Privacy Notice

BACK TO MAIN INDEX

In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as outcomes of needs assessments. 

Details we collect about you 

We are committed to protecting your privacy and will only use information collected lawfully in accordance with: 

• Data Protection Act 1998 (revised by General Data Protection Regulations (GDPR) from 25 May 2018) 
• Human Rights Act 1998 
• Common Law Duty of Confidentiality 
• Health and Social Care Act 2012 
• NHS Codes of Confidentiality, Information Security and Records Management 
• Information: To Share or Not to Share Review 
• Guidance issued by the Information Commissioner’s Office (ICO) 

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously or elsewhere (e.g. NHS Hospital Trust, other GP Surgery, Out of Hours GP Centre, A&E, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare. Records which we may hold about you may include the following: 

• Details about you, such as your address and next of kin, emergency contacts, your home telephone number, mobile phone number, email address 
• Any contact the surgery has had with you, such as appointments, clinic visits, immunisations, emergency appointments, etc. 
• Notes and reports about your health, treatment and care 
• Results of investigations, such as laboratory tests, x-rays, etc. 
• Relevant information from other health professionals, relatives or those who care for you 

How we keep your information confidential and safe 

All your GP NHS health records are kept electronically. Our GP records database is hosted by EMIS Health Ltd, who is acting as a data processor, and all information is stored on their secure servers in Leeds, is protected by appropriate security, and access is restricted to authorised personnel. 

We also make sure that data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed. We only email you, or use your mobile number to text you, regarding matters of medical care, such as appointment reminders and (if appropriate) test results. 

We may also email you for non-medical matters related to surgery business (such as surgery newsletters and other information). 

We maintain our duty of confidentiality to you always. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on. 

How we use information about you 

Confidential patient data will be shared within the healthcare team at the practice, including nursing staff, admin staff, secretaries and receptionists, and with other healthcare professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality. 

Data Processors 

Yalding Surgery uses data processors to perform certain administrative tasks for us, particularly where these involve large numbers of patients. Details of these data processors can be requested at the surgery’s reception. 

Who Are Our Partner Organisations? 

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations: 

• NHS Trusts / Foundation Trusts 
• GPs 
• NHS Commissioning Support Units 
• Independent contractors such as dentists, opticians, pharmacists 
• Private sector providers 
• Voluntary sector providers 
• Ambulance Trusts 
• Clinical Commissioning Groups 
• Social Care Services 
• Health and Social Care Information Centre (HSCIC) 
• Local Authorities 
• Education Services 
• Fire and Rescue Services 
• Police & Judicial Services 
• Other ‘data processors’ which you will be informed of 

You will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen. 

Mandatory disclosures of information 

We are sometimes legally obliged to disclose information about patients to relevant authorities. In these circumstances the minimum identifiable information that is essential to serve that legal purpose will be disclosed. That organisation will also have a professional and contractual duty of confidentiality. Data will be anonymised if at all possible before disclosure if this would serve the purpose for which the data is required. 

Permissive disclosures of information 

Only with your explicit consent, Yalding Surgery can release information about you, from your GP record, to relevant organisations. These may include: 

• Your employer 
• Insurance companies 
• Solicitors 
• Local Authorities 
• Police 

Accessing your information on other databases 

Yalding Surgery can access certain medical information about you, when relevant or necessary, that is held on other databases (i.e. under the control of another data controller). These include Maidstone and Tunbridge Wells Hospital databases and NHS Digital’s Open Exeter database. Accessing such information would only be for your direct medical care. 

Research 

Yalding Surgery sometimes undertakes accredited research projects. Where this involves accessing identifiable patient information, we will only do so with the explicit consent of the individual and Research Ethics Committee approval. 

Your right to opt-out of sharing your information 

You have the right to opt-out (or object) to ways in which your information is shared, both for direct medical care purposes (such as the national NHS data sharing schemes), i.e. primary uses of your information, or for purposes other than your direct medical care – so-called secondary uses. Details of these purposes, and how you can opt out, can be found on our website. 

Accessing your own medical information 

You have a right, under the new GDPR, to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following: 

• We recommend your request be made in writing to the GP but verbal request can be made – for information from the hospital you should write direct to them 
• We are required to respond to you within a calendar month if the request is complex the period may be extended 
• You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located 

Notification 

If you wish to view detailed Privacy Notices in reference to other data processing activities that Yalding Surgery performs please contact Reception 

This information is publicly available on the Information Commissioner’s website. The practice is registered with the Information Commissioners Office (ICO). 

Our Data Protection Officer is Helen Foreman 

The Data Controller, responsible for keeping your information secure and confidential are the Partners at Yalding Surgery. 

Complaints 

If you have concerns or are unhappy about how your information is managed at the Practice, please contact the Practice Manager at Yalding Surgery,Burgess Bank, Benover Road, Yalding, Kent ME18 6ES. Details of how to complain are on our website, or available at the surgery. 
For independent advice about data protection, privacy, and data sharing issues, you can contact: 

The Information Commissioner Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire SK9 5AF 

Email: casework@ico.org.uk 
Telephone: 0303 123 1113 (local rate) or 01625 545 745 
Interpretation services are available