What is a Privacy notice?
This Privacy notice explains how we as a practice collect information about our patients and how we use this information. Providing you with a privacy notice is our way of stating our commitment to following confidentiality rules.
What is GDPR?
The GDPR is Europe’s new framework for Data protection Laws it replaces the old Data protection 1995 directive.
Limehouse Practice is a Data controller for the data they hold on patients.
Address: Limehouse Practice, 11 Gill street practice,
London, E14 8HQ
Data protection officer
Dr Tariq Khan
Address: 11 Gill street, London E14 8HQ
What kind of Data is held by the practice
The principles in the guidance apply to Doctors working in private practice or other NHS healthcare settings.
The GDPR applies to ‘personal data’. This means data which relate to a living individual who can be identified from these data, or from these data and other information which is in the possession of, or is likely to come into the possession of, the data controller.
Data can be in form of electronic or paper. Stored data includes:
- Details about you such as name, address, carers legal representative and next of kin details
- Treatment about your care
- Results of your investigations Lab test, X-rays
- Summary of active and past problems, medication scripts
- Relevant information about you from other healthcare professionals
- Any contact surgery has had with you such as appointments, clinic visits and emergency
The purposes for processing the data and the legal basis for processing the data
Consent for your medical record information will be requested for
· Consent to share out- allow records from service to be added to your shared record.
· Consent to share in- allows staff to view all information in your record for example extended walk-in clinics, cerner.
The Practice will share data on the basis for reasons in Articles 6 (1) and 9(2) Other legal bases when processing for reasons other than direct care might.
· ‘...for compliance with a legal obligation…’ (Article 6(1)(c)) and Article 9(2)(h) ’…management of health or social care systems…’;
· for medical research the lawful basis and special category condition are Article 6(1) (e) ‘…for the performance of a task carried out in the public interest…’ and Article 9(2)(j) ‘…research purposes…’;
· To improve patient safety
Consent has been explicitly provided personally for specified purposes.
So how do we protect your information
We are committed to ensuring confidentiality of your information. There are a number of ways in which we do this.
- Staff receive annual training about protecting and using personal data
- Policies in place for staff to follow
- We use smart cards to access systems ensuring right people access data
- We use encrypted emails
- We do not send your data outside of the EEA
Our Partner Organizations
We may share your information subject to strict agreement how it is being used with following types of Organizations:
- NHS and specialist hospitals and Trusts, CCG
for clinical audits, information is anonymized
- independant contactors optician, pharmacist and dentist’s, podiatrists
- Ambulance trusts
- Social services
- Fire and rescue
- Other Data processors
- Private clinic and voluntary charity sector providers offering service
- Education services schools
Unless you explicitly wish not to have your information being shared with other NHS organizations.
The rights you have as a patient
Since 25th May 2018 you as a patient now have more explicit rights as the ‘data subject’ under the new Data protection rules.
The rights are summarized below:
- Right to be informed
- Right of access-
- Right to rectification
- Right to object
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right not to be subject to automated decision-making
For more information please visit the website:
Risk Stratification tool
The risk stratification is process for classifying and managing patients who are mostly likely to need hospital or other healthcare services. The tool used in NHS to help determine someone’s risk of suffering particular condition and enable us to prevent ill health. Information is collected from a number of sources. Section 251 of MNHS act 206 provides a legal basis to process data for risk stratification purpose
Please follow this link for more information: https://www.england.nhs.uk/ourwork/tsd/ig/risk-stratification/
If you decide you do not want to be included in the risk stratification programme, please let us know.
Sources of information shared with third parties
- Individual Funding Request
Information maybe shared in the request for individual funding requests. This request made for funding of specialised healthcare.
We can use your NHS number to check whether your care has been funded through specialist commission, which NHS England will pay for. Section 251 of NHS act 2006. Which provide a statutory legal basis to process data for invoice validation purposes.
In cases for Adult and children safeguarding matters, access to identifiable information will be shared in some limited cases. Where it is legally vital for safety of individuals concerned
The use of data by the Cabinet Office for data matching is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Mobile numbers and Email addresses
If you provide us with your mobile we will carry on sending you appointment reminders and notifications about your health i.e. flu invite, smoking cessation. As this is not a form of marketing GDPR isn’t applicable here but you are free to opt out of receiving texts. There maybe instances in future we could email for patient feedback or Patient participation group meeting invites etc.
Change of details
It is important you tell the person treating you if any of your information has changed for example your address, your name and contact number or be it your date of birth is wrong on our system. You have a direct responsibility to inform us of any such changes on your record to keep it current and accurate.
Subject Access request
As a patient the Data protection law provides you with different rights.
The right to a copy of information is held about, which is the subject access to records, this is now free. You have the right to rectification of your record if anything is incorrect you can request for it to be corrected.
A reasonable fee can be charged if the request is manifested unfounded or excessive. The practice must handle (SARs) in 30 working days. If it takes longer because of complications the subject will be informed.
Should you wish to make a ‘subject access request’ please contact the Practice in writing.
For the Attention of Information officer, Gill street Health centre, 11 Gill street, London E14 8HQ
You have the right to make a complaint if you are unhappy with our services. Please contact the practice manager
Opting out from sharing
The national data opt out replaces type 2 opt out
Type 2 opt-outs are those opt-outs recorded on the patient record to prevent NHS Digital sharing confidential patient information for research and planning. You can go to the following link to see what the National data opt out is and how this concerns you as a patient your NHS data matters
If you require more information, please contact firstname.lastname@example.org
Referencing National Opt-Outs – Data Requests’ in the subject line; or call NHS Digital on (0300) 303 5678; or visit the following website on HOW TO OPT OUT:
To ensure that adult and children’s safeguarding matters are managed appropriately, access to identifiable information will be shared in some limited circumstances where it’s legally required for the safety of the individuals concerned.
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-ManagementCode-of-Practice-for-Health-and-Social-Care-2016
Limehouse Practice is registered with the ICO to describe the purposes for which they process personal and sensitive information. We are a registered Data Controller and our registration can be viewed online in the public register at: http://ico.org.uk/what_we_cover/register_of_data_controllers