Data Security and Access to Records
How we use your personal information
The Meads collects personal information about you in order to provide your health care. When doing this we must respect your confidentiality and comply with all applicable Data Protection legislations.
Our Lawful bases for processing your personal information
We must, among other things, ensure personal information held about you is only used for specific purposes allowed by law. The Meads collects and processes your personal information as it is necessary for the purposes of preventative or occupational medicine, medical diagnosis, and the provision of health or social care or treatment. This leaflet answers questions you might ask about what personal information we hold, why, and to whom it may be passed to.
What personal information do we collect?
The personal information we collect, store and use about you can includes:
- Personal details e.g. name, date of birth, nationality, gender and NHS number.
- Contact details e.g. phone number, email address and address.
- Equality and diversity information about you. This may include special category personal data like details of your ethnicity, sexual orientation, religious beliefs or opinion, biometric data, genetic data, criminal convictions and offences.
- Information about next of kin or carers (including their contact details and their relevant medical history if required).
- Notes and reports relevant to your health, including any information you have told us about your health.
- Details of your treatment and care, including the professional opinion of the staff caring for you.
- Results of investigations, such as laboratory tests, scans and x-rays.
- Relevant information from health and social care professionals, relatives or those who care for you.
- Communications, for example letters and emails between an NHS Trust providing your treatment and you.
What we can use your personal information for?
We can use your personal information to:
- Provide you with health or social care;
- Help other organisations provide you with health or social care;
- If you agree, to help other organisations provide you with other public services
- Communicate with you and if appropriate your next of kin, about your care;
- Carry out internal audits and monitor the care we provide to ensure it is of the highest standard;
- Monitor equality and diversity;
- We may use anonymised data to help train and educate our staff. Should we use identifiable personal data we would always obtain your consent;
- Respond to complaints;
- Respond to queries from regulators like NHS Digital, the Care Quality Commission, the General Medical Council, the Audit Commission, the Nursing & Midwifery Council and the Health Service Ombudsman;
- Conduct legal claims or seek legal advice;
- Provide information to national registries that systematically collect data about particular conditions to help research which is only undertaken when consent is given.
How do you store my records?
Personal information may be stored electronically on a computer system and/or manually in a paper record form. When you arrive for an appointment, staff may check your details with you to ensure that our records are accurate. To assist with this, we ask that you notify us promptly of any changes to your personal details e.g. contact address, contact phone number, email address, next of kin etc.
Sharing your personal data
Your personal data will only be disclosed to those who have a genuine need to know and who agree to keep your information confidential. For your direct care we often share information with:
- GP federations, Primary Care Networks and out of hours GP service providers;
- NHS hospitals e.g. NHS Trusts and NHS Foundation Trusts
- Organisations that deliver NHS services outside of hospital e.g. NHS Community Health Trusts, Social Care Partnership Trust, Mental health providers
- Private sector organisations that deliver NHS care in your area such as Virgin Care and private hospitals such as KIMS and the Spire, dentists, opticians, pharmacists;
- Voluntary sector organisations that deliver NHS care e.g. charities such as Wisdom Hospice and Demelza House, Carer’s UK and Age UK
- Local authorities such as Kent County Council who employ social workers who are part of the Care Team, education services, children’s services, housing or benefit offices;
- Organisations that provide diagnostic tests including ultrasound and pathology/blood tests
- Organisations that provide support health services such as running vaccination and awareness clinics at our practices; and
- Organisations that provide ambulance services e.g. NHS Ambulance Trusts
Do you share my personal information with third parties or non NHS agencies?
We may need to share your personal information with organisations that provide back office support to the Practice in its delivery of services. These organisations are known as data processors. These organisations are only able to use your personal information in accordance with the Practices’ instructions and applicable laws:
- IT suppliers;
- Telephone services suppliers;
- Suppliers of web hosting services; and
- Suppliers that we use to develop and improve the technology we use, including our website and electronic patient records
Can my personal information be shared without my consent?
Your personal information may not be shared without your consent except in a number of limited circumstances when we are legally bound to do so to provide health and social care, for example:
- where there is a danger of harm to a child or vulnerable adult;
- as a result of a court order;
- when it is absolutely necessary for the prevention or detection of crime or the apprehension or prosecution of offenders;
- reporting notifiable infection diseases; and/or
- where there are serious risks to the public or staff
The above may only take place when there is a clear legal basis to use your personal information. All these uses help to provide better health and social care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
The Meads is also working with NHS Digital to ensure compliance with the National Opt-out programme on the use of NHS data from 2020. You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything.
If you do choose to opt out your confidential patient information will still be used to support your individual care. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters or call 0300 303 5678; there you will:
- See what is meant by confidential patient information;
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care;
- Find out more about the benefits of sharing data;
- Understand more about who uses the data;
- Find out how your data is protected;
- Be able to access the system to view, set or change your opt-out setting;
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone; and
- See the situations where the opt-out will not apply
You can change your mind about your choice at any time.
Personal information being used or shared for purposes beyond individual care does not include your personal information being shared with insurance companies or used for marketing purposes as any of these would only be used in this way with your explicit permission.
What if I change my mind after giving my consent for sharing or use of my information?
You have the right to restrict the use of your personal information in instances where your consent is needed for us to share your personal information; unless it is in relation to providing you with direct health and social care services or where the exceptional conditions above apply.
You can refuse or change your mind at any time about your consent; however this may affect the healthcare that is available to you. You can change your mind, but please inform us, so we can update our records.
How do you keep my records confidential?
Everyone working within the Meads has a legal duty to keep information about you confidential. There are strict codes of conduct in place to ensure your personal information is safe, whether it is on paper or computer. Staff must abide by:
- All applicable data protection legislations such as the EU General Data Protection Regulation 2016 and Data Protection Act 2018;
- Common Law Duty of Confidence; and
- NHS Code of Confidentiality
Can I get a copy of my records?
You have a right under the Data Protection legislations to access your medical records or authorise a representative to do so. Personal information may be withheld if we believe it could harm your physical or mental health. We require a written request: please contact us via firstname.lastname@example.org to request access to your medical records.
What other rights do I have?
You have the right to request that personal information about you that is factually incorrect be rectified by being amended or supplemented with additional information. Any information you do not agree with (but is not factually incorrect), we will make a note on your records of the point which you have drawn to our attention.
How can I complain about the way The Meads handles my personal information?
If you are unhappy with the way we have dealt with your personal information please contact the Practice in the first instance and then the Kent and Medway Clinical Commissioning Group Data Protection Officers’ team at email@example.com or via the Practice name at the address at the end of this leaflet. You also have the right to complain directly to the Information Commissioner in relation to data protection. The contact details are also at the end of this leaflet.
It is important to note that the General Practitioner (GP) record, usually held at the General Practice, is the primary record of care and that the majority of other services must inform the GP through a discharge note or a clinical correspondence that a patient has received care. This record is to be retained for the life of the patient plus at least ten years after death. The GP record transfers with the individual as they change GP throughout their lifetime.
Where can I find further information?
If you would like to know more about how we use your personal information or if you do not wish to have your information to be used in any of the ways described above, please contact the Practice at the address at the end of this leaflet.
General information can be obtained from the Information Commissioner’s Office. Information Commissioner’s Office: Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF t: 0303 123 1113
Who to contact
The Practice Manager
The Meads Medical Practice Limited
29 Quartz Way
Kent ME10 5AA
Tel : 01795 477266
All S251 Approval Requests” should be sent to our CCG appointed GP Data Protection Officer Team at firstname.lastname@example.org