Wellfield Medical Centre has a legal duty to explain how we use any personal information we collect about you, as a registered patient, at the practice.
What Information Do We Collect About You?
We will collect the following types of information from you or about you from a third party (provider organisation) engaged in the delivery of your care:
- Personal data: any information relating to an identifiable person who can be directly or indirectly identified from the data. This includes, but is not limited to name, date of birth, full postcode, address, next of kin and NHS number
- Special category/sensitive data: this could be medical history including details of appointments and contact with you, medication, emergency appointments and admissions, clinical notes, treatments, results of investigations, supportive care arrangements, social care status, race, ethnic origin, genetics and sexual orientation
Your healthcare records contain information about your health and any treatment or care you have received previously. This information will be collected either electronically using secure NHS Mail or a secure electronic transfer over an NHS encrypted network connection. Physical information will also be sent to the practice. This information will be retained within our electronic patient record or within a patient paper records.
We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.
How We Will Use Your Information
Your data is collected for the purpose of providing direct patient care. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information is also used with the practice for clinical audit to monitor the quality of the service provided. Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
We can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases
Processing your information in this way and obtaining your consent ensures that we comply with GDPR articles:
- 6(1)(c) ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’
- 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’, and
- 9(2)(h) “…necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
Who Will We Share Your Information With
In order to deliver and coordinate your health and social care, we may share or receive information from the following organisations:
- Other GP practices
- NHS trusts/foundation trusts
- NHS commissioning support units
- Independent contractors such as dentists, opticians, pharmacists
- Public Health England
- Private sector providers
- Voluntary sector providers
- Community care services
- Ambulance trusts
- Clinical commissioning group
- Social care services
- NHS Digital
- Local authorities
- Educations services
- Fire and rescue services
- Police and judicial services
- Other “data processors” which you will be informed of
- Third party processors:
When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately.
Examples of functions that may be carried out by third parties includes:
- Companies that provide IT services and support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services etc.
- Delivery services (for example if we were to arrange for delivery of any medicines to you).
- Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).
Further details regarding specific third party processors can be supplied on request.
You will be informed who your data will be shared with and in some cases, asked for explicit consent for this to happen when this is required.
Your data will not be transferred outside the European Union.