DIRECT CARE FAIR PROCESSING/PRIVACY NOTICE
For patients of College Way Surgery
1.1 The law determines how organisations can use the personal information they collect. This is underpinned by the Common Law Duty of Confidentiality together with legislation we must comply with including:
• Data Protection Act 1998
• Human Rights Act 1998
• Health and Social Care Act 2012
1.2 College Way Surgery holds and uses the personal and confidential information of its patients for a number of purposes. This notice sets out in general terms a summary of the type of information we hold about you, what we use if for and also who we may share your information with.
2.1 College Way Surgery collects personal confidential information about you. This information may include (but is not limited to):
• Your name, address telephone number, date of birth and next of kin
• Appointment details, associated admissions and medical diagnoses
• Correspondence, notes and reports
• Investigations and test results
2.2 The practice uses this information for the following reasons:
• to help inform the decisions that we make about your care
• to ensure that your treatment is safe and effective, including any advice that may be provided as part of your care
• to help us work effectively with other organisations who may also be involved in your care
3.1 College Way Surgery may share information held about you with other organisations to support:
For patient care (identifiable information):
• to promote continuity of care by sharing your information with other professionals involved in your care
• to promote safe care by sharing your information with other health care professionals (as well as the support teams they appoint to assist them which may include data analysts) who might be involved in your care such as emergency departments and out of hours doctor services
• to promote pro-active interventions for patients identified as having heightened risk of certain health conditions, such as high cholesterol, diabetes, etc. by way of local NHS clinical data analysis
For planning and assurance (information in anonymised format which does not include information from the patient written notes):
• to help protect the general health of the public
• to manage and plan services for the future
• to review the quality of care provided by the practice to ensure it remains effective
• to help our staff review the care that is provided to ensure it is of the highest standard and to enable the continual improvement of care
• to comply with a legal obligation
3.2 Organisations with which information is routinely shared with for the reasons set out above include but are not limited to:
For patient care:
• Local hospitals
• Emergency and out of hours services
For planning and assurance:
• NHS England
• Somerset Clinical Commissioning Group
• Somerset County Council – Public Health service
4.1 We will not share your identifiable information for any other reason other than healthcare and service planning within the NHS, unless we first obtain consent from you.
4.2 We sometimes share non-identifiable information for statistical and research purposes. These records will be entirely anonymised so you cannot be identified.
4.3 All patients have the right to-opt out of allowing their records to be shared for non-care purposes. If you wish to do this, please speak to a member of the practice staff.
4.3 For more detailed information about your rights and our responsibilities in respect of data protection, we have a number of information leaflets that are available in our waiting areas and reception, as well as further resources on our website. Easy read format as well as information in other languages is available upon request.
5 SECURITY OF YOUR INFORMATION
5.1 College Way Surgery have a range of security measures in place to ensure that your information is held, and where appropriate, shared in a secure way. Your patient record will only be accessed by those members of practice staff who are authorised to do so.
5.2 If you have any concerns about the way we handle your information, please speak to the Practice Manager or a member of the practice staff.
5.3 If you have any further questions please contact Kevin Caldwell, GP Data Protection Officer, Somerset CCG, Wynford House, Lufton Way, Yeovil, Somerset, BA22 8HR. Telephone 01935 384000. Email: somccg.GPDPO@nhs.net.
You have the right to object to our sharing your data, but we have an overriding responsibility to do what is in your best interest.
We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections:
1) Data Controller contact details
College Way Surgery, Comeytrowe Centre, Taunton, Somerset, TA1 4TY
2) Data Protection Officer contact details
Kevin Caldwell, GP Data Protection Officer, Somerset CCG, Wynford House, Lufton Way, Yeovil, Somerset, BA22 8HR. Telephone 01935 384000. Email: somccg.GPDPO@nhs.net.
3) Purpose of the processing
Direct Care is care delivered to the individual alone, most of which is provided in the surgery. After a patient agrees to a referral for direct care elsewhere (e.g. a referral to a specialist in a hospital) necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care.
4) Lawful basis for processing
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”*
5) Recipient or categories of recipients of the processed data
The data will be shared with:
• healthcare professionals and staff in this surgery;
• local hospitals;
• out of hours services;
• diagnostic and treatment centres;
• or other organisations involved in the provision of direct care to individual patients.
• NHS South, Central and West Commissioning Support Unit, as data processor.
6) Rights to object
You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance
7) Right to access and correct
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.
8) Retention period
The data will be retained in line with the law and national guidance. Records Management Code of Practice for Health and Social Care 2016 or speak to the practice.
9) Right to Complain
You have the right to complain to the Information Commissioner’s Office.
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)
* “Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as 'judge-made' or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent.
The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider's consent.
In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.
Three circumstances making disclosure of confidential information lawful are:
• where the individual to whom the information relates has consented;
• where disclosure is in the public interest; and
• where there is a legal duty to do so, for example a court order.
We are committed to protecting the privacy of all individuals using this website.
This policy explains how we use any personal information we collect from you through this website.
Collection of personal information
You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.
Use of personal information
We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:
We shall use your personal information to administer, and may respond to, your request.
We shall securely store the information you supply together with any response we may provide.
If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.
This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.
All data obtained by us is held and used in compliance with the Data Protection Act 2018.
This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.
Access to your personal information
You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.
111 is the NHS non-emergency number. It's fast, easy and free. Call 111 and speak to a highly trained adviser, supported by healthcare professionals.
How likely are you to recommend this Surgery to friends and family if they needed similar care or treatment? Please spend 2 minutes to take the Friends and Family Test.
View our results
The NHS website. Take control of your health and wellbeing. Get medical advice, information about healthcare services and support for a healthy life.
Patient is one of the most trusted medical resources online, supplying evidence based information on a wide range of medical and health topics to patients and health professionals.