As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect.
How we use and protect your personal information under the General Data Protection Regulation (GDPR)
Privacy Notice – Information for Patients and Service Users
The Practice recognises its obligation to preserve confidentiality under the Data Protection Laws. All members of staff at UMC take this duty seriously and have signed a practice policy declaration. If you would like your husband, wife, partner or family member to have access to your medical records, please inform reception and a note will be added to your records. We can discuss test results etc. with parents of patients under the age of 16 years. If the patient is over 16 years we can only discuss medical issues with them, unless authorisation is given.
Why does the NHS keep information about you?
The legal basis for the processing of information is that the NHS is an official authority with a public duty to care for its patients as guided by the Department of Health. The organisation responsible for processing your information is Unsworth Medical Centre. Your doctor, nurse and the teams of health and social care professionals, in hospitals and in the community, caring for you need to keep records about your health and any treatment and care you have received.
Your health records help to ensure you receive the best possible care. It is, therefore, important that you give accurate information to your care professional and inform them of any relevant changes.
What personal information about you is recorded?
Your doctor, nurse and the team of health and social care professionals caring for you keep records about your treatment and care both on paper and electronically.
These include, but are not limited to:
Personal details such as name, address, date of birth, ethnicity and religion, occupation and schools attended, NHS number and next of kin
Contact we have with you e.g. hospital admissions, outpatient/clinic appointments, consultations with Doctors and Nurses regarding your health and home visits
Notes and reports by health and social care professionals about your health, GP details etc.
Details and records about your treatment and care
Results of x-rays, blood tests and any other tests
Relevant information about people that care for you and know you well
Basic details about associated people e.g. children, partners, carers, relatives etc.
This information may be given to us directly by you. We may also hold information relating to your direct care which has been provided to us by third parties, such as referral information from your GP, Optician or from other bodies such as schools and social services
How is your information used?
Your health records are used to make sure that the teams of health and social care professionals caring for you have accurate and up to date information about your medical condition and circumstances, ensuring that appropriate information is available to all those who treat you and care for you professionally.
We will also manage your records with clear retention periods under the NHS Records Management Code of Practice for Health and Social Care.
Information collected about you to deliver your health care is also used to:
- Make sure your care is safe, effective and of the highest standard
- Support you to manage your own care and work with health and social care professionals
- Prepare statistical information to look after the health and wellbeing of the general public and plan services to meet the needs of the population
- Prepare statistical information on our performance for the Department of Health and other regulatory bodies
- Help train staff, support research and conduct surveys to maintain the quality of our services (you can choose whether or not to be involved personally)
- Review the care provided e.g. clinical audit
- Support the funding of your care
- Report and investigate any complaints, legal claims and untoward incidents
How we keep your information secure and confidential
All members of staff working in the NHS and other health and social care organisations have a legal duty to keep information about you strictly confidential (unless in extreme circumstances where your safety or that of others is compromised). The sensitivity of patient information is well understood in the NHS and Social Care, all staff are given training on their duty of confidentiality to you. The NHS also has a code of confidentiality which all staff must adhere to.
We keep all paper and electronic records secure to prevent unauthorised access in accordance with the General Data Protection Regulation.
When information may be shared and who with
We will only ever share your information with other organisations if it is in your best interests for your care, you have given your explicit consent or we are required to do so by a Court Order or under an Act of Parliament, such as when a baby is born, when a death occurs or when a reportable infectious disease is diagnosed.
There may be exceptional circumstances where the reasons for disclosure are so important that they override the obligation of confidentiality, such as to prevent someone being seriously harmed.
We may also share relevant information about you to:
- Assess and plan the type of care and treatment you need
- Provide up to date information to other health and social organisations involved in your care
- Keep your GP fully informed
- Provide continuity of your care and wellbeing to external organisations when appropriate
- Review and audit the quality of the services we provide
Your rights under Data Protection Laws
Data Protection laws give individuals rights in respect of the personal information that we hold about you. These are:
- To be informed why, where and how we use your information
- To ask for access to your information
- To ask for information to be corrected if it is inaccurate or incomplete
- To ask for your information to be deleted or removed where there is no need for us to continue processing it
- To ask us to restrict the use of your information
- To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
- To object to how your information is used
- To challenge any decisions made without human intervention (automated decision making)
Accessing your information
You have the right of access to your own records as defined in the General Data Protection Regulation which, with some exceptions, entitles individuals to a copy of information held about them.
You may authorise a third party to seek access on your behalf e.g. a solicitor, but we will need your written consent.
Where a service user is incapable of managing his or her own affairs, a person appointed by the court to manager those affairs may seek access.
Access may be limited or denied if:
- Disclosing information may cause serious harm to you
- Where giving access would disclose information relating to or provided by a third person who had not consented to disclosure
If you require a copy or your records, you must write to The Practice Manager.
You are entitled to receive some or all of your information within one calendar month and free of charge.
The General Data Protection Regulation does not cover the records of deceased patients. Statutory rights of access to these are contained within the Access to Health Records Act 1990. Any person with a claim arising from the death of a patient has a right of access to information directly relevant to the claim.
What if information we hold about you is wrong?
You can ask us to correct inaccurate or incomplete information. If the health professional agrees that the information is inaccurate of incomplete, they will correct the records and give you a copy. As far as is reasonable we will inform those who have been given the inaccurate information.
If the health professional does not agree that the information is inaccurate, they will make a note on the record of the point you have brought to their attention.
If you need help to understand this information, please ask to speak to the Practice Manager.
As you may or may not be aware we now send text messages to our patients regarding test results or appointment reminders and important information regarding clinics or services we may have for example flu clinics etc. Please check with reception that we have the correct mobile number for you. Please ensure we only have one mobile number on your records and this is your number. If you are over 16 years of age – you must have your own contact details on your records – if you think we may have a family member’s number, please contact us and update this as soon as possible. If you do receive a message and you have not been seen in the surgery recently, please discuss with reception and we will endeavour to resolve this for you.
If you want to find out more or have any concerns, then please speak to the staff currently providing your care and treatment.
If you wish to raise a complaint on how we have handled your personal data, you can contact the Practice Manager who will investigate the matter:
By email: [email protected]
Paula McCrossan (Practice Manager)
Unsworth Medical Centre
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioners Office (ICO). More information is available on the Information Commissioners Office (ICO) website https://ico.org.uk
The ICO can be contacted at:
The Information Commissioners Office
Wycliffe House Water Lane
A cookie is a small file, typically of letters and numbers, downloaded on to a device (like your computer or smart phone) when you access certain websites.
Cookies allow a website to recognise a user’s device.
Some cookies help websites to remember choices you make (e.g. which language you prefer if you use the Google Translate feature). Analytical cookies are to help us measure the number of visitors to a website. The two types we use are ‘Session’ and ‘Persistent’ cookies. Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time.
We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.
What can I do to manage cookies on my devices?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
If you are concerned about cookies and would like to ask further questions please do not hesitate to write to our website developers – [email protected]