
- Private sick notes: sick notes for the first seven days of illness are not permitted to be issued under current regulations – a self-certification form or email should suffice. Further information can be found here.
- Vaccination certificates
The fees charged are available from our reception staff, who will be happy to advise you about them along with appointment availability.
Rights & Responsibilities
Westlands aims to provide a high standard of care and service to all our patients.
We hope you will use our services thoughtfully, respect our premises and take overall responsibility for your own health and that of your children.
- Confidentiality and courtesy from all Westlands staff
- Access to your medical records (This may incur a fee. Requests in writing to the Practice)
- Telephone calls answered promptly by a receptionist
- An appointment the same day if you are acutely ill
- Repeat prescriptions available within THREE working days
- A detailed leaflet explaining our services
- Prompt investigation of any complaint
- To treat our staff with courtesy
- To be considerate to other patients in the building
- Turn off mobile phones while in the health centre
- To respect our home visiting
- Be punctual for appointments and to cancel appointments if you cannot attend
- To respect our premises. In our building please do not smoke, attend in muddy boots or dirty overalls, or bring bicycles inside
- To learn how to treat your own minor illnesses and to keep some basic household medicines in a safe place
Shared Care Records Information
Your local health and care services are working more closely together to provide a joined-up service to meet your needs.
Working together improves the quality of care because the clinicians and other professionals involved in your treatment have the best information on which to base their decisions.
It removes the need for you to repeat your story to different clinicians, thereby saving you time and frustration. It also makes the services themselves more efficient.
In order to achieve this goal, it is important that clinicians and other health and care professionals involved in a person’s care are able to view the relevant records as and when appropriate.
Anonymised treatment data is also used to help monitor and improve the quality of the services you receive.
There are very strict rules to control how and when records are used and they lay out what your rights are as part of this process.
Our legal reason for collecting your information
We have a public duty to care for patients. Under data protection legislation, organisations process information which is necessary to provide the health and social care treatment to patients, as well as the management of health or social care systems and services.
If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us to not use your information, however there might be times when we still have to share your information to ensure your care is appropriate and effective; if this is the case, we will discuss this with you.
What records do we hold?
- Basic details such as address, date of birth, next of kin/emergency contact details, ethnicity, disability or language preferences.
- Inpatient and outpatient visit details, visits to the Emergency Department and contact with other organisations.
- Details and records about the treatment and care you have received. Letters related to your healthcare will be sent to your GP and a copy will be placed in your manual and electronic record.
- Results of x-rays and tests.
What are your records used for?
To produce a record of all health and care decisions made about you and the care provided to you. This may be used by clinical, support workers or administrative staff, as appropriate.
Where appropriate, information about your care will be securely shared with other organisations to enable continuation/support of your care e.g. other NHS hospitals, hospices, community services, your GP and Social Services.
Your records are also used to improve the quality of care provided, through a process of clinical audits.
In instances of concerns or complaints being raised by you or your family, your records will be shared with the relevant legal and/or complaints team for the purposes of investigation.
A coded (anonymised) version of your treatment details can also be used to monitor performance within a particular health service provider organisation. This is to ensure that health services are being managed in line with targets and contractual obligations.
Sharing your information with NHS/External Organisations
We will share your information with other organisations, to assist with giving you the best care possible. Where we share your information with these organisations, they are subject to strict information sharing protocols. Anyone who receives information from us has a legal duty to keep it confidential and secure. Only information that is required and appropriate to support your care and treatment will be provided.
Where we share your information with other organisations that do not form part of your care, permission from yourself will be sought before sending the information unless we have a legal obligation to provide the information, or we have to because the interest of the public is thought to be of greater importance.
There are occasions where we have a legal duty to pass patient information to external organisations which operate to oversee and address issues relating to the management of the NHS as a whole.
Under the Data Protection Act 2018 health and care services have a legal basis for processing patient information where it is necessary to provide effective services without consent, for example to specialists consulting with each other about your care needs.
You have the right to object to the processing of your information for purposes other than direct care e.g. performance management of services, external clinical audits.
The NHS has implemented a National Opt-Out Programme, whereby patients have the right to opt-out of their information being used for reasons other than the patient’s individual care and treatment such as, planning and research purposes to help improve the care, treatment and quality of NHS services.
We have a legal obligation to store your health and care information. The length of time we will store your information is set out by the Department of Health & Social Care.
NHS and social care staff operate under very strict data protection rules and are trained to handle your information correctly to protect your privacy. Information is held for specified periods of time.
Health and care records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and secure at all times in line with data protection legislation.
No individual information is shared outside the local health and care system. Your information is never collected for direct marketing purposes, and is not sold on to any other third parties.
Under data protection legislation, individuals have the right to obtain a copy of their own information. They will need to contact the relevant organisation and provide certain personal details and supporting evidence to do this.
To find out more visit https://www.nhs.uk/your-nhs-data-matters/
Subject Access Requests
There may be times when you need to see part or all of your medical records.
Click on the link below for a copy of the our policy for handling such requests
Completing the form will make it easier for us to process your request; you will need to bring in photographic identification with your application.
Suggestions & Complaints
Want to make a suggestion to the practice?
Your comments and suggestions are important to us, please tell us if you have any comments about the practice and suggestions as to how we can improve our service to you.
If you have a query regarding a medical matter please telephone reception to make an appointment to see the appropriate person.
Want to make a complaint?
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint please contact the Operations Manager will deal with your concerns appropriately.
Summary Care Record
Your patient record is held securely and confidentially on the electronic system at your GP practice. If you require treatment in another NHS healthcare setting such as an Emergency Department or Minor Injury Unit, those treating you would be better able to give you appropriate care if some of the information from the GP practice were available to them.
This information can now be shared electronically via: The Summary Care Record, used nationally across England.
The information will be used only by authorised health care professionals directly involved in your care. Your permission will be asked before the information is accessed, unless the clinician is unable to ask you and there is a clinical reason for access.
If you would like to opt out, please ask reception for our opt out form or complete the form wtih NHS Digital at: digital.nhs.uk/services/summary-care-records-scr/scr-patient-consent-preference-form
A parent or guardian can request to opt out children under 16 but ultimately it is the GP’s decision whether to create the records or not, because of their duty of care to the child. If you are the parent or guardian of a child under 16 and feel that they are able to understand, then you should make this information available to them.
Who Has Access?
Across all health care settings, including urgent care, community care and outpatient departments in England.
- Your current medications
- Any allergies you have
- Any bad reactions you have had to medicines
- Additional information (upon request to your GP
Additonal Summary Care Record
For the duration of the COVID 19 pandemic extended access has been deemed necessary on a national basis. Full details can be found here https://digital.nhs.uk/services/summary–care–recordsscr/scr–coronavirus–covid–19–supplementary–privacy–notice
For more information visit:
Violent and Abusive Patients
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons.
Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety.
In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.
Privacy Notice – what you need to know…
Westlands Medical centre – Your information, what you need to know
(If you want to speak to us about your data, please see our ‘contact’ page)
This notice describes why we collect information about you, how your information will be used and your rights in respect of your data.
Why we collect information about you
Your records are used to ensure you get the best possible care. Your information helps them to make the best decisions about your care and helps provide you with proactive advice and guidance. Important information is also collected to help us to remind you about specific treatment which you might need, such as health checks, immunisations for children and reminders for screening appointments. We work with other NHS services to co-ordinate these.
Information held about you may be used to help protect the health of the public and to help us to improve NHS services. Information may be used within the GP practice to monitor the quality of the service provided (known as ‘clinical audit’).
What data do we collect and receive about you?
Records are stored electronically and on paper and include personal details about you such as your address, carers, legal representatives, emergency contact details, as well as:
- Any appointments, visits, emergency appointments
- Notes and reports about your health
- Details about your diagnosis, treatment and care
- Details about any medication you are taking
- Results of investigations such as laboratory tests, x-rays
- Relevant information from health and care professionals, relatives or carers
We also receive information from other organisations that are caring for you that we hold in your record. This will include letters and test results.
How we use your information: For providing your care
Where you have agreed we will send information on your prescriptions to pharmacies, either by electronic systems or by paper.
Test requests and results
Where we undertake tests on you, such as blood tests, we will send the sample and details of the tests we are requesting to the most appropriate pathology laboratory. The data shared with the laboratory will include your NHS number, name, the type of test requested and any health information relevant to doing the test and producing the result or report. We will receive the test results back from the laboratory electronically and these will be stored in your patient record.
Extended services and out of hours
We work closely with neighbouring practices and ‘out of hours’ providers including NHS 111 to ensure that if you need care from a doctor outside of normal hours that they have access to your records when needed to give you the best possible care. This may be delivered over the phone or via video consultation as appropriate. Services may be run by ‘GP Federations’ and ‘Primary Care Networks’.
With your agreement, your GP or Nurse may refer you to other services not provided by the practice, or they may work with other services to provide your care in the practice. Information will be shared by letters, emails and shared record systems.
Once you have been seen, the other care agency will tell us about the treatment they have provided for you and any support which your GP needs to provide. This information is then included in your record. Referrals can be to lots of different services, such as smoking cessation services, social prescribers, voluntary services and other health and care agencies, as appropriate, for your care.
Hospital, Community or Social Care Services
Sometimes the staff caring for you need to share some of your information with others who are also supporting you. This could include hospital or community based specialists, nurses, health visitors, therapists or social care services. Information will be shared to organisations where you receive care, whether that is local or further away, if you need specialist care or emergency care in another.
Shared computer systems
Health and Social care services are developing shared systems to share data efficiently and quickly. It is important for anyone treating you to be able to access your shared record so that they have all the information they need to care for you. This will be during your routine appointments and also in urgent situations such as going to A&E, calling 111 or going to an Out of hours appointment. It is also quicker for staff to access a shared record than to try to contact other staff by phone or email.
Only authorised staff can access the systems and the information they see is carefully checked so that it relates to their job. Systems do not share all your data, just data which services have agreed is necessary to include.
For more information about shared care records, please go to https://www.westlandsmedicalcentre.nhs.uk/practice-information/
Safeguarding of children or vulnerable adults
If we have significant concerns or hear about an individual child or vulnerable adult being at risk of harm, we may share relevant information with other organisations, such as local authorities and the Police, involved in ensuring their safety.
Ensuring medicines work well
We work with the local Medicines Management team of the Clinical Commissioning Group to help get the best out of medicines for patients and ensure they are effective in managing conditions. This generally uses anonymous data, but occasionally they will assist in reviews of medication for patients with complex needs. Doctors may also seek advice and guidance on prescribing queries.
Identifying health risks
Systems known as ‘risk stratification tools’ are used to help determine a person’s risk of suffering particular conditions and enable us to focus on preventing ill health before it develops. Information in these systems comes from a number of sources, such as hospitals and the practice. This can help us identify and offer you additional services to improve your health.
Multi-disciplinary team meetings
For some long-term conditions, such as diabetes, the practice participates in meetings with staff from other agencies involved in providing care, to help plan the best way to provide care to patients with these conditions.
Multi-disciplinary team meetings
For some long-term conditions, such as diabetes, the practice participates in meetings with staff from other agencies involved in providing care, to help plan the best way to provide care to patients with these conditions.
National Services (including screening programmes)
There are some national services like National Diabetes Audit and the National Cancer Screening Programmes that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cervical, breast or bowel cancer screening.
You can find out more about how the NHS holds and shares your information for national programmes on the NHS screening website (https://www.nhs.uk/conditions/nhs-screening/)
Data may also be shared on anyone who contracts a ‘communicable disease’, such as Covid 19, in order to manage public health and safety.
Recordings of calls made and received by Westlands Medical Centre may be used to support the learning and development of our staff and to improve the service we provide to our patients.
They may also be used when reviewing incidents, compliments or complaints.
Call recordings will be managed in the same way as all other personal information processed by us and in line with current data protection legislation.
Westlands Medical Centre uses Close Circuit Television (CCTV) to record images within public areas of the practice for the safety and security of our patients and staff.
CCTV footage is managed in the same way as all other personal data processed by us and in line with current legislation.
How we use your information: beyond providing your care
The information collected about you when you use our services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning new services
- public health screening
- assisting the Care Quality Commission with any investigations
- investigating fraud
Wherever possible data used for these purposes is anonymised so that you cannot be identified. If information cannot be completely anonymous, then this may only take place when the law allows the information to be used. All these uses help to provide better health and care for you, your family and future generations.
Sometimes we are duty bound by laws to disclose information to organisations such as the Care Quality Commission, the Driver and Vehicle Licencing Agency, the General Medical Council, Her Majesty’s Revenue and Customs and Counter Fraud services. In these circumstances we will always try to inform you before we are required to disclose and we only disclose the minimum information that the law requires us to do so.
Objecting to the of use of data for purposes beyond your care
The NHS Constitution states ‘You have a right to request that your personal and confidential information is not used beyond your own care and treatment and to have your objections considered’. For further information please visit: The NHS Constitution
Type 1 Opt Out
This is an objection that prevents an individual’s confidential patient information from being shared outside of their general practice except when it is being used for the purposes of direct care, or in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease. If you wish to apply a Type 1 Opt Out to their record you should make your wishes known to the practice manager. It does not apply if data extracted is not identifiable.
National data opt-out
The national data opt-out enables patients to opt-out from the use of their personal confidential data for research or planning purposes. To find out more or to register to opt out, please visit www.nhs.uk/your-nhs-data-matters.
If you have any concerns about use of your data not covered by the National Data Opt out, please contact the practice.
How long do we hold information for?
Records are kept for the lifetime of the patient or in line with the NHS Records Management Code of Practice 2021. If you move to a new practice, your record will be transferred. If the practice you have left need to access your record, for example to deal with a historic complaint, they will let you know. When information has been identified for destruction or deletion it will be disposed of using approved confidential disposal procedures.
Data Protection laws give you a number of rights, including access to your data, correction, erasure, objection and restriction of use of your data. Details on how to request access to your data are set out below. If you have any concerns about the accuracy and use of your records, please contact us.
Right of Access to your information (Subject Access Request)
You have the right to have a copy of the information we hold about you. There are some safeguards regarding what you will have access to and you may find information has been removed for the following reasons.
- Where your doctor has decided that some information may cause significant harm to you or someone else
- Where the information is about someone else (third party) and we do not have their consent to share it.
You can make a request by asking or writing to the practice. We may ask you to complete a form so that we have a record of your request. You will need to provide proof of identity.
If you would like to access your GP record online click here: https://www.westlandsmedicalcentre.nhs.uk/practice-information/
Lawful basis for processing:
The use of personal data for providing care is supported under the following Article 6 and 9 conditions of the GDPR:
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
Change of Details
It is important that you tell us as soon as you can if any of your details such as your name or address, email address or mobile number have changed. This is to make sure no information about you is sent to an old address and that your current details are accurate and up to date.
Mobile telephone number
If you provide us with your mobile phone number, we may use this to send you text reminders about your appointments or other health screening information. Please let us know if you do not wish to receive text reminders on your mobile.
Where you have provided us with your email address we will use this to send you information relating to your health and the services we provide. If you do not wish to receive communications by email, please let us know.
Data Protection Officer
Should you have any questions or concerns about your data, please contact our Data Protection Officer: Caroline Sims
Telephone: 023 92 377514
Right to complain
If you have concerns or are unhappy about any of our services, please contact the Operations Manager.
For independent advice about data protection, privacy and data-sharing issues, you can contact:
The Information Commissioner
Phone: 0303 123 1113 Website: https://ico.org.uk/global/contact-us
Coronavirus (COVID-19) pandemic and your information
The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the Coronavirus (COVID-19) pandemic.
The ICO also recognise that ‘Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.’
The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a Notice under Regulation 3(4) of The Health Service (Control of Patient Information) Regulations 2002 requiring organisations such as GP Practices to use your information to help GP Practices and other healthcare organisations to respond to and deal with the COVID-19 pandemic.
In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non-clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the Covid-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease.
Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs.
The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 30 June 2022 unless a further extension is required. Any further extension will be will be provided in writing and we will communicate the same to you.
Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.
It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice. You can access information regarding this matter at https://digital.nhs.uk/coronavirus/coronavirus-covid-19-response-information-governance-hub/control-of-patient-information-copi-notice
We manage patient records in line with the https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code/ which sets the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England, based on current legal requirements and professional best practice. If you transfer to another GP and we are asked to transfer your records we will do this to ensure your care is continued. Currently the NHS is required to keep GP records for 10 years after a patient has died. Exceptions to these rules are detailed in the code of practice.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:
- NHS Trusts
- Specialist Trusts
- GP Federations
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Social Care Services
- Local Authorities
- Education Services
- Fire and Rescue Services
- Other ‘data processors’
We will never share your information outside of health partner organisations without your explicit consent unless there are exceptional circumstances such as when the health or safety of others is at risk, where the law requires it or to carry out a statutory function.
Within the health partner organisations (NHS and Specialist Trusts) and in relation to the above mentioned themes – Risk Stratification, Invoice Validation, Supporting Medicines Management, Summary Care Record – we will assume you are happy for your information to be shared unless you choose to opt-out (see below).
This means you will need to express an explicit wish to not have your information shared with the other organisations; otherwise it will be automatically shared. We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional. There are occasions when we must pass on information, such as notification of new births, where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS), and where a formal court order has been issued. Our guiding principle is that we are holding your records in strictest confidence.
Data Protection Legislation requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
We are registered as a Data Controller and our registration can be viewed online in the public register at: http://ico.org.uk/what_we_cover/register_of_data_controllers.
The NHS Care Record Guarantee
The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS, what control the patient can have over this, the rights individuals have to request copies of their data and how data is protected under Data Protection Legislation.
The NHS Constitution
The NHS Constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to. These rights cover how patients access
health services, the quality of care you’ll receive, the treatments and programmes available to you, confidentiality, information and your right to complain if things go wrong.
NHS Digital collects health information from the records health and social care providers keep about the care and treatment they give, to promote health or support improvements in the delivery of care services in England.
Reviews of and Changes to our Privacy Notice
We will keep our Privacy Notice under regular review. This notice was last reviewed in February 2022.
Any changes to this notice will be published on our website and in a prominent area at the Practice.
Who we share your information with and why
The following table builds upon the information in our Privacy notice and is published to ensure transparency. This list is not exhaustive. Where the offering of a service to a patient will inform them about the sharing of their data, e.g. support from smoking cessation services, it is not necessarily included here. This list does not set out uses of anonymous data where identity has been completely removed (such as anonymised data to the Department for Work and Pensions on provision of ‘fit notes’).
|Shared Care Records||PurposeTo ensure you receive effective, safe care, we will, through digital means enable your record to be available to those providing your care in whichever care setting you are seen, such as an A&E attendance, a physiotherapy appointment, a social care needs assessment. In order to achieve this, the aim of Shared Care Records is to enable health and care staff to view your information, to save valuable time in getting you the right treatment. Your information will only be available to the staff involved in your direct care, and not at any other time, or for any other reason. Further information can be found here (https://www.england.nhs.uk/digitaltechnology/connecteddigitalsystems/health-and-care-data/joining-up-health-and-care-data/) Legal Basis – Article 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’|
|Other GP practices||Purpose – We will enable other GPs and staff in other GP practices to have access to your medical record to allow you to receive acute medical care within that service. Legal Basis – this service is for your direct care and is fully consented, permission to share your medical record will be gained prior to an appointment being made in the service and again once you are in the consultation. Data processor – Your registered surgery will continue to be responsible for your full medical record.|
|Community Nursing -Complex Care TeamDiabetes TeamHome Visiting ServiceLeg Ulcer ServiceHeart Failure ServiceMulti-Disciplinary TeamDistrict NursesMidwives||Purpose – We will enable the Community Nursing Team to have access to your medical record to allow you to receive care from the community nurses for the services listed.Legal Basis – these services are for your direct care and is fully consented, permission to share your medical record will be gained prior to an appointment being made in the service Data processor – Your registered surgery will continue to be responsible for your full medical record|
|MASH – Multi Agency Safeguarding Board – Safeguarding ChildrenSafeguarding Adults||Purpose – We share information with health and social care authorities for safeguarding issues. Legal Basis – Because of public Interest issues, e.g. to protect the safety and welfare of Safeguarding we will rely on a statutory basis rather than consent to share information for this use. Data Processor – Multi Agency Safeguarding Authorities.|
|Summary Care Record||Purpose – The NHS in England uses a national electronic record called the Summary Care Record (SCR) to support patient care. It contains key information from your GP record. Your SCR provides authorised healthcare staff with faster, secure access to essential information about you in an emergency or when you need unplanned care, where such information would otherwise be unavailable. Legal Basis – Article 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’ Further information can be found here Controller of summary care record data – NHS Digital|
|Test requests and results||Purpose – Some basic identifying details, the type of test requested and if required any relevant health information is shared with Pathology Laboratories when tests such as blood or urine tests need to be undertaken. The laboratory will also hold the details of the request and the result. The result/report will be sent electronically to the practice who will hold it in the patient’s record. Legal Basis – Article 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’ Controller of test data – The laboratory that process the request and result are a controller of the data generated by the test process.|
|Research||Purpose – We may share personal confidential or anonymous information with research companies. Where you have opted out of having your identifiable information shared for this purpose then it will not be used. Details on how to opt out are here. Legal Basis – consent is required to share confidential patient information for research, unless there is have support under the Health Service (Control of Patient Information Regulations) 2002 (‘section 251 support’) applying via the Confidentiality Advisory Group in England and WalesThe organisation leading the research will be the controller of data disclosed to themWestlands Medical Centre is an approved practice for research by NIHR (National Institute for Health Research|
|Individual Funding Requests||Purpose – We may need to process your personal information where we are required to apply for funding for a specific treatment for you for a particular condition that is not routinely available. Legal Basis – The clinical professional who first identifies that you may need the treatment will explain to you the information that is needed to be collected and processed in order to assess your needs and commission your care; they will authority’ and article 9(2)h ‘Provision of health and care’ Your data will be disclosed to the Clinical Commissioning Group who manages the individual funding request process.gain your explicit consent to share this. You have the right to withdraw your consent at any time. If you are happy for the request to be made, the basis for processing your data is: Article 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’ Your data will be disclosed to the Clinical Commissioning Group who manages the individual funding request process.|
|Child Health Information Service||Purpose – We wish to make sure that your child has the opportunity to have immunisations and health checks when they are due. We share information about childhood immunisations, the 6-8 week new baby check and breast-feeding status with health visitors and school nurses. Legal Basis – Article 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’ Controller to which data is disclosed: Child Health Services, St James Hospital, Portsmouth|
|Risk Stratification – Preventative Care||Purpose – ‘Risk stratification for case finding’ is a process for identifying and managing patients who have or may be at-risk of health conditions (such as diabetes) or who are most likely to need healthcare services (such as people with frailty). Risk stratification tools used in the NHS help determine a person’s risk of suffering a particular condition and enable us to focus on preventing ill health before it develops. Information about you is collected from a number of sources including NHS Trusts and your GP Practice. A risk score is then arrived at to help us identify and offer you additional services to improve your health. In addition, data with your identity removed is used to inform the development and delivery of services across the local area. If you do not wish information about you to be included in any risk stratification programmes, please let us know. We can add a code to your records that will stop your information from being used for this purpose. Please be aware that this may limit the ability of healthcare professionals to identify if you have or are at risk of developing certain serious health conditions. Legal BasisArticle 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’. Risk stratification has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority (approval reference (CAG 7-04)(a)/2013)) and this approval has been extended to the end of September 2020 NHS England Risk Stratification which gives us a statutory legal basis under Section 251 of the NHS Act 2006 to process data for risk stratification purposes which sets aside the duty of confidentiality. We are committed to conducting risk stratification effectively, in ways that are consistent with the laws that protect your confidentiality. Controller to which data is disclosed: NHS South, Central and West Commissioning Support Unit (CSU)(NB identifiable data is not disclosed to other controllers)|
|Public HealthScreening programmes (identifiable) Notifiable disease information (identifiable) Smoking cessation (anonymous) Sexual health (anonymous)||Purpose – The NHS provides national screening programmes so that certain diseases can be detected at an early stage. These currently apply to bowel cancer, breast cancer, aortic aneurysms and diabetic retinal screening service. The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme. Personal identifiable and anonymous data is shared. More information can be found at: https://www.gov.uk/guidance/nhs-population-screening-explained or speak to the practice Legal BasisArticle 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’.Controller to which data is disclosed: Public Health Services (England), & Fareham Borough Council.|
|Population Health Management||Purpose – Health and care services work together as ‘Integrated Care Systems’ (ICS) and are sharing data in order to:· Understanding the health and care needs of the care system’s population, including health inequalities· Provide support to where it will have the most impact· Identify early actions to keep people well, not only focusing on people in direct contact with services, but looking to join up care across different partners. Type of Data – Identifiable/Pseudonymised/Anonymised/Aggregate Data. NB only organisations that provide your individual care will see your identifiable data.Legal Basis – Article 6(1)(e); “necessary… in the exercise of official authority vested in the controller’ And Article 9(2)(h) Provision of health and careProcessor to which data is disclosed: Cerner Ltd, Optum Ltd, NECS CSUPopulation Health Management also incorporates the use of risk stratification tools as an integral part of the purpose|
|NHS Trusts||Purpose – Personal information is shared with Hospitals, Community Services, Mental Health Services and others in order to provide you with care services. This could be for a range of services, including treatment, operations, physio, and community nursing, ambulance service. Legal BasisArticle 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’.Controller to which data is disclosed: Southern Health|
|Clinical Commissioning Group||Purpose – Anonymous information is shared to plan and design care services within the locality.Legal Basis – non identifiable data only.Data Processor – Fareham & Gosport & SE Hants CCG|
|Hampshire County Council||Purpose – To support disease monitoring and health prevention for specific patients Legal Basis – Your consent is sought either implicitly or explicitly. You are invited to be screened either by the practice or the screening provider directly. You can choose to consent or dissent at any point in the screening.|
|Care Quality Commission||Purpose – The CQC is the regulator for the English Health and Social Care services to ensure that safe care is provided. They will inspect and produce reports back to the GP practice on a regular basis. The Law allows the CQC to access identifiable data but only where it is needed to conduct their services.More detail on how they ensure compliance with data protection law (including GDPR) and their privacy statement is available on CQC website: https://www.cqc.org.uk/about-us/our-policies/privacy-statement Legal Basis – Article 6(1)c “processing is necessary for compliance with a legal obligation to which the controller is subject.” And Article 9(2)h ‘management of health and care services’ Controller data is disclosed to – Care Quality Commission|
|Payments||Purpose – Payments to the practice come in many different forms. Some payments are based on the number of patients that receive specific services, such as diabetic reviews and immunisation programmes. In order to make patient based payments basic and relevant necessary data about you needs to be sent to the various payment services, this data contains limited identity if needed, such as your NHS number. The release of this data is required by English laws. Legal Basis – Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.” And Article 9(2)(h) ‘as stated below Controllers that data is disclosed to – NHS England, CCG, Public Health|
|CHIE||Purpose – To provide Healthcare Professionals with complete, accurate and up to date information. This information comes from a variety of sources including GP practices, community providers, acute hospitals and social care providers. CHIE is used by GP out of hours, acute hospital doctors, ambulance service, GPs and others on caring for patients – you may opt out of having your information shared on this system. Legal Basis – This service is for your direct care and in an emergency. Data Processor – NHS SCW.|
|CHIA||Purpose – Is a database used for analysing trends in population health in order to identify better ways of treating patients. CHIA is a physically separate database, which receives some data from CHIE. Prior to this transfer from CHIE to CHIA patient identifiers are removed from the data. This includes names, initials, addresses, dates of birth and postcodes. NHS numbers are encrypted in the extract and cannot be read. This process is called ‘pseudonymisation’. This subset of data does not include information typed in by hand, so there is no possibility of it containing references to family members or other people. It contains only coded entries for things like allergies and prescribed drugs. It is not possible to identify any patient by looking at the ‘pseudonymised’ data on the CHIA database. People who have access to CHIA do not have access to CHIE. Data in CHIA is used to plan how health and care services will be delivered in future, based on what types of diseases are being recorded and how many are being referred to hospital etc. Data is also used to help research into new treatments for diseases. Legal basis – You can opt out of this service Data processor – NHS SCW|
|Patient Record data base support||Purpose – The practice uses electronic patient records. Our supplier of the electronic patient record system is: EMIS Health Our supplier does not access identifiable records without permission of the practice and this is only given where it is necessary to investigate issues on a particular recordLegal BasisArticle 6(1)e ‘exercise of official authority’ and article 9(2)h ‘management of health and care services’.|
|Medicines optimisation||Purpose – We use software packages linked to our patient record system to aid when prescribing drugs. These ensure that prescribing is effective. We do not share your identifiable data with the companies that provide these packages Legal BasisArticle 6(1)e ‘exercise of official authority’ and article 9(2)h ‘Provision of health and care’.|
|Medical student placements||Purpose – to support the training of medical students. Legal Basis – As part of this programme, medical students will work in the practice and may be involved in your care. If staff would like a student to be present they will always ask for your permission before the start of the consultation. The treatment or care you receive will not be affected if you refuse to have a student present during your appointment. It is usual for GPs to discuss patient case histories as part of their continuing medical education or for the purpose of training GPs and/or medical students. In these situations the identity of the patient concerned will not be revealed.|
|Minuteful Kidney service for patients with diabetes (and/or other conditions)||The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care. Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care. Further information about this is available at: https://lp.healthy.io/minuteful_info/.|
|General Practice Extraction Service (GPES)Covid-19 Planning and Research data||Purpose : Personal confidential and Special Category data will be extracted at source from GP systems for the use of planning and research for the Covid-19 pandemic emergency period. Requests for data will be required from NHS Digital via their secure NHSX SPOC Covid-19 request process. Legal Basis : NHS Digital has been directed by the Secretary of State under section 254 of the 2012 Act under the COVID-19 Direction to establish and operate a system for the collection and analysis of the information specified for this service: GPES Data for Pandemic Planning and Research (COVID-19). A copy of the COVID-19 Direction is published here:https://digital.nhs.uk//about-nhs-digital/corporate-information-and-documents/directions-and-data-provision-notices/secretary-of-state-directions/covid-19-public-health-directions-2020 Patients who have expressed an opt out preference via Type 1 objections with their GP surgery not to have their data extracted for anything other than their direct care will not be party to this data extraction. Processor : NHS Digital|
|General Practice Data for Planning and Research (GPDPR)||Purpose: Patients personal confidential data will be extracted and shared with NHS Digital in order to support vital health and care planning and research. Further information can be found herePatients may opt out of having their information shared for Planning or Research by applying a National Data Opt Out or a Type 1 Opt Out. Details of how to Opt Out can be found on our Privacy Notice. For the National Data Opt Out patients are required to register their preference below. https://www.nhs.uk/your-nhs-data-matters/For Type 1 Opt Out they can complete the form and return it to their registered practice for actionhttps://nhs-prod.global.ssl.fastly.net/binaries/content/assets/website-assets/data-and-information/data-collections/general-practice-data-for-planning-and-research/type-1-opt-out-form.docxLegal Basis : The legal basis for this activity can be found at this link : General Practice Data for Planning and Research: NHS Digital Transparency Notice – NHS DigitalProcessor: NHS Digital|
|Clinical Audit||Purpose – Information will be used by the CCG for clinical audit to monitor the quality of the service provided to patients with long term conditions. When required, information will be held centrally and used for statistical purposes (e.g. the National Diabetes Audit). When this happens, strict measures are taken to ensure that individual patients cannot be identified from the data.Legal BasisArticle 6(1)e ‘exercise of official authority’ and article 9(2)h ‘management of health and care services’.Controller – Somerset Clinical Commissioning Group|
|Healthy.io||Purpose – This practice is working with a company called Healthy.io to provide a pilot programme sponsored by NHS Digital to monitor urine albumin:creatinine ratio (ACR) annually for patients with diabetes. This enables patients with diabetes to test their kidney function from home. With your permission, we will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify those at risk of kidney disease and proactively manage early interventions for the benefit of patient care. Legal Basis – This is undertaken with the legal basis of 6.1.e, and 9.2.h as the practice under contract to deliver direct health care|
|National Fraud Initiative – Cabinet Office||Purpose – The use of data by the Cabinet Office for data matching is carried out with statutory authority. It does not require the consent of the individuals concerned under Data Protection legislation. Data matching by the Cabinet Office is subject to a Code of Practice. For further information see:https://www.gov.uk/government/publications/code-of-data-matching-practice-for-national-fraud-initiativeNFI activities vary each year, so data would only be disclosed if required by the focus of their activitiesLegal Basis – Part 6 of the Local Audit and Accountability Act 2014Controller – Cabinet Office|
|Q-Covid||Purpose – To support healthcare professionals in better understanding how at-risk a patient might be of catching Covid-19 and being admitted to hospital. (online tool) Legal Basis – Our legal basis for collecting and processing information for this purpose is statutory. DPIA covid-19-clinical-risk-assessment-tool-dpia—version-1.0-template-16- february-2021 (1).docx|
|National Registries||Purpose – National Registries (such as the Learning Disabilities Register) have statutory permission under Section 251 of the NHS Act 2006, to collect and hold service user identifiable information without the need to seek informed consent from each individual service user.Legal Basis – Section 251 of the NHS Act 2006|
|Police||Purpose – The police may request information in relation to on-going enquiries, all requests are reviewed and only appropriate information will be shared under legislation. Legal Basis –Article 6(1)e – task carried out in the public interestArticle 9(2)c – Vital InterestsArticle 9(2)f – Legal claims or judicial actsArticle 9(2)g – Reasons of substantial public Controller disclosed to – Police|
|Other organisations who provide support services for us||Purpose – The Practice may use the services of additional organisations (other than those listed above), who will provide additional expertise to support the Practice. Legal Basis – We have entered into contracts with other organisations to provide some services for us or on our behalf. Confidential – Shred-It provide confidential waste destruction services Continence and Stoma Service – for direct care in providing continence/stoma products and monitoring.i-Talk Counselling serviceMIND Wellbeing serviceDementia FriendlyHealth VisitorsPalliative NursesClinical Waste|