Fair Processing and Privacy Notice

Privacy Information Leaflet

 

What is a privacy notice?

A privacy notice is a statement that discloses some or all of the ways in which the practice gathers, uses, discloses and manages a patient’s data. It fulfills a legal requirement to protect a patient’s privacy.

 

Why do we need one?

To ensure compliance with the General Data Protection Regulation (GDPR), Imperial Medical Practice must ensure that information is provided to patients about how their personal data is processed in a manner which is:

  • Concise, transparent, intelligible and easily accessible;
  • Written in clear and plain language, particularly if addressed to a child; and
  • Free of charge
 

What is the GDPR?

The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region approach data privacy. The GPDR comes into effect on 25 May 2018.

 

How do we communicate our privacy notice?

At Imperial Medical Practice, the practice privacy notice is displayed on our website, through signage in the reception area(s), and in writing during patient registration (by means of a leaflet). We will:

  • Inform patients how their data will be used and for what purpose
  • Allow patients to opt out of sharing their data, should they so wish
 

What information do we collect about you?

We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.

 

How do we use your information?

Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research or others when the law allows.

 

Maintaining confidentiality

We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO).

 

Risk stratification

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including Imperial Medical Practice and this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.

 

Invoice validation

Your information may be shared if you have received treatment, to determine which Clinical Commissioning Group (CCG) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.

 

Opt-outs

You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering a Type 1 opt-out, preventing your information from being shared outside this practice.

 

Accessing your records

You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected.

 

What to do if you have any questions

Should you have any questions about our privacy policy or the information we hold about you, you can:

  1. Contact the practice’s data controller via email at d-ccg.imperialenquiries@nhs.net. GP practices are data controllers for the data they hold about their patients
  2. Write to the data controller at 47-49 Imperial Road, Exmouth, Devon EX8 1DQ
  3. Ask to speak to the practice manager Mrs Zoe Newey

The Data Protection Officer (DPO) can be contacted at the above address.

 

Complaints

In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’. We regularly review our privacy policy and any updates will be published on our website, in our newsletter and on posters to reflect the changes. 

 

Privacy Notice – Fair Processing

Last updated: 16.06.2021

Imperial Medical Practice uses personal and confidential information for a number of purposes. This Privacy Notice (also known as Fair Processing) provides a summary of the information that we hold, what we use it for and also who we will or may share information with. This Privacy Notice is part of our commitment to ensure that we process your personal data fairly and lawfully.

The Practice recognises the importance of protecting personal and confidential information in all that it does, all it directs or commissions, and takes care to meet its legal duties. The law determines how organisations can use the personal information that we collect. The key pieces of legislation that we must comply with are;

  • Data Protection Act 1998 (DPA),
  • Human Rights Act 1998 (HRA),
  • Health & Social Care Act 2012 (HCA), and
  • General Data Protection Regulation 2018 (GDPR)
  • The common law duty of confidentiality
  • NHS Codes of Confidentiality and Information Security

THE PRACTICE COLLECTS PERSON CONFIDENTIAL INFORMATION ABOUT OUR SERVICE USERS TO SUPPORT CARE PATHWAYS. THIS INFORMATION CAN INCLUDE:

  • Your name, address, telephone number, date of birth and next of kin
  • Appointment details, associated admissions
  • Details about your treatment and care
  • Correspondence, notes and reports
  • Investigations and test results, X-rays etc.
  • Relevant information from other health professionals, relatives or those who care for you.

WE USE THIS INFORMATION FOR THE FOLLOWING REASONS:

  • To help inform the decisions that we make about your care
  • To ensure that your treatment is safe and effective, including any advice that may be provided as part of your care.
  • To help us work effectively with other organisations who may also be involved in your care.

WE MAY SHARE THIS WITH OTHER ORGANISATIONS, TO SUPPORT THE FOLLOWING:

  • To help us protect the health of the public in general,
  • To manage and plan our services for the future, including measure our performance to ensure that we remain effective.
  • To help our staff review the care that is provided, to ensure that it is of the highest standard.
  • To enable the continual improvement of the competency of staff and service providers.
  • It is required by law

Some of this information will be held centrally and used for statistical purposes. Where we hold data centrally, we take strict and secure measures to ensure that individual patients cannot be identified.

Information may be used for clinical audit purposes to monitor the quality of service provided and may be held centrally and used for statistical purposes. Where we do this, we ensure that your personal information cannot be identified.

General Practice Data for Planning and Research Data Collection (GPDfPR) 

As well as using your information to support the delivery of care to you, your data may be used by NHS Digital to help improve the way health and social care is delivered to patients and service users throughout England. From the 1st September 2021, NHS Digital will securely extract your information to provide access to patient data to the NHS and other organisations who need to use it, to improve health and social care for everyone.  

NHS Digital will primarily use your information in a way that does not identify you (your information will be pseudonymised). However, they will be able to use their software to identify you in certain circumstances, and where there is a valid legal reason to do so. NHS Digital may also share your information with third parties such as Local Authorities, primary care networks (PCNs), clinical commissioning groups (CCGs), research organisations, including universities, and pharmaceutical companies.

At the time of publication (May 2021), patients who have a “type 1” opt- out, will be excluded from this programme and will not have their data extracted for this purpose.

Further information about GPDfPR can be found on the NHS Digital website

We will rely on Legal Obligation (Article (6)(1)(c)), Health and Social Care (Article 9(2)(h)) and Public Health (Article (9)(2)(i)) as the legal basis for processing your data for this purpose. 

MOBILE TELEPHONE

If you provide us with your mobile phone number we may use this to send you reminders about any appointments or other health screening information being carried out.

NEXT OF KIN

It is possible that we also hold information on you as part of some else’s record, perhaps a relative, friend, or someone who you have an involvement in their care.  The nature of the information held about you will depend on the circumstances that the information was collected.  For Instance if you have been names as a patient Next Of kin; we will hold your name and a means of contacting you such as a phone number or address.  Under Data Protection Law you will be entitled to receive a copy of this information unless there is good reason not to provide it. 

CCTV

CCTV is not currently used. 

TELEPHONE CALLS

All telephone calls to and from the practice will be recorded in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our services. A message will inform you of this each time you ring the practice. Please be aware that calls will also be recorded when anyone from the practice rings you.

The recordings are stored within our telephone system

HOW DO WE MAINTAIN THE CONFIDENTIALITY OF YOUR RECORDS?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security. Every staff member who works for an NHS organisation has a legal obligation to maintain the confidentiality of patient information.

All of our staff, contractors and committee members receive appropriate and regular training to ensure they are aware of their personal responsibilities and have legal and contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff have access to personal information where it is appropriate to their role and is strictly on a need-to-know basis.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.

WHO ARE OUR PARTNER ORGANISATIONS?

  • NHS Trusts
  • Specialist Trusts
  • Independent Contractors such as dentist, opticians, pharmacists
  • Private Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Social Care Services
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police
  • Devon Doctors
  • Other ‘data processors’

For more detailed information about your rights and our responsibilities, we have a number of information leaflets that are available in our waiting areas and reception.  

COVID - 19

The Practice may collect, hold and share information about you in relation to the COVID-19 pandemic in order to plan and manage services, check that care is being provided and prevent COVID-19 from spreading.

Information about your COVID-19 status may be shared within the NHS and with other partners involved in your care and treatment, along with:

  • NHS England,
  • NHS Digital,
  • Public Health England,
  • CCG,
  • The Department of Health,
  • Other Government Departments where it’s legally required, or where it is necessary for the protection of public health or management of the outbreak.

We do not need your consent or agreement to do this.

More information can be found on the NHS Digital website and the government website

FURTHER INFORMATION

Further information about the way in which the NHS uses personal information and your rights in that respect can be found in:

An independent review of information about patients is shared across the health and care system led by Dame Fiona Caldicott was conducted in 2012. The report, Information: To share or not to share? The Information Governance Review, be found on the government website

Please visit the NHS Digital website for further information about their work. Information about their responsibility for collecting data from across the health and social care system can be found.

The Information Commissioner’s Office is the Regulator for the Data Protection Act 1998 and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information. For further information please visit their website