Data Protection

GDPR - How we Access your Information

GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:

Practices must comply with subject access requests
Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
There are new, special protections for patient data
The Information Commissioner’s Office must be notified within 72 hours of a data breach
Higher fines for data breaches – up to 20 million euros

What is ‘patient data’?

Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc.

What is consent?

Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”

The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.

Individuals also have the right to withdraw their consent at any time.

SRMG Data Protection Policy V3.0

Access To Patient Information

We store all our patients’ medical records on our practice computer system. The NHS is committed to developing electronic patient records (EPRs) so health information can be shared between the clinicians responsible for your care.

We are responsible for the accuracy and safe-keeping of your medical record. You can help us to keep it accurate by informing us of any change to your name, address or telephone number and by ensuring that we have full details of your medical history. We protect your EPR from accidental loss or damage by taking daily back-ups of our entire database.

If you change practice we will send back your medical record to ERYCCG, to be forwarded on to your new GP. However, entries into your EPR made whilst you were registered with us will remain in our computer archives.

You have the right to keep your personal health information confidential between you and your doctor. This applies to everyone over the age of 16 years and in certain cases to those under 16 years. The law does impose a few exceptions to this rule but apart from these, mentioned below, you have a right to know who has access to your medical record.

We have to respect a balance between your privacy and good practice. We will normally share information with other health professionals involved in your health care unless you ask us not to do so. These people work for a variety of organisations such as NHS Trusts, CCGs, social services or private hospitals. Our nursing team have access to medical records. They are governed by the same professional codes of confidentiality as the GPs and will not disclose health information without your consent.

Administration staff also deal with medical records. They notify ERYCCG of registration details, scan hospital letters and input data into EPRs and file information which cannot be scanned into manual records.

You can access your own medical records by completing the following form, and returning it to the Practice:

SRMG - REQUEST FOR ACCESS TO RECORDS FORM

When Do We Disclose Information?

We are required by law to notify the government of various diseases, for public health reasons. Law courts can also require that GPs disclose information to them (non-cooperation on the part of GPs can be severely punished).

A patient’s written consent is always required before any information is given to solicitors or life assurance companies. When completing an insurance report a GP must disclose all relevant medical conditions. You can ask to see the report before it is sent back to the company but if you instruct us not to make a full disclosure we have to inform the insurance company of your instructions. Limited information is shared with ERYCCG to organise national breast and cervical screening programmes.

Local authority and government agencies such as social services or the Benefits Agency may require medical reports. These do not have to include your written consent but we will assume that you wish us to complete these reports in your best interests. Failure to co-operate with these agencies can lead to loss of benefits or other support.

We are required by law to allow you access to your computer and written medical records. Requests need to be made in writing and we are not allowed to charge a fee (unless the request is excessive). Please read the policy below:

SRMG Subject Access to Medical Records Policy v3 (DOCX, 73KB)

SRMG - REQUEST FOR ACCESS TO RECORDS FORM

We have a duty to keep your medical records up to date. A patient is allowed to correct any errors of fact that may have crept into their medical records over the years.

To protect your privacy and confidentiality, we will not normally disclose any medical information over the telephone unless we are sure we are talking to you. This means that we will not disclose information to family, friends or colleagues about any medical matters unless we know we have your agreement to do so. However, if you want us to discuss your medical information with a third party (ie a spouse / next of kin etc), then we will require you to complete a Consent form.

SRMG Consent to Disclose Information (PDF, 163KB)

DATA PROTECTION OFFICER

This Practice have appointed Barry Jackson to be the Data Protection Officer (DPO) He is employed by N3i and can be contacted through their service desk on phone: 0300 002 0001 or email: N3i.support@nhs.net