Why we collect information about you
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare.
We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as outcomes of needs assessments.
Details we collect about you
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously or elsewhere (e.g. NHS Hospital Trust, other GP Surgery, Out of Hours GP Centre, A&E, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
Records which we may hold about you may include the following:
- Details about you, such as your address and next of kin, emergency contacts
- Any contact the surgery has had with you, such as appointments, clinic visits, immunisations, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you (including that provided via our surgery website)
We are committed to protecting your privacy and will only use information collected lawfully in accordance with: –
- The General Data Protection Regulations Legislation (GDPR)
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Codes of Confidentiality and Information Security
ACR project for patients with diabetes (and/or other conditions)
The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care. Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care. Further information about this is available at:lp.healthy.io/minuteful_info.
Why do we collect this information?
The NHS Act 2006 and the Health and Social Care Act 2012 invests statutory functions on GP Practices to promote and provide the health service in England, improve quality of services, reduce inequalities, conduct research, review performance of services and deliver education and training. To do this we will need to process your information in accordance with current data protection legislation to:
- Protect your vital interests;
- Pursue our legitimate interests as a provider of medical care, particularly where the individual is a child or a vulnerable adult;
- Perform tasks in the public’s interest;
- Deliver preventative medicine, medical diagnosis, medical research; and
- Manage the health and social care system and services.
Confidential patient data will be shared within the healthcare team at the practice, including nursing staff, admin staff, secretaries and receptionists, and with other healthcare professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality which includes:
Referrals to other Health Providers
With your consent, your GP or Nurse may refer you to other services and healthcare providers not provided by the practice, or they may work with other services to provide your care in the practice. Once you have been seen other health care providers will normally tell us about the treatment they have provided for you and any follow up which the GPs need to provide. This information is then included in your GP record and you should receive your own copy from the healthcare provider.
Local Hospital, Community or Social Care Services
Sometimes the clinicians caring for you need to share some of your information with others who are also supporting you. This could include hospital or community based specialists, nurses, health visitors, therapists or social care services.
Care and Health Information Exchange (CHIE)
The CHIE is an electronic summary record for people living in Hampshire, Portsmouth and Southampton. GP Surgeries, hospitals, social care and community care teams collect information about you and store it electronically on separate computer systems. The Care and Health Information Exchange stores summary information from these organisations in one place so that – with your consent – professionals can view it to deliver better care to you. This record contains more information than the SCR, but is only available to organisations in Hampshire.
There are some national services like the National Cancer Screening Programme that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cervical, breast or bowel cancer screening. Often you have the right to not allow these organisations to have your information. You can find out more about how the NHS holds and shares your information for national programmes on the The NHS website.
Data Sharing Schemes
A number of data sharing schemes are active locally, enabling healthcare professionals outside of the surgery to view information from your GP record, with your explicit consent, should that need arise. These schemes are as follows:
- The National Summary Care Record (SCR)
- The Hampshire Health Record (HHR, or CHIE)
- EMIS Web data streaming (A&E and GP out of hours)
- Remote Consultations (GP out of hours)
- NHUC (GP out of hours)
- SCAS (Ambulance service)
Who will we share your information with?
In order to deliver and coordinate your health and social care, we may share information with the following organisations
- NHS Trusts / Foundation Trusts
- NHS Commissioning Support Units
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Care Quality Commission (CQC)
- Social Care Services
- NHS Digital (i.e. The National Diabetes Audit)
- Local Authorities (Social Services)
- Education Services
- Police & Judicial Services
- DVLA Your information will only be shared if it is appropriate for the provision of your care or required to satisfy our statutory function and legal obligations. Your information will not be transferred outside of the European Union.
Do I need to give my consent?
The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps you build trust and enhance your reputation.
However, consent is only one potential lawful basis for processing information. Therefore, your GP practice may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. Your GP Practice will contact you if they are required to share your information for any other purpose which is not mentioned within this notice. Your consent will be documented within your electronic patient record.
What will happen if I withhold my consent or raise an objection?
You have the right to write to withdraw your consent to any time for any particular instance of processing, provided consent is the legal basis for the processing. Please contact your GP Practice for further information and to raise your objection.
Type 2 opt-outs are those opt-outs recorded on your patient record to prevent the sharing of their confidential patient information for purposes beyond individual care by NHS Digital (previously known as the Health and Social Care Information Centre). These were previously managed by your GP practice making a coded entry into your medical record. This is now part of a National Opt-Out Programme and patients should visit The NHS. if you wish to opt out of secondary use of their data for developments not involved in your direct patient care.
Health Risk Screening / Risk Stratification
Health Risk Screening or Risk Stratification is a process that helps your GP to determine whether you are at risk of an unplanned admission or deterioration in health. By using selected information such as age, gender, NHS number, diagnosis, existing long term condition(s), medication history, patterns of hospital attendances, admissions and periods of access to community care your GP will be able to judge if you are likely to need more support and care from time to time, or if the right services are in place to support the local population’s needs.
To summarise Risk Stratification is used in the NHS to:
- Help decide if a patient is at a greater risk of suffering from a particular condition;
- Prevent an emergency admission;
- Identify if a patient needs medical help to prevent a health condition from getting worse; and/or
- Review and amend provision of current health and social care services.
Your GP may use computer based algorithms or calculations to identify their registered patients who are at most risk, with support from the local Commissioning Support Unit and/or a third party accredited Risk Stratification provider.
The practice will routinely conduct the risk stratification process outside of your GP appointment. This process is conducted electronically and without human intervention. The resulting report is then reviewed by a multidisciplinary team of staff within the Practice. This may result in contact being made with you if alterations to the provision of your care are identified.
A Section 251 Agreement is where the Secretary of State for Health and Social Care has granted permission for personal data to be used for the purposes of risk stratification, in acknowledgement that it would overburden the NHS to conduct manual reviews of all patient registers held by individual providers. You have the right to object to your information being used in this way. However, you should be aware that your objection may have a negative impact on the timely and proactive provision of your direct care. Please contact the Practice Manager to discuss how disclosure of your personal data can be limited.
The National Data opt-out service is available from May 25th 2018. Patients can decide if they want to share their personally identifiable data to be used for planning and research purposes. Please see information in the Practice for more details or refer to The NHS.