Practice Policies & Patient Information
Chaperones
During your appointment with a doctor or nurse you are welcome to ask for a chaperone, this may be one of the nursing team but if they are unavailable a member of the reception staff can chaperone with your agreement. All staff have relevant training and checks to carry out this service. Any requests for or queries relating to chaperones can be directed to the team before any appointment or with the clinician during the appointment.
The practice prides itself in maintaining professional standards. For certain examinations during consultations an impartial observer (a ‘chaperone’) will be required.
This impartial observer will be a practice nurse or health care assistant who is familiar with the procedure and be available to reassure and raise any concerns on your behalf. If a nurse in unavailable at the time of your consultation then your examination may be re-scheduled for another time.
You are free to decline any examination or chose an alternative examiner or chaperone. You may also request a chaperone for any examination or consultation if one is not offered to you. The GP may not undertake an examination if a chaperone is declined.
The role of a Chaperone
A chaperone is there to:
- Maintain professional boundaries during intimate examinations
- Acknowledge a patient’s vulnerability
- Provide emotional comfort and reassurance
- Assist in the examination
- Assist with undressing patients, if required
Complaints
Please follow the attached complaints procedure should you have any concerns. Please post the form to the practice for the attention of the Practice Manager or hand in to reception.
Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Data Choices
Your Data Matters to the NHS
Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments. The NHS is committed to keeping patient information safe and always being clear about how it is used.
How your data is used
Information about your individual care such as treatment and diagnoses is collected about you whenever you use health and care services. It is also used to help us and other organisations for research and planning such as research into new treatments, deciding where to put GP clinics and planning for the number of doctors and nurses in your local hospital. It is only used in this way when there is a clear legal basis to use the information to help improve health and care for you, your family and future generations.
Wherever possible we try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.
You have a choice
You do not need to do anything if you are happy about how your information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your mind about your choice at any time.
Will choosing this opt-out affect your care and treatment?
No, choosing to opt out will not affect how information is used to support your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.
What do you need to do?
If you are happy for your confidential patient information to be used for research and planning, you do not need to do anything.
To find out more about the benefits of data sharing, how data is protected, or to make/change your opt-out choice visit www.nhs.uk/your-nhs-data-matters
Freedom of Information
Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
GP Net Earnings
NHS England require that the net earnings of GPs engaged in the practice is publicised and the required disclosure is shown below.
However, it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time GPs spend working in the practice and it should not be used to form any judgement about GP earnings nor to make any comparison with any other practice.
All GP practices are required to declare the mean earnings (i.e. average pay) for GPs working to deliver NHS services to patients at each practice.
The average pay for GPs working in the surgery in the last financial year was £46,543 before tax and national insurance. This is for 2 part time GPs and 1 Salaried GP who worked in the practice for at least six months.
How your information is used?
Summary Care Record, Salford Integrated Record and HSCIC
Salford Integrated Record (SIR)
This is a local system that allows health and social care professionals to access your health record should you ever need treatment within Salford.
Summary Care Record
This is a national system and will only contain your allergies, adverse reactions and current medication list. This can be accessed by healthcare staff across the country should you require treatment away from home.
HSCIC
The Health and Social Care Information Centre also collects information about you and your healthcare in a secure manner to determine what is working well and what could be improved within the NHS. For more information you can visit – www.nhs.uk/caredata.
If you wish to opt out of any of the above or want more information please speak to reception who will gladly assist you.
More Information
For further information visit the NHS Care records website or the HSCIC Website
Download the opt out form >>>>
National Diabetes Audit
The practice takes part in the National Diabetes Audit. This is usually carried out in June/July of each year, this is to improve the care provided to patients. For more information on the audit or how to opt out of the audit please speak to a receptionist or pick up a leaflet in the surgery.
Infection Control Statement
We aim to keep our surgery clean and tidy and offer a safe environment to our patients and staff. We are proud of our modern, purpose built practice and endeavour to keep it clean and well maintained at all times.
If you have any concerns about cleanliness or infection control, please report these to our reception staff.
Our GPs and nursing staff follow our Infection Control Policy to ensure the care we deliver and the equipment we use is safe.
We take additional measures to ensure we maintain the highest standards:
- Encourage staff and patients to raise any issues or report any incidents relating to cleanliness and infection control. We can discuss these and identify improvements we can make to avoid any future problems
- Carry out an annual infection control audit to make sure our infection control procedures are working
- Provide annual staff updates and training on cleanliness and infection control
- Review our policies and procedures to make sure they are adequate and meet national guidance
- Maintain the premises and equipment to a high standard within the available financial resources and ensure that all reasonable steps are taken to reduce or remove all infection risk
- Use washable or disposable materials for items such as couch rolls, modesty curtains, floor coverings, towels etc., and ensure that these are laundered, cleaned or changed frequently to minimise risk of infection
- Make alcohol hand rub gel available throughout the building
Privacy policy
Protecting Your Data
Introduction
This privacy notice explains in detail why we use your personal data which we, the GP practice, (Data Controller), collects and processes about you. A Data Controller determines how the data will be processed and used within the GP practice and with others who we share this data with. We are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles under the General Data Protection Regulation (GDPR) and Data Protection Act 2018. This notice also explains how we handle that data and keep it safe.
The GP Practice also has a Caldicott Guardian. A Caldicott Guardian is a senior person within a health or social care organisation, preferably a health professional, who makes sure that the personal information about those who use its services is used legally, ethically and appropriately, and that confidentiality is maintained. The Caldicott Guardian for the GP practice is:
Dr Ryan Cooke, GP Partner
We will continually review and update this privacy notice to reflect changes in our services and to comply with changes in the Law. When such changes occur, we will revise the last updated date as documented in the version status in the header of this document.
What we do?
We are here to provide care and treatment to you as our patients. In order to do this, the GP practice keeps personal demographic data about you such as your name, address, date of birth, telephone numbers, email address, NHS Number, ethnicity, main spoken language, gender, sexual orientation, education setting, carer responsibilities etc and your health and care information.
Information is needed so we can provide you with the best possible health and care. We also use your data to:
- Confirm your identity to provide these services and those of your family / carers
- Understand your needs to provide the services that you request
- Obtain your opinion on our services (with consent)
- Prevent and detect fraud and corruption in the use of public funds
- Make sure we meet our statutory obligations, including those related to diversity and equalities
- Adhere to a legal requirement that will allow us to use or provide information (e.g. a formal Court Order or legislation)
Definition of Data Types
We use the following types of information / data:
Personal Data
This contains details that identify individuals even from one data item or a combination of data items. The following are demographic data items that are considered identifiable such as name, address, NHS Number, full postcode, date of birth. Under GDPR, this now includes location data and online identifiers such as your Emis registered number.
Special categories of data (previously known as sensitive data)
This is personal data consisting of information as to: race, ethnic origin, political opinions, health, religious beliefs, trade union membership, sexual life and previous criminal convictions. Under GDPR, this now includes biometric data and genetic data.
Personal Confidential Data (PCD)
This term came from the Caldicott review undertaken in 2013 and describes personal information about identified or identifiable individuals, which should be kept private or secret. It includes personal data and special categories of data but it is adapted to include deceased as well as living people and ‘confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’.
Pseudonymised Data or Coded Data
Individual-level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity. When data has been pseudonymised it still retains a level of detail in the replaced data by use of a key / code or pseudonym that should allow tracking back of the data to its original state.
Anonymised Data
This is data about individuals but with all identifying details removed. Data can be considered anonymised when it does not allow identification of the individuals to whom it relates, and it is not possible that any individual could be identified from the data by any further processing of that data or by processing it together with other information which is available or likely to be available.
Aggregated Data
This is statistical information about multiple individuals that has been combined to show general trends or values without identifying individuals within the data.
Our data processing activities
The law on data protection under the GDPR sets out a number of different reasons for which personal data can be processed for. The law states that we have to inform you what the legal basis is for processing personal data and also if we process special category of data such as health data what the condition is for processing.
The types of processing we carry out in the GP practice and the legal bases and conditions we use to do this are outlined below:
Provision of Direct Care and administrative purposes within the GP practice
Type of Data | Personal Data – demographics Special category of data – Health data |
Source of Data | Patient and other health and care providers |
Legal basis for processing personal data and Condition for processing special category of data |
Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
Article 9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems |
Common Law Duty of Confidentiality basis | Implied Consent |
Direct care means a clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. This is carried out by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship with. In addition, this also covers administrative purposes which are in the patient’s reasonable expectations.
To explain this, a patient has a legitimate relationship with a GP in order for them to be treated and the GP practice staff process the data in order to keep up to date records and to send referral letters etc.
Other local administrative purposes include waiting list management, performance against national targets, activity monitoring, local clinical audit and production of datasets to submit for national collections.
This processing covers the majority of our tasks to deliver health and care services to you. When we use the above legal basis and condition to process your data for direct care, consent under GDPR is not needed. However, we must still satisfy the common law duty of confidentiality and we rely on implied consent. For example, where a patient agrees to a referral from one healthcare professional to another and where the patient agrees this implies their consent.
Medicines Management and Optimisation
Type of Data | Personal Data – demographics Special category of data – Health data |
Source of Data | GP Practice |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
Article 9 (2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems |
Common Law Duty of Confidentiality basis | Implied Consent |
Salford CCG and Salford Royal Foundation Trust pharmacists and technicians work with GP practices to provide advice on medicines and prescribing queries, process repeat prescription requests and review prescribing of medicines to ensure that it is safe and cost-effective. This will require the use of identifiable information.
In cases where identifiable data is required, this is done with practice agreement and in the case of repeat prescription processing with patient consent. No data is removed from the practice’s clinical system and no changes are made to patient’s records without the correct authority from the GP in place. Patient records can be viewed in the GP practice or remotely.
Where specialist support is required (e.g. to order a drug that comes in solid form in gas or liquid form) Salford CCG medicines optimisation pharmacists will order this on behalf of a GP to support your care. Identifiable data is used for this purpose.
Identifiable data is also used by our pharmacists in order to review and authorise (if appropriate) requests for high cost drugs which are not routinely funded. In cases where identifiable data is used, this is done with the consent of the patients.
Purposes other than direct care (secondary use)
This is information which is used for non-healthcare purposes. Generally this could be for research purposes, audits, service management, safeguarding, commissioning, complaints and patient and public involvement.
When your personal information is used for secondary use this should, where appropriate, be limited and de-identified so that the secondary uses process is confidential.
Safeguarding
Type of Data | Personal Data – demographics Special category of data – Health data |
Source of Data | Patient and other health and care providers |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
Article 9 (2)(b) – Processing is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or the data subject in the field of …social protection law |
Common Law Duty of Confidentiality basis | Overriding Public Interest / children and adult safeguarding legislation |
Information is provided to care providers to ensure that adult and children’s safeguarding matters are managed appropriately. Access to personal data and health information will be shared in some limited circumstances where it’s legally required for the safety of the individuals concerned. For the purposes of safeguarding children and vulnerable adults, personal and healthcare data is disclosed under the provisions of the Children Acts 1989 and 2006 and Care Act 2014.
Risk Stratification
Type of Data | Personal Data – demographics Special category of data – Health data |
Source of Data | GP Practice and other care providers |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(c) – Processing is necessary for compliance with a legal obligation
Article 9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems Section 251 NHS Act 2006 |
Risk stratification entails applying computer based algorithms, or calculations to identify those patients who are most at risk from certain medical conditions and who will benefit from clinical care to help prevent or better treat their condition. To identify those patients individually from the patient community would be a lengthy and time-consuming process which would by its nature potentially not identify individuals quickly and increase the time to improve care. A GP / health professional reviews this information before a decision is made.
The use of personal and health data for risk stratification has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority (known as Section 251 approval). This approval allows your GP or staff within your GP Practice who are responsible for providing your care, to see information that identifies you, but CCG staff will only be able to see information in a format that does not reveal your identity.
NHS England encourages GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable admissions.
Knowledge of the risk profile of our population helps to commission appropriate preventative services and to promote quality improvement.
Risk stratification tools use various combinations of historic information about patients, for example, age, gender, diagnoses and patterns of hospital attendance and admission and primary care data collected in GP practice systems.
Our data processor for Risk Stratification purposes Dr Ryan Cooke.
If you do not wish information about you to be included in our risk stratification programme, please contact the GP Practice. We can add a code to your records that will stop your information from being used for this purpose. Please see the section below regarding objections for using data for secondary uses.
Invoice Validation
Type of Data | Personal Data – demographics Pseudonymised – coded health care data |
Source of Data | GP Practice and other care providers |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(c) – Processing is necessary for compliance with a legal obligation
Article 9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems Section 251 NHS Act 2006, NHS Constitution (Health and Social Care Act 2012) |
If you have received treatment within the NHS, NHS Shared Business Services, may require access to your personal information in order to determine which Clinical Commissioning Group is responsible for paying for the treatment or procedure you have received.
Information such as your NHS Number and details of treatment may be passed on to enable the billing process. These details are held in a secure environment and kept confidential. This information will only be used to validate invoices, and will not be shared for any further commissioning purposes.
National Clinical Audits
Type of Data | Personal Data – demographics Special category of data – Health data Pseudonymised Anonymised |
Source of Data | GP Practice and other care providers |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(c) – Processing is necessary for compliance with a legal obligation
Article 9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems Section 251 NHS Act 2006, NHS Constitution (Health and Social Care Act 2012) |
The GP practice contributes to national clinical audits and will send the data which are required by NHS Digital when the law allows. This may include demographic data such as data of birth and information about your health which is recorded in coded form, for example, the clinical code for diabetes or high blood pressure.
Purposes requiring consent
There are also other areas of processing undertaken where consent is required from you. Under GDPR, consent must be freely given, specific, you must be informed and a record must be made that you have given your consent, to confirm you have understood.
Patient and Public Involvement
Type of Data | Personal Data – demographics |
Source of Data | GP Practice |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(a) – Explicit Consent
Article 9 (2)(a) – Explicit Consent |
If you have asked us to keep you regularly informed and up to date about the work of the GP Practice or if you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process personal confidential data which you share with us.
We obtain your consent for this purpose. Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document.
Medical Research
Type of Data | Personal Data – demographics Special category of data – health data |
Source of Data | GP Practice |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(a) – Explicit Consent
Article 9 (2)(j) – Processing is necessary for…scientific or historical research purposes… Common law duty of confidentiality – explicit consent or if there is a legal statute for this which you will be informed of |
If you wish to take part in a research study, we obtain your consent for this purpose. Where you submit your details to us for research purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document.
Complaints
Type of Data | Personal Data – demographics Special category of data – health data |
Source of Data | Data Subject, Primary Care, Secondary Care and Community Care |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(a) – Explicit Consent
Article 9 (2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems Common law duty of confidentiality – explicit consent |
If you contact the GP Practice about a complaint, we require your explicit consent to process this complaint for you. You will be informed of how and with whom your data will be shared by us, including if you have or you are a representative you wish the GP practice to deal with on your behalf.
Text Messaging Reminders
Type of Data | Personal Data – demographics Special category of data – health data |
Source of Data | GP Practice |
Legal Basis and Condition for processing special category of data under GDPR | Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
Article 9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems |
The surgery may send you text messages in the future to remind you about appointments.
You can choose to opt out of this service at any point and should you wish to do so please contact reception to advise them of your decision.
If you change your mobile telephone number, please tell us as soon as possible so we can continue the reminder service to your mobile phone.
Using anonymous or coded information
This type of data may be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development and monitor NHS performance where the law allows this. Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units and research institutions.
How we protect your personal data
We will use the information in a manner that conforms to the General Data Protection Regulations (GDPR) and Data Protection Act 2018. The information you provide will be subject to rigorous measures and procedures to make sure it can’t be seen, accessed or disclosed to any inappropriate persons. We have an Information Governance Policy that explains the approach within the GP practice, our commitments and responsibilities to your privacy and cover a range of information and technology security areas.
Access to your personal confidential data is password protected on secure systems and securely locked in filing cabinet when on paper.
Our IT Services provider, Greater Manchester Shared Service, regularly monitor our system for potential vulnerabilities and attacks and look to always ensure security is strengthened.
All our staff have received up to date data security and protection training. They are obliged in their employment contracts to uphold confidentiality, and face disciplinary procedures if they do not do so. We have incident reporting and management processes in place for reporting any data breaches or incidents. We learn from such events to help prevent further issues and inform patients of breaches when required.
How long do we keep your personal data?
Whenever we collect or process your data, we will only keep it for as long as is necessary for the purpose it was collected. For a GP practice, we comply with the Records Management NHS Code of Practice. Records remain on the practice site unless the patient deregisters or is deceased. In both cases a full set of notes is returned to the Health Authority for processing in the appropriate way. Any electronic copy of records is archived on our clinical system.
Destruction
This will only happen following a review of the information at the end of its retention period. Where data has been identified for disposal we have the following responsibilities:
- to ensure that information held in manual form is destroyed using a cross cut shredder
- to ensure that electronic storage media used to hold or process information are destroyed or overwritten to national standards.
Who we share your data with?
As stated above, where your data is being processed for direct care this will be shared with other care providers who are providing direct care to you such as:
- NHS Trusts / Foundation Trusts
- GP’s
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Social Care Services
- Out of hours providers
- Walk in centres
- Clinics
We work with third parties and suppliers (data processors) to be able for us to provide a service to you. These include (but are not limited to):
- Egton – to provide our electronic clinical system
- NHS Greater Manchester Shared service – to provide our IT services
- NHSMAIL – allows NHS organisations to securely share patient information
- Docman – to provide copies of secondary care services correspondence
- Salford CCG and / or Salford Council and Shared Business Services/ICB
- Salford Primary Care Together – provide Salford wide services
- Walkden and Little Hulton PCN – to provide community services
- Optum – Scriptswitch – guides clinicians on the correct medicines to use in line with NHS guidance
- AccurX – allows our practice to communicate directly with you as patients and you with us
- Ardens – helps the practice monitor annual reviews and recall patients and extracts anonymised data for the ICB for audit purposes
- PCIT – helps the practice monitor annual reviews and recall patients
- Eclipse – allows our medicines team to access up to date/accurate information on health requirements relating to specific medications for patients
- Graphnet – to enable primary and secondary care to share important health information
- GP connect + – allows patients to be booked and seen in local community services such as physio and the evening and weekend GP services
There will be occasions whereby these organisations have potential access to your personal data, for example, if they are fixing an IT fault on the system. To protect your data, we/NHS have contracts and / or Information Sharing Agreements in place stipulating the data protection compliance they must have and re-enforce their responsibilities as a data processor to ensure you data is securely protected at all times.
We will not disclose your information to any 3rd party without your consent (implied/express) unless:
- there are exceptional circumstances (life or death situations)
- where the law requires information to be passed on as stated above
- required for fraud management – we may share information about fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- It is required to be disclosed to the police or other enforcement, regulatory or government body for prevention and / or detection of crime
Where is your data processed?
Your data is processed with the GP surgery and by other third parties as stated above who are UK based. Your personal data is not sent outside of the UK for processing.
Where information sharing is required with a country outside of the EU you will be informed of this and we will have a relevant Information Sharing Agreement in place. We will not disclose any health information without an appropriate lawful principle, unless there are exceptional circumstances such as when the health or safety of others is at risk, where the law requires it, or to carry out a statutory functions i.e. reporting to external bodies to meet legal obligations
What are your rights over your personal data?
You have the following rights over your data we hold:
- Subject Access Rights – you can request access to and or copies of personal data we hold about you, free of charge (subject to exemptions) and provided to you within 1 calendar month. We request that you provide us with adequate information in writing to process your request such as full name, address, date of birth, NHS number and details of your request and documents to verify your identity so we can process the request efficiently. On processing a request, there may be occasions when information may be withheld if the organisation believes that releasing the information to you could cause serious harm to your physical or mental health. Information may also be withheld if another person (i.e. third party) is identified in the record, and they do not want their information disclosed to you. However, if the other person was acting in their professional capacity in caring for you, in normal circumstances they could not prevent you from having access to that information.
- Right to rectification – The correction of personal data when incorrect, out of date or incomplete which must be acted upon within 1 calendar month of receipt of such request. Please ensure the GP practice has the correct contact details for you.
- Right to withdraw consent – If we have your explicit consent for any processing we do, you have the right to withdraw that consent at any time and have the right to have data portability (data provided to you in a commonly used and machine readable format) and erasure (right to be ‘forgotten’)
- Right to object to processing – you have the right to object to processing however please note if we can demonstrate compelling legitimate grounds which outweighs the interest of you then processing can continue. If we didn’t process any information about you and your health care if would be very difficult for us to care and treat you.
To request a copy or request access to information we hold about you and / or to request information to be corrected if it is inaccurate, please contact:
Data Protection Officer
Dr R Cooke
14 Morston Close
Worsley
Manchester
M28 1PB
Objections to processing for secondary purposes (other than direct care)
The NHS Constitution states “You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered”. The possible consequences (i.e. lack of joined up care, delay in treatment if information has to be sourced from elsewhere, medication complications which all lead to the possibility of difficulties in providing the best level of care and treatment) will be fully explained to you to allow you to make an informed decision.
If you wish to opt out of your data being processed and / or shared onwards with other organisations for purposes not related to your direct care, please contact the surgery.
There are several forms of opt-outs available at different levels. These include for example:
- Information directly collected by the surgery:
Your choices can be exercised by withdrawing your consent for the sharing of information that identifies you, unless there is an overriding legal obligation.
- Information not directly collected by the surgery, but collected by organisations that provide NHS services.
Type 1 opt-out
If you do not want personal confidential data information that identifies you to be shared outside your GP practice, for purposes beyond your direct care you can register a type 1 opt-out with your GP practice. This prevents your personal confidential information from being used other than in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease.
Patients are only able to register the opt-out at their GP practice.
Records for patients who have registered a type 2 opt-out will be identified using a particular code that will be applied to your medical records that will stop your records from being shared outside of your GP Practice.
Type 2 opt-out
NHS Digital collects information from a range of places where people receive care, such as hospitals and community services.
To support those NHS constitutional rights, patients within England are able to opt out of their personal confidential data being shared by NHS Digital for purposes other than their own direct care, this is known as the ‘Type 2 opt-out’
If you do not want your personal confidential information to be shared outside of NHS Digital, for purposes other than for your direct care you can register a type 2 opt-out with your GP practice.
Patients are only able to register the opt-out at their GP practice.
Complaints / Contacting the Regulator
If you feel that your data has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, please contact our Data Protection Officer at the following contact details:
Data Protection Officer
Dr R Cooke
14 Morston Close
Worsley
Manchester
M28 1PB
If you are not happy with our responses and wish to take your complaint to an independent body, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1133
Or go online to www.ico.org.uk/concerns (please note we can’t be responsible for the content of external websites).
Further Information / Contact Us
We hope that the Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. Should you have any questions / or would like further information, please contact our Caldicott Guardian / Data Protection Officer at the following contact details:
Data Protection Officer
Dr R Cooke
14 Morston Close
Worsley
Manchester
M28 1PB
Summary Care Record
There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.
Why do I need a Summary Care Record?
Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.
This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.
Who can see it?
Only healthcare staff involved in your care can see your Summary Care Record.
How do I know if I have one?
Over half of the population of England now have a Summary Care Record. You can find out whether Summary Care Records have come to your area by contacting the practice.
Do I have to have one?
No, it is not compulsory. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery.
More Information
For further information visit the NHS Care records website.
Zero Tolerance
The practice fully supports the NHS Zero Tolerance Policy. The aim of this policy is to tackle the increasing problem of violence against staff working in the NHS and ensures that doctors and their staff have a right to care for others without fear of being attacked or abused.
We understand that ill patients do not always act in a reasonable manner and will take this into consideration when trying to deal with a misunderstanding or complaint. We ask you to treat your doctors and their staff courteously and act reasonably.
All incidents will be followed up and you will be sent a formal warning after a second incident or removed from the practice list after a third incident if your behaviour has been unreasonable.
However, aggressive behaviour, be it violent or verbal abuse, will not be tolerated and may result in you being removed from the Practice list and, in extreme cases, the Police will be contacted if an incident is taking place and the patient is posing a threat to staff or other patients.