Your Information and Data Processing

Information sharing with other services

We may need to share your medical information with other organisations involved in the delivery of your care e.g. Podiatry or District Nursing. We will not share identifiable information with anyone that isn’t involved in your care unless legally required to.

You would have been asked to opt in or out when you registered at one of our GP surgeries as follows: “Are you happy for us to Share Out your full medical records electronically with other services involved in your care and/or to view (Share In) medical records held by other services?”

If you wish to reconsider or do not consider that you have opted in or out, you may contact our practice reception to discuss further and appropriate action will be taken.

Practice Privacy Notice

1. Introduction

The NHS Act 2006 and the Health and Social Care Act 2012 invests statutory functions on GP Practices to promote and provide the health service in England, improve quality of services, reduce inequalities, conduct research, review performance of services and deliver education and training.  To do this we will need to process your information in accordance with current data protection legislation to:

  • Protect your vital interests;
  • Pursue our legitimate interests as a provider of medical care, particularly where the individual is a child or a vulnerable adult;
  • Perform tasks in the public’s interest;
  • Deliver preventative medicine, medical diagnosis, medical research; and
  • Manage the health and social care system and services.

2. What is this Privacy Notice about?

Privacy Notice or Fair processing Notice includes the conditions which have to be met for any activity involving personal data or special categories of personal data to be lawful. Being transparent and providing accessible information to individuals about how an organisation will use their personal information is a key element of Data Protection Legislations. The most common way to provide this information is in a Practice Privacy Notice (PPN).

This PPN is part of our programme to make the data processing activities we are carrying out in order to meet our healthcare obligations transparent.

The PN tells you about information we collect and hold about you, the legal basis for collecting and holding the information, what we do with it, how we keep it secure (confidential), who we might share it with and what your rights are in relation to your information.

3. Who we are – AT Medics which is the data controller for following organisations:

Somers Town Medical Centre, Avicenna Health Centre, St Ann’s Road Surgery, Camden GP Hub at Somers Town Medical Centre, Camden GP Hub at Brondesbury Medical Centre, Camden GP Hub at Caversham Group Practice, GP Hub Central Croydon, GP Hub Purley, GP Hub Parkway,Bank House Surgery, Kings Road Medical Centre, Barlby Surgery, Cassidy Medical Centre, Whitechapel Health Centre, Trowbridge Surgery, Edith Cavell Surgery, Streatham High Practice, Streatham Place Surgery, Albert Road Surgery, Britannia Village Surgery, Kings Cross Road Surgery, Parkway Health Centre, Thornton Road Surgery, Headley Drive Surgery, Fieldway Medical Centre, Valley Park Surgery, Thamesmead Health Centre, Hambleden Clinic, Queens Road Surgery, Silverlock Medical Centre, Mitchison Road Surgery, Falmouth Road Practice, The Greenhouse, Lucas Avenue Practice, Hanley Primary Care Centre, Burnley Medical Practice, Mollison Way Practice, The Wembley Practice, The Loxford Practice, Canberra Old Oak Surgery

4. Types of information we use

We use the following types of information/data:

  • Personal data or sensitive personal/special categories of personal data such as:
  • demographics – name, address, date of birth, postcode, NHS number
  • racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, medical/health data, sexual life or sexual orientation data.
  • Pseudonymised – about individuals but with identifying details (such as name or NHS number) replaced with a unique code.
  • Anonymised – about individuals but with identifying details removed.
  • Aggregated – anonymised information grouped together so that it doesn’t identify individuals.

 5. What we use your personal data and special categories of personal data (known as or sensitive personal) for

We use and share information about you in a number of ways. These include:

Primary uses – information from your GP medical record which can be made available to other NHS and public sector organisations, including doctors, nurses and care professionals in order to help them make the best informed decision, and provide you with the best possible direct care delivery.

Secondary uses – information from your GP medical record involves extracting identifiable data and (usually) sharing that data with other NHS organisations, for the purpose of indirect care. Examples include using your information for research, auditing, and healthcare planning (population health management).

6. Organisations we share your your personal information with

We share information about you with other GPs, NHS acute or mental health Trusts, local authority, community health providers, pharmacists, commissioning organisations, medical research organisations  and some specific non NHS organisations for the purposes of direct and indirect care delivery of care.

We are required under the law to provide you with the following information how we process your personal data, the purpose of proposing, recipient/categories of your personal data, the identity of our Data Protection Officer (DPO), how long we retain personal information about you, the legal basis and justification for the processing, and your right to view, request access copies of your personal information, or object to the processing: Organisations we share your your personal information with >>

7. What is Local Record Sharing?

Your GP medical record is held on our secure clinical system. This clinical system allows for local record sharing with other healthcare providers who are commissioned in your area to provide care (e.g. acute hospitals, mental and community health). Through this record sharing, clinicians are able to see clinical information entered by other organisations who are party to the local record sharing agreement.

This local sharing is used to provide direct patient care for services such as continued extended access, home visits, universal offers, musculoskeletal service, GP at front door and other neighbourhood services across local borough we run our services in line the local Care delivery strategy and the NHS STP.

It also enables specific GPs identify their patients with highly complex, multiple morbidity and/or frailty, who might benefit from targeted multi-disciplinary team support as part of case management and care planning (the “Case Finding Purpose”).

8. How will my information be made available?

The information is accessed in real time and on-demand, meaning that data from your GP record is neither extracted, nor uploaded, nor sent anywhere. The data remains within your GP clinical system supplier’s database and users are allowed read-view access only. If you have any concerns regarding your clinical system supplier’s local record sharing, you can opt out by speaking to your GP surgery team.

9. What do we use anonymised data for?

We use anonymised data to plan health care services. Specifically we use it to:

  • check the quality and efficiency of the health services we provide;
  • prepare performance reports on the services we provide and,
  • review the healthcare we provide in order they are of the highest standard.

 10. Details of data linkage with other datasets

Data may be de-identified and linked so that it can be used to improve health care and development and monitor NHS performance. Where data is used for these statistical purposes, stringent measures are taken to ensure individual patients cannot be identified.

When analysing current health services and proposals for developing future services it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation.  This may involve linking primary care GP data with other data such as secondary uses service (SUS) data (inpatient, outpatient and A&E).  In some cases there may also be a need to link local datasets which could include a range of acute-based services such as radiology, physiotherapy, audiology etc, as well as mental health and community-based services such as Improving Access to Psychological Therapies (IAPT), community nursing, podiatry etc.  When carrying out this analysis, the linkage of these datasets is always done using a unique identifier that does not reveal a person’s identity.

The organisation responsible for processing de-identified and linked data under this category, on behalf of the Practice at the local clinical commissioning group. We ensure that the data processor is legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.

11. What safeguards are in place to ensure data that identifies me is secure?

We only use information that may identify you in accordance with the EU General Data Protection Regulation 2016. These Legislation requires us to process personal data only if there is a lawful basis for doing so and that any processing must be fair and lawful.

We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it).

Our appropriate technical and security measures include:

  • The ability to ensure ongoing confidentiality, integrity, availability and resilience of our systems;
  • the ability to quickly restore availability and access to personal information in the event of a physical or technical incident; and
  • a process regularly testing, assessing and evaluating the effectiveness of security measures, and ensure they comply with the concept of privacy by design and default.

The NHS Digital Code of Practice on Confidential Information applies to all of our staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All Practice staff are trained to ensure information is kept confidential.

We are registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website. You can search by our Practice name or ICO Data Protection Register number Registration number: Z9497012

12. What are your rights?

Where information from which you can be identified is held, you have the:

  • Right of access to view or request copies of the records
  • Right to rectification of inaccurate personal data or special categories of personal data
  • Right to restriction of the processing of your data where accuracy of the data is contested, processing is unlawful or where we no longer need the data for the purposes of the processing
  • Right to object to any automated individual decision-making
  • Right to data portability by requesting the data which you provided to us (not data generated by us) in a structured, commonly used machine readable format. Your right to portability applies only where:
  • data is processed by automated means, and
  • you provided consent to the processing or,
  • the processing is necessary for the fulfilment of a contract

These rights will only apply where we cannot demonstrate compelling legitimate grounds for continued processing of your personal data for the purposes of direct provision of care, and compliance with a legal obligation to which we are subject.

Your right to erasure (right to be forgotten) will only apply where you had given ‘consent’ to process your personal health data and later withdrew the consent, and does not apply to the extent where the processing of your personal health data is necessary for:

archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;

the establishment, exercise or defence of legal claims

You can exercise your rights at any time by contacting the Practice (data controller) or the Data Protection Officer (DPO) at the address below, although we will first need to explain how this may affect the care you receive and any overriding legitimate grounds for the processing that may apply.

13. Gaining access to the data we hold about you

You have the right to see or have a copy of personal data we hold that can identify you. You do not need to give a reason to see your data. However, some information may be withheld under some exceptional circumstances.

If you want to access your personal information you must do so in writing by completing our Subject Access Request (SAR) form

Our Data Protection Officer is Dr Usman Quraishi.

14. What is the right to know?

The Freedom of Information Act 2000 (FOIA) gives people a general right of access to information held by or on behalf of public authorities, promoting a culture of openness and accountability across the public sector.

14.1   What sort of information can I request?

In theory, you can request any information that the Practice holds that does not fall under an exemption under the FOI Act. You may not ask for information that is covered by the Data Protection Act or EU General Data Protection Regulation (GDPR) under FOIA.  However, you can request this under a Subject Access Request – see section above ‘Gaining access to the data we hold about you’.

14.2   How do I make a request for information?

Your request must be in writing and can be either posted or emailed to your relevant surgery by email or post – please see contact details on our Contact Us page.

15. Glossary of Terms

Common Law of Duty of Confidentiality – is not written out in one document like the GDPR or an Act of Parliament. Common Law is also referred to as ‘judge-made’ or case law. In practice, this means that all patient/client information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient/client. However, where the disclosure/sharing of the patient/client information is for the purpose of Direct Care consent to such disclosure/sharing may be implied where it is informed, given there is a legitimate relationship between the patient/client and the health professional.

Personal Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Categories of Personal Data – data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

You have a right to see your records if you wish. Please ask at reception if you would like further details. An appointment will be required. In some circumstances a fee may be payable.

Care.Data

Information about you and the care you receive is shared, in a secure system, by healthcare staff to support your treatment and care.

It is important that the NHS can use this information to plan and improve services for all patients. We would like to link information from all the different places where you receive care, such as your GP, hospital and community service, to help us provide a full picture. This will allow us to compare the care you received in one area against the care you received in another, so we can see what has worked best.

Information such as your postcode and NHS number, but not your name, will be used to link your records in a secure system, so your identity is protected. Information which does not reveal your identity can then be used by others, such as researchers and those planning health services, to make sure we provide the best care possible for everyone.

How your information is used and shared is controlled by law and strict rules are in place to protect your privacy.

We need to make sure that you know this is happening and the choices you have.

For Further Details please see the documents below:

Summary Care Records. Have you made your choice?

summary-care
A Summary Care Record is an electronic record containing key health information, which can be made available to NHS healthcare staff caring for you in an emergency or when your GP practice is closed. If you haven’t already made your choice, please make it now.

Yes I would like a Summary Care Record

You do not need to do anything and a Summary Care Record will be made for you.

No I do not want a Summary Care Record

There are two ways to opt out from the Summary Care Record.

Your existing health record at your GP practice will continue to be used as it is now.

If you are still unsure

Please ask us for a leaflet at reception if you are still unsure about the Summary Care Record which provides more information to help you decide. You can also phone the Summary Care Record information line on 0300 123 3020 or visit the website at systems.hscic.gov.uk/scr

CCG Fair Processing Notice

The purpose of this notice is to inform you of the type of information (including personal information) that Lambeth Clinical Commissioning Group (CCG) holds, how that information is used, who they may share that information with, and how they keep it secure and confidential.

What they do

The CCG is responsible for planning and buying (also known as commissioning) health services from healthcare providers such as hospitals, for the local population to ensure the highest quality of healthcare. They also have a performance and quality monitoring role of these services, which includes responding to any concerns from patients on services offered.

How they collect and use information

Lambeth CCG collects and uses information to allow them to plan the provision of healthcare services. Most of the information they usually collect and use is anonymous. In some circumstances they need your explicit consent to collect your information. They may also ask that the information from your healthcare providers, such as your GP and hospitals, is combined and joined up in order to better support you to stay well and for them to better plan the services they buy.

As outlined in the NHS Constitution, Lambeth CCG are committed to protecting your rights and responsibilities as a patient. These include your right to confidentiality and giving you access to your health information. You have the right to ask whether they have access to your information, and to choose that you do not want your information managed by them for certain purposes.

Examples of how Lambeth CCG use your information

  • Evaluation and review of services such as checking their quality and efficiency
  • Investigating complaints and legal claim
  • Making sure services can meet patient needs, now and in the future
  • Preparing statistics on NHS performance
  • Reviewing the care provided to make sure it is of the highest standard

If you would like to find out more please contact: slcsu.informationgovernance@nhs.net

Personal Demographics Service Fair Processing

Summary

The Personal Demographics Service (PDS) is the national electronic database of NHS patient details such as name, address, date of birth and NHS Number (known as demographic information).

Data Controller

The Personal Demographics Service (PDS) is the national electronic database of NHS patient details such as name, address, date of birth and NHS Number (known as demographic information).

NHS Digital operates PDS as part of the Spine under direction from the Secretary of State for Health and is the Data Controller. PDS serves as the register of patients registered for, or otherwise in receipt of, health and care services commissioned by NHS organisations in England and Wales. Within NHS Digital, staff at the PDS National Back Office (NBO) carry out a range of activities to manage and maintain the accuracy and quality of records on the PDS along with providing a set of record tracing services for specific defined purposes. A small number of other NHS Digital staff may access PDS records as and when required for the investigation of an incident or complaint.

Level of data

Each individual record on the PDS contains identifiable data. This is to help care providers identify a patient and to facilitate communication with or about them. The data items held include NHS Number, name, date of birth, gender, GP practice, address(es) and contact details (such as telephone numbers and email addresses). Where applicable, data is also held on people’s immigration status to help care providers determine whether they are liable to be charged for some NHS services. Data is also held, where applicable, on certain patient preferences such as nominated pharmacy and whether the record is marked as ‘sensitive’. The full list of data items held on the PDS, along with other information about PDS, can be found on the Demographics pages of the NHS Digital website. No clinical data is held on the PDS.

Collection

Much of the data held on the PDS is collected by NHS care providers from patients or people acting on a patient’s behalf. The NHS care providers collecting the data include GP practices and other primary care contractors (such as pharmacies), secondary and tertiary care providers, and child health, community, learning disability and mental health services. Primary Care Support England also creates and updates PDS records in the discharge of its responsibilities for maintaining patient lists for GP practices.

Some of the data held on the PDS is collected and provided by the Home Office. This is limited to details of visitors and migrants who have paid the Immigration Health Surcharge and these details are used to create a PDS record for individuals in advance of their registration with a GP practice or attendance for NHS care. This data is initially provided by the individuals concerned as part of the visa application process.

Other updates to the PDS include:

  • civil registration births and deaths data collected from the General Register Office.
  • births and deaths data collected from the Isle of Man Government.
  • data on deaths registered in Scotland for patients who have received NHS care in England and therefore have a PDS record.
  • address updates recorded by from NHS care providers across the UK.

At the request of NHS care providers, NBO staff create new records for people who are not already registered. New records can also be created in certain cases where the resolution of data quality issues requires invalidation of existing records and in other cases such as adoption and gender reassignment where a new identity is established for the individual. NBO staff also update records to correct errors identified by PDS users or by software checks, or where automated update processes have not succeeded and require manual checking.

Purposes and sharing

Data is held on PDS to help care providers confirm the identity of patients; to link their care records within an organisation and between different organisations, and to communicate with patients. Access by individual staff to PDS data requires the use of a smartcard, while access via intermediary systems is subject to an assurance and approval framework. Details of all access is logged and maintained for audit or other investigation purposes.

The key processes where PDS data may be accessed and used are as follows:

  • Registration (and de-registration) with a care provider, whether as a patient at a GP practice or as an in-patient, outpatient or day case with a provider of NHS services, generally via a care provider’s own electronic patient record system (e.g. GP practice clinical system or hospital Patient Administration System).
  • Registration with a GP practice involves processing of PDS data by the National Health Authority Information System (NHAIS) systems used by Primary Care Support England (PCSE) to manage GP practice lists, to check for previous details of a patient’s GP registration.
  • Checking by care providers for any updates to the details for a registered patient, either via a care provider’s own system (e.g. GP practice clinical system or hospital Patient Administration System) or by logging into the Demographics screens on the Summary Care Record application (SCRa). This is also available to local authority social care services where they are working in partnership with NHS organisations to provide shared care for a patient.
  • Checking by care providers for details of a patient’s chargeable status in the case of visitors and migrants by logging into the Demographics screens on the Summary Care Record application (SCRa)
  • Referral for care, typically a GP referral for secondary care, using the national eReferrals Service (eRS)
  • Prescribing medication using the national Electronic Prescriptions Service (EPS).
  • Creation and update of a patient’s Summary Care Record (SCR).
  • Electronic transmission via the GP2GP service of a patient’s medical records between the old and new GP practices when re-registering.

NHS Digital also processes PDS data to provide extracts of patient demographic data for the Secondary Uses Service (SUS) and for the Medical Research Information Service (MRIS), both operated by NHS Digital. A range of reports is also available to relevant organisations through Spine Demographics Reporting Service (SDRS) to support the management of NHS services, including some health screening services. PDS data extracts may also be provided to external organisations for specific purposes subject to there being an appropriate legal basis and the relevant approval processes being followed. Disclosures of PDS data are recorded on the Data Release Register

There are a number of regional NHS data processing centres, known as Data Services for Commissioners Regional Offices (DSCROs) and staff in these offices may apply for access to PDS records. This is only allowed for specified purposes in connection with checking the validity of patient information and confirming responsibilities for commissioning of patient care.

NHS Digital also processes PDS data for validation and integrity checking purposes, identifying potential data quality issues to be investigated and resolved by NBO staff who will access individual records to identify issues and make corrections. Some less complex cases are also handled by staff at the National Service Desk operated by NHS Digital.

In addition to health and care purposes, where requested and where appropriate, the NBO may trace and provide administrative non-clinical information from the PDS to organisations and agencies with statutory responsibilities for specific public services. This is undertaken only where there is an applicable legal basis.

These tracing services are categorised under the following four headings:

  • NHS Data Management (this includes batch tracing to confirm NHS Numbers and other details for patients receiving services from health and care providers)
  • Health & Care Management (this includes letter forwarding and checking currency of patient registrations)
  • Death Registration
  • Record tracing (this includes tracing for law enforcement purposes, including police services, National Crime Agency, Home Office Immigration, court orders and Criminal Cases Review Commission)

There is also a Letter Forwarding tracing service which NHS Digital provides under its statutory obligation to protect the welfare of an individual. No information about live individuals is provided by this function.

Further information regarding these services is available.

Opt-out/contact

Patients registered for NHS services are required to have a record on the PDS, and therefore cannot ‘opt out’ of the PDS. However, they can request that their record is marked ‘Sensitive’ which limits the detail that can be seen by anyone viewing their PDS record to name, NHS Number and DOB, with no contact or location details visible. This is normally done by the patient requesting that their GP contacts NBO to apply the ‘Sensitive’ flag.

Where NHS Digital releases data for a secondary purpose (such as medical research), patients may choose for their identifiable data to not be released in this way.  More information is available on this web page.  Such releases are not made from PDS itself (and are not handled by the NBO team), but from the MRIS service which has the capability to apply opt-outs.