How We Use, Share & Protect Your Personal Information

Introduction

Quedgeley Medical Centre use information about you for several reasons shown in this Privacy Note. You will find below details of the information we keep. What you can do about this and who to contact if you need further help

Why do we keep information about you?

We keep information about you to help make sure that you get the right care at the right time in the right place. We also and can let you know how this information is shared and how we keep your information safe. We may also use details to ask you to complete a satisfaction survey.

Please remember that you have the right to access personal information about you held by the organisation, either to view the information in person, or to be provided with a copy.

What information do we hold about you?

• Identity details – name, date of birth, NHS Number
• Contact details – address, telephone, email address
• ‘Next of kin’ – the contact details of a close relative or friend
• Details of any A&E visits, in-patient spells or clinic appointments
• Results of any scans, X-rays and tests
• Details of any diagnosis and treatment given
• Information about any allergies and health conditions
• Relevant information about people who are involved in your care and know you
• Details about people associated with you such as your children, partners, carers relatives
• Information sent about you to us from others involved in your care such as your GP, Optician, schools etc

By providing us with your contact details, you are agreeing for us to use these ways to communicate with you about your care, i.e. by letter (address), by voicemail or voice-message (telephone or mobile number), by text message (mobile number) or by email (email address).

We make sure all records are kept to the minimum retention periods stated in the NHS Records Management Code of Practice for Health and Social Care. To support your future care needs and to support population health and as your records may become vital in the care of family members or may be used in research or clinical trials we do not destroy or archive electronic clinical records.

How will we keep your information secure and confidential?

All members of staff working in the NHS and other healthcare organisations have a legal duty of confidentiality to keep your information strictly confidential (unless in extreme circumstances where your safety or that of others is compromised). Everyone working for this organisation is subject to the Common Law Duty of Confidence.

Information provided in confidence will only be used for the purposes agreed with you, except in circumstances where the law requires or allows us to do otherwise.

What laws are relevant to the handling of personal information?

The more important laws we must follow are:

• The General Data Protection Regulation 2018, formerly The Data Protection Act 1998 (including the Data Protection Bill 2018)
• The Human Rights Act 1998
• Freedom of Information (Scotland) Act 2002
• Computer Misuse Act 1998
• Access to Health Records Act 1990
• The Human Rights Act 1998
• Common law Duty of Confidentiality
• NHS Codes of Practice.

How patient records are shared?

We are allowed to share your information with a number of other organisations:

• GPs and other NHS staff to provide care;
• Social workers or to other non-NHS staff involved in your care;
• Telling specialist organisations for clinical auditing;
• Telling your parents or the people with parental responsibility, including guardians;
• Telling your carers without parental responsibility (subject to permission);
• Telling medical researchers for research purposes (subject to permission, unless the data is
  anonymous);
• The NHS for planning, new services, managing and auditing care services;
• To bodies with special powers – e.g. the Care Quality Commission, etc;
• To the national bodies – e.g. the UK Association of Cancer Registries;
• Where necessary and appropriate, to non-statutory investigations – e.g. Members of Parliament;
• Where necessary and appropriate, to government departments other than the Department of Health;
• Disclosure to solicitors, to the police, to the Courts (including a Coroner’s Court), and to tribunals and enquiries;
• Disclosure to the media (normally the minimum necessary disclosure subject to your consent)

Confidential patient-identifiable information is only shared with other organisations where there is a legal basis for it as follows:

• When there is a Court Order or a statutory duty to share patient data;
• When there is a statutory power to share your data;
• When the you have given your consent to the sharing;
• When you have consented to the sharing for direct care purposes;
• When the sharing of patient data without consent has been authorised by the Confidentiality Advisory Group of the Health Research Authority
• Patient information may be shared, for the purposes of providing direct patient care, with other NHS organisations

In such cases, the shared data must always identify you for safety reasons.

For your benefit, the Organisation may also need to share patient health information with non-NHS organisations which are also providing care to the patient.

These may include social services or private healthcare organisations.

However, the Organisation will not disclose your confidential health information to third parties without your consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires disclosure.

These non-NHS organisations may include: social services, education services, local authorities, the police, voluntary sector providers, and private sector providers.

As it may not be practicable in such circumstances to obtain your consent, the Organisation is informing you through this notice, which is known as a Fair Processing Notice, under the Data Protection Act 1998.

What are your rights under GDPR?

How will we keep your information secure and confidential?

Under GDPR you have several rights. These are listed below.

• That your rights are communicated to you in an open, honest and easy to read and understand way
• You will be informed which data we hold has been collected from you and that which has been collected from others
• You have a right of access to the data we hold on you.
• You have the right to have ‘mistakes or errors’ in your data corrected
• You have the right of erasure also known as the right to be forgotten.
• You have the right to stop us from using your records
• You have the right of data portability. This is to have your data provided to you in a format easily read by a commonly used computer program.
• You have the right to object
• You have the right to prevent automatic decision making. This is when a computer decides about you.
• You have the right to prevent profiling however health profiling is sometimes essential to help us support wellness. This is when aspects of your health are used to identify you as someone who could be helped.
• You have a right to complain and details are written at the end of this document.

Essential Contacts

The Data Controller

The Data Controller for Quedgeley Medical Centre is Dr Mamta Chada and can be contacted via QMC.managers@nhs.net

The Data Protection Officer

The Data Protection Officer for Quedgeley Medical Centre can be contacted via QMC.managers@nhs.net

The Caldicott Guardian

The Caldicott Guardian for Quedgeley Medical Centre can be contacted via QMC.managers@nhs.net

Freedom of Information Requests

The team can be contacted on QMC.managers@nhs.net or by telephoning 01452 728882

Subject Access Requests

If you want to access your health records, then please contact: – Dr Mamta Chada – QMC.managers@nhs.net

The Information Commissioner

You have the right at any time to complain about how we have processed your data by contacting:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113

Website: www.ico.org.uk/global/contact-us