We are committed to protecting your privacy and will only use information that has been collected lawfully. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access.
Information is not held for longer than is necessary. We will hold your information in accordance with the Records Management Code of Practice for Health and Social Care 2016.
All your GP NHS health records are kept electronically. Our GP records database is hosted by EMIS Health Ltd, who is acting as a data processor, and all information is stored on their secure servers in Leeds, is protected by appropriate security, and access is restricted to authorised personnel.
We also make sure that data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We only email you, or use your mobile number to text you, regarding matters of medical care, such as appointment reminders and (if appropriate) test results. Unless you have separately given us your explicit consent, we will not email you for non-medical matters (such as surgery newsletters and other information).
Why do we collect this information?
The NHS Act 2006 and the Health and Social Care Act 2012 invests statutory functions on GP Practices to promote and provide the health service in England, improve quality of services, reduce inequalities, conduct research, review performance of services and deliver education and training. To do this we will need to process your information in accordance with current data protection legislation to:
- Protect your vital interests;
- Pursue our legitimate interests as a provider of medical care, particularly where the individual is a child or a vulnerable adult;
- Perform tasks in the public’s interest;
- Deliver preventative medicine, medical diagnosis, medical research; and
- Manage the health and social care system and services.
Confidential patient data will be shared within the healthcare team at the practice, including nursing staff, admin staff, secretaries and receptionists, and with other healthcare professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality which includes: