Old Bridge Surgery

Privacy policy

Privacy Notice – GDPR

This practice keeps medical records confidential and complies with the General Data Protection Regulation.
We hold your medical record so that we can provide you with safe care and treatment.
We will also use your information so that this Practice can check and review the quality of the care we provide. This helps us to improve our services to you.
  • We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
  • Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record . For more information see: speak to your practice.
  • You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.

Other important information about how your information is used to provide you with healthcare

Registering for NHS care

  • All patients who receive NHS care are registered on a national database.
  • This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive. This database is held by NHS Digital which has legal responsibilities to collect NHS data.

How we use your medical information

This Practice handles medical records in-line with laws on data protection and confidentiality. Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
This means we can offer patients additional care or support as early as possible. We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe
Information which identifies you will only be seen by this practice. Your consent to the sharing of this data, within the Practice and with those outside the Practice is assumed and allowed by law.

Safeguarding

Sometimes we need to share information so that other people, including healthcare
staff, children or others with safeguarding needs, are protected from risk of harm. These circumstances are rare. We do not need your consent or agreement to do this.
We are required by law to provide you with the following information about how we handle your information.

Devon & Cornwall Care Record

Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive.
This shared system is called the Devon and Cornwall Care Record.
It’s important that anyone treating you has access to your shared record, so they have all the information they need to care for you. This applies to your routine appointments and in urgent situations such as going to A&E, calling 111 or going to an out-of-hours appointment.
It’s also quicker for staff to access a shared record than to try to contact other staff by phone or email.
Only authorised health and care staff can access the Devon and Cornwall Care Record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data – just data that services have agreed is necessary to include.
For more information about the Devon and Cornwall Care Record, please go to www.devonandcornwallcarerecord.nhs.uk

Medical Reports

We use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for.iGPR manages the reporting process for us by reviewing and responding to requests in accordance with our instructions and all applicable laws, including UK data protection laws. The instructions we issue to iGPR include general instructions on responding to requests and specific instructions on issues that will require further consultation with the GP responsible for your care.

Data Protection Officer

Trudy Corsellis,
NHS Kernow CCG,
Sedgemoor Centre,
Priory Road,
St Austell,
PL25 5AS,
Telephone: 01726 627 800

Purpose of the processing

To give direct health or social care to individual patients. For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care. To check and review the quality of care. (This is called audit and clinical governance).

Lawful basis for processing

These purposes are supported under the following sections of the GDPR:
  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’;
  • Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.

Recipient or categories of recipients of the processed data

The data will be shared with:
  • Healthcare professionals and staff in this surgery.
  • Local hospitals.
  • Out of hours services.
  • Diagnostic and treatment centres.
  • Or other organisations involved in the provision of direct care to individual patients.

Rights to object

You have the right to object to information being shared between those who are providing you with direct care. This may affect the care you receive, please speak to the practice. You are not able to object to your name, address and other demographic information being sent to NHS Digital.
This is necessary if you wish to be registered to receive NHS care. You are not able to object when information is legitimately shared for safeguarding reasons. In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.

Right to access and correct

You have the right to access your medical record and have any errors or mistakes corrected. Please speak to the Data Controller or Data Protection Officer at the practice.
We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Retention period

GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at www.digital.nhs.uk
or speak to the practice.

Right to complain

You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link www.ico.org.uk or call the helpline 03031 231 113.

Data we get from other organisations

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.

Child Immunisations

South, Central and West Child Health Information Services (SCW CHIS) is commissioned by NHS England to support the monitoring of care delivered to children. Personal data is collected from the child’s GP record to enable health screening, physical examination and vaccination services to be monitored to ensure that every child has access to all relevant health interventions.
For more information: Fair Processing Notice Child Health Information Services – NHS SCW Support and Transformation for Health and Care

Date published: 18th October, 2014
Date last updated: 24th November, 2023