This privacy notice explains why the GP practice collects information about you, how that information may be used and which organisations the information will be shared with to ensure you receive the best possible care.
What information do we collect?
Your healthcare records contain information about your health and any treatment or care you have received previously (e.g. NHS trust, GP surgery, Walk-in clinic, etc.). NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your healthcare record may include the following information:
- Details about you, such as address and next of kin
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Your NHS number
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you
Why do we collect this information?
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may also be used for clinical audit to monitor the quality of the service provided. In addition your information will be used to identify whether you are at risk of a future unplanned hospital admission and/or require support to effectively manage a long term condition.
Health risk screening
Your local GP practice in North Norfolk is planning to screen patients aged 18 and over already diagnosed with a long term conditions, such as diabetes, dementia, respiratory disease and heart disease. Health risk screening is now a commonly used practice within the NHS that entails accessing healthcare records electronically, and using the data to identify patients who may be at risk of future hospital admissions. The data is then used to identify how best to support patients to avoid an admission and to manage their condition more effectively.
How do we use this information?
The results of the screening will enable your GP to decide whether you would benefit from the assistance of a multi-disciplinary care team made up of other healthcare providers, social care professionals such as a district nurse or consultant physician and/or support from voluntary sector organisations. Your information will need to be shared with this team to assist your GP to identify the best care for you.
Do I need to do anything to give my permission?
No. You do not need to do anything if you are happy to give your permission for health risk screening. However if details from your healthcare records need to be shared as part of a clinical care discussion within the multi-disciplinary care team, we will contact you to obtain your consent.
What if I do not want to give my permission?
If you have any concerns or wish to opt out of health risk screening you should speak to your practice manager. The practice will ensure that your decision is recorded so your records will not be included in any screening process and/or multi-disciplinary care team discussion.
Who will we share your information with?
For the purposes of health risk screening we may need to share your information with the following organisations, with your consent:
- Community link nurses and / or community matrons from Norfolk Community Health and Care Trust (NCHC)
- Representatives from adult community services, Norfolk County Council (NCC)
- Representatives from Norfolk and Suffolk NHS Foundation Trust (NSFT)
- Integrated care coordinators (ICCs) (employed by NCC and NCHC)
- Voluntary support organisations commissioned by NNCCG
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 2018 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation has a legal duty to keep it confidential. We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
Anyone who receives information from us is also under a legal duty to keep this information confidential.
How your records are used to help the NHS
Your information may be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development, monitor NHS performance, to help the NHS plan for the future and to investigate complaints in respect of the services we commission.
We will not publish any information that identifies you or routinely disclose any information about you without your express permission. At any time you have the right to refuse/ withdraw consent to information sharing. The possible consequences will be fully explained to you, such as potential delays in receiving care.
There may be circumstances where we are bound to share information about you owing to a legal obligation, such as for the benefit of public health in the event of a pandemic.
Invoice validation
If you have received treatment within the NHS, North & East London Commissioning Support Unit – Anglia (NEL CSU Anglia) may require access to your personal information in order to determine which Clinical Commissioning Group is responsible for paying for the treatment or procedure you have received. Information such as your name, address and date of treatment may be passed on to enable the billing process. These details are held in a secure environment and kept confidential. This information will only be used to validate invoices, and will not be shared for any further commissioning purposes.
Access to your information
You have a right under the Data Protection Act 2018 to access/view what information the surgery holds about you, and to have it corrected should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:
- Give you a description of it
- Tell you why we are holding it
- Tell you who it could be disclosed to
- Let you have a copy of the information in an intelligible form
If you would like to make a ‘subject access request’, please contact the practice manager in writing.