Privacy Notice

 

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services. It also explains your rights as a patient of the practice.

Why we need your personal information

We collect information about you mainly to provide you with health and care services. This is in accordance with the statutory obligations under the NHS Act 2006 and Health and Social Care Act 2012.

The information we collect is used for medical purposes that include:

 

What information we collect about you

Health and care organisations have a legal duty to keep complete, accurate and up-to-date information about your health. This is so that you can receive the best possible care, both now and in the future.

This information is known as your ‘health record’ and is stored securely on managed systems. The information stored includes:

  • Identifiers: Your name, date of birth, NHS Number.
  • Contact details: Your address, telephone number, email address (if provided).
  • Support contact details: Names, contact details of carers, relevant close relatives, next of kin, representatives.
  • Physical, social or mental health situation or condition: Your medical history, treatments, test results, referrals, care plans, care packages, medication, medical opinions and other relevant support you are receiving.
  • Protected characteristics: Your ethnicity, religion, sexual orientation, gender, which are required for equality monitoring and ensuring that the services are suitable and provided in the right way for the people being cared for.
 

The Data Protection Law

The General Data Protection Regulation (GDPR) is a law which allows and regulates the processing of personal data for health and social care, where data are processed by a public authority, such as this organisation. Data protection: The UK's data protection legislation

Health, social care and genetic data are amongst special categories of data requiring special protection and subject to additional controls.

We will share relevant information from your medical record:

  • With other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
  • To support medical research when the law allows us to do so, for example to learn more about why people get ill and what treatments might work best. We may also use your medical records to carry out research within the practice.
  • To help plan NHS services.
  • The law requires Beckett House Practice to share information from your medical records in certain circumstances. Information is shared so that the NHS or the UK Health Security Agency can, for example: plan and manage services; check that the care being provided is safe; prevent infectious diseases from spreading.
  • We will share information with NHS England, the Care Quality Commission, and local health protection team (or UK Health Security Agency) when the law requires us to do so.
  • We must also share your information if a court of law orders us to do so.
  • The NHS provides national screening programmes so that certain diseases can be detected at an early stage.
  • These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms, and a diabetic eye screening service.
  • The law allows us to share your contact information with the UK Health Security Agency, or other relevant health organisations, so that you can be invited to the appropriate screening programmes.    
  • See a short animation that explains how your personal data is used in healthcare: Patient data saves lives: The bigger picture
 

Integrating your care with our partners

Health and care partners in South East London, such as your GP, hospitals, and mental health, community and social care services, work together to make best use of your personal data to improve your treatment and care. This collaborative work helps us to build a more complete picture of all your health and care needs.

Integrated care records in South East London securely connect the electronic health record systems in your GP practice with similar systems in other care settings. These include South East London hospitals, care professionals in urgent and emergency care services (such as NHS 111 or 999), the London Ambulance Service and the National Record Locator Service, which is run by the NHS in England.

Integrating your care records means that your care teams can view your medications, previous treatments, test results and any other relevant care information at the touch of a button. This improves communication between your health and care providers, making best use of clinical resources during your appointments or hospital stay.

Sharing health records is helping to improve your care by providing your care team with essential clinical information at the touch of a button. This reduces the need for repeated phone calls and delayed letters.

 

Personal health records

As a patient of the practice, you can use the NHS App. This is an online secure platform for you to access your health information.

This secure online service allows you to book or cancel appointments, order repeat prescriptions, view parts of your GP record, including information about medication, allergies, vaccinations, previous illnesses and test results and some clinical correspondence such as hospital discharge summaries, outpatient appointment letters and referral letters.

You can also make a subject access request for copies of your health records. For more information see the section below titled 'your legal rights'.

 

Medical Reports

Our practice has decided to outsource our medical reporting work to an NHS Digital accredited company called Medi2data. Medi2data will be processing your medical report via eMR and providing online access via their secure encrypted portal. If you wish to contact Medi2data directly, please email mdmc@medi2data.com or call on 03333 055774.

 

Other ways your information is used

We may also use your personal data in the following areas:

  • Any complaints you have made about services.
  • Any incidents you may have been involved in while you were receiving treatment and care from us.
  • Any paid or unpaid work with us, including your involvement in volunteering, public engagement or other projects.
  • Any training, education, supervision delivered to you by us.
  • CCTV (closed-circuit television) and use of multimedia device.
 

How we keep your information secure

Your health and care providers store and use large volumes of sensitive personal data every day, such as your health records. The majority of health records are stored electronically.

Other personal data and computerised information are stored on various other systems across your health and care providers. These systems are managed by NHS IT departments or under contract with an approved public framework supplier.

More information on how your information is kept securely on NHS information systems

The information we collect is used by people in their work for the purposes stated in this notice. We take our duty to protect your personal information and confidentiality very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

  • We encrypt all outgoing email containing personal data.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
  • We provide training to all staff on how to handle all types of data.

At the most senior level, we have:

  • A senior information risk owner who is accountable for the management of all information and any associated risks and incidents.
  • A Caldicott guardian who is responsible for the management of patient information and patient confidentiality.
  • A Data Protection Officer oversees all activities related to the use of data. They make sure data use is done within the law and best practice.
 

What other information we collect

We collect information on all staff we employ, as well as volunteers, people with honorary contracts and agency staff for the purposes of running our services. We use the information for administrative, academic and statutory purposes and to support health and safety.

The information we collect includes:

  • Names, addresses and telephone numbers for employment contracting
  • Spouse, partner, emergency contact, close relative, next of kin names, address, telephone and email details for emergency contact
  • Employment records (including professional membership, references, appraisals, professional development plans, education and training records)
  • Bank, National Insurance number and pension details for payment of salaries and other expenditure claims
  • Nationality / domicile for proof of eligibility to work in the UK
  • Ethnicity for equality monitoring, equal opportunities
  • Medical information including physical health or mental condition for appropriate adjustments to work arrangements
  • Religious beliefs for spiritual support, equal opportunities, equality monitoring

We maintain electronic staff records and other corporate systems, such as employment, payroll and finance.

 

Other bodies

There are some exceptional circumstances where we must share information with official bodies or other organisations about employees without their express permission. These include circumstances owing to a legal or statutory obligation. These bodies may include:

  • Disclosure and Barring Service
  • Her Majesty’s Revenue and Customs (HMRC)
  • Financial institutes (e.g. banks, building societies for mortgage references)
  • Educational, training and academic bodies
  • Department for Work and Pensions (DWP)
  • Home Office

We do not share information about patients for the purpose of invoicing of any patients not entitled to free NHS treatment. Disclosures are only made where a disclosure is essential to prevent a serious threat to public health, national security, the life of the individual or a third party, or to prevent or detect serious crime.

 

Further information

Please talk to a member of our team if you want to know more about how we use your health records or if you do not want your information used in any of the ways described here.

If you have any concerns or want to complain:

If you think that information in your NHS health records is wrong, please contact the practice. If your request to have your records amended is turned down, we will add a statement of your views to the record.

If you are unhappy with our response, you have the right to complain to the Information Commissioner’s Office (ICO), which regulates and enforces the Data Protection Act.

Visit the ICO Website

If you have any questions, please contact our Practice Manager, Sonia Franco.