Privacy Notice

Privacy Notice

This privacy notice explains why the Borchardt medical centre collects personal information about you, and how that information may be used.

We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.

As Data Controllers, GPs have responsibilities under the Data Protection Act 2018 (DPA18). This means ensuring that your personal data is handled in ways that are safe, transparent and what you would reasonably expect.

Borchardt Medical Centre fully appreciates the importance of protecting and managing your data and maintaining your privacy. To ensure that we comply with these requirements all our data management and clinical processes fully recognise the data protection law in force in the UK, the Data Protection Act 2018 which includes relevant Articles from the EU General Data Protection Regulation (GDPR)

Use of Your Personal Information

Our health care professionals who provide you with our services maintain records about your health and any treatment or care you have received previously. These records help to provide our clients with the best possible healthcare.

Your records may exist is several formats including electronic, paper or a mixture of both, and we deploy many working organisations and approaches to ensure that such information is maintained within a confidential and secure environment. The records which we could hold about you may include the following information: –

  • Personal details relating to you, including your address and contact details, carer, legal representative and parents’ emergency contact details
  • Any contact we have had or intend to have with you such as appointments, clinic or surgery visits, home visits, etc.
  • Notes and reports about your health which is deemed to be of a sensitive nature
  • Details about your referral, diagnostics procedures, treatment and care
  • Results of any additional relevant investigations
  • Relevant information from other health professionals, relatives or those who care for you

To ensure you receive the highest levels of care, your records will be used to facilitate the care that we provide. Information could also be used within our organisation for the purposes of clinical audits which in turn will provide monitoring of the quality of the services we provide.

Some of this information will be used for statistical purposes and we will ensure that individuals cannot be identified. For situations where we may contribute to research projects we will always gain your explicit consent before releasing any relevant information.

 

Maintaining the Confidentiality of Your Records

We respect the common law duty of confidentiality and to satisfy the common law we may rely on implied consent to share confidential health data for the provision of direct care; for example, when a patient agrees to a referral from one healthcare professional to another.

Health care professionals are required to maintain records about your health including any treatment or care you have received within the NHS (e.g. NHS hospital trust, GP surgery, walk-in clinic, etc.). Using these records helps us to provide the best possible healthcare for our patients.

This practice collects and holds data for the sole purpose of providing healthcare services to our patients and we will ensure that such sensitive information is kept confidential.

However, we may disclose your personal information if:

  • It is required by law
  • You consent to do so – either implicitly (e.g. for your own treatment and care) or explicitly for other purposes (e.g. sending you newsletters etc.)
  • It is justified in the public interest

Some of your personal data will be held centrally and used for statistical purposes. Where we hold data centrally, we take strict measures to ensure that individual patients cannot be identified.

We will take all possible care to protect your privacy and will only use information collected with the law including: –

  • Data Protection Act 2018 including GDPR
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Health and Social Care Act 2012 (if appropriate)
  • Codes of Confidentiality, Information Security and Records Management

Our staff are all trained and briefed in data protection principles and understand they have a legal obligation to keep information about you confidential. They also understand that information about you will only be shared with other parties if there is an agreed need to do so or a legal reason. We will only share your data without your permission if there are very exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the Caldicot Principle 7 e.g. to share or not to share. This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott Principles. Whilst the Caldicott Principles were originally developed for NHS purposes, we have adopted the underlying principles in order to align with best practice.

Sometimes information about you may be requested to be used for research purposes. The Borchardt medical Centre will always endeavour to gain your consent before releasing such information.

Under the powers of the Health and Social Care Act 2012 (HSCA) the Health and Social Care Information Centre (HSCIC) can request personal data from GP practices without seeking the patient’s consent.

Sharing information for these reasons is important because:

  • the use of information from GP medical records is very useful in developing new treatments and medicines;
  • medical researchers use information from medical records to help answer important questions about illnesses and disease so that improvements can be made to the care and treatment patients receive;
  • NHS organisations need information to help them plan and run NHS services, for example, deciding where to provide new GP services or clinics.

Who Do We Share Your Information With?

We may also share your information, subject to strict agreements on how it will be used, with other care providers and agencies.

These could include:

  • NHS and specialist hospitals, Trusts
  • Other GPs
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private and Voluntary Sector Providers
  • GP practice federations
  • Ambulance Trusts
  • Clinical Commissioning Groups and NHS England
  • NHS Digital
  • National Institute for Health and Care Excellence
  • Care Quality Commission
  • NHS Improvement
  • NHS Shared Business Services
  • Universities
  • Social Care Services and Local Authorities
  • Education Services
  • Police and Fire and Rescue Services
  • Other ‘data processors’ during specific project work e.g. Diabetes UK

It is noted that the above list is not exhaustive, and we may contract with other external organisations to undertake processing of your personal information. These 3rd party organisations will abide with our stringent contractual conditions regarding the protection of personal data.

Prescribing services

OptimiseRx uses existing information saved in your patient medical record to determine if a message should pop-up on the screen to offer advice to the prescriber in relation to the medicine, they are prescribing for you. Who we will share the information with (recipients) Personal data does not leave the GP practice clinical system. Only the prescriber at your GP practice will see this information. Your personal data in respect to OptimiseRx is not shared with anyone else.

 

OptimiseRx supports the delivery of quality, safe and evidenced-based prescribing at the point of care. The legal basis for processing your personal information under the General Data Protection Regulation is: Article 6(1)(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and Article 9(2)(h) Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.

 

In some cases, you will be requested to provide consent if we intend to share your personal details with other organisations.

You have the right to object to your confidential information being shared by this practice for medical research and planning purposes. Please speak to the practice if you wish to object.

You can also visit https://www.nhs.uk/your-nhs-data-matters/ if you wish to register a national data opt-out which prevents your confidential information being used for research and planning (subject to certain exclusions).

Access to Personal Information and Your Rights

You have a right under the Data Protection Act 1998 and the Data Protection Act 2018 from 25th May 2018, to request access to view or to obtain a copy of what information the organisation holds about you and to have it modified should it be inaccurate. The process to access your records is known as a Subject Assess Request (SAR) and the way it works is outlined below: –

  • Your SARs request must be made in writing to the organisation’s Caldicott Guardian
  • The latest regulations state that there is no charge to have a printed copy of your information provided
  • The request will be reviewed and if possible completed within 30 days (subject to our possible requests for further clarification for you)
  • You will need to provide adequate proof of your identity before we will release the requested details (eg full name, address, date of birth, NHS number and details of your request), you must also provide two forms of identification

 

Capturing images – CCTV

Visiting our premises

Our premises are monitored by CCTV so your image may be captured whenever you enter our site boundary and within our premises. We use CCTV for maintaining public safety, the protection and security of our property and our staff and for the detection, prevention and investigating of crime. It may also be used to monitor staff when carrying out work duties.

For these reasons, the information processed may include visual images, including personal appearance and behaviour of those displayed and recorded on the system.

Where the CCTV is located on our premises but near a public space, it may also record these images even if you have not directly visited our premises.

CCTV images are normally held for 30 days and then deleted unless we require to retain them for investigative or policing enquiries.

Retention of your data

Your data will be retained for no longer than is absolutely necessary and in accordance with our Documentation Management Lifecycle Policy and the associated Schedule of Retention

 

Withdrawal of Consent

If you have provided us with consent to process your data for the purpose of providing our services, you have the right to withdraw this at any time.  In order to do this should contact us in writing

 

Updating Personal Details

If any of your details e.g. your name, address or other personal data have changed or are incorrect you have a responsibility to inform the professional treating you who will arrange for the necessary updates to be made. This will help us to ensure that the data we hold about you is accurate and complete.

 

Notification

The Data Protection Act 2018 requires organisations that control data to register with the Information Commissioners Office (ICO) website www.ico.org.uk

The organisation is registered with the ICO as a Data Controller under the Data Protection Act.

Complaints

The Borchardt Medical Centre tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. We are happy to provide any additional information or explanation needed. Any queries you have should be addressed to: gmicb-mh.borchardtmc@nhs.net  or calling 0161 438 2821.

 

If you are still unhappy following a review by the Organisation you can then complain to the Information Commissioners Office (ICO) via their website www.ico.org.uk

or in writing to: –

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

If you are happy for your data to be extracted and used for the purposes described in this Privacy Notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact us.