GDPR – Privacy Notices
Parishes Bridge Medical Practice has a legal duty to explain how we use any personal information we collect about you, as a registered patient at the practice. Staff at this practice maintain records about your health and the treatment you receive in electronic and paper format.
This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.
This Privacy Notice is part of the information to data subjects about how personal data is used. Being transparent and providing accessible information to individuals about how organisations will use their personal information is a key element of Data Protection Regulations.
The Privacy Notice tells you about information we collect and hold about you, the legal basis for collecting and holding the information, what we do with it, how we keep it secure (confidential), who we might share it with and what your rights are in relation to your information
Why do we need your information?
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare. We process data to carry out our role as your General Practitioner in providing you with healthcare.
The legal basis for this purpose is provided by the various NHS and social care acts. The Data Protection Act 2018 section 8 allows us to process data for these purposes. This provides a legal basis for processing under the UK GDPR Article 6 1(e) – task in the public interest.
For special category data, the Data Protection Act section 10 applies (health and social care purpose) and hence UK GDPR Article 9 2(h) – provision of health and social care. There are additionally some situations where other provisions are used; these are given in more detail in the full notice.
The types of data we keep relate to your health and care. These include both personal identifiers (e.g. your name, NHS number) and special category personal data (e.g. your health conditions). Further details are provided in the full notice.
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which the Practice hold about you may include the following information;
- Details about you, such as your address, carer, legal representative, emergency contact details
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations such as laboratory tests, x-rays etc
- Relevant information from other health professionals, relatives or those who care for you
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided
Maintaining confidentiality and accessing your records
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the Data Protection Act 1998 (DPA), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information.
Risk stratification
Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including University Medical Practice; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.
Invoice validation
Your information may be shared if you have received treatment to determine which Clinical Commissioning Group (CCG) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
Medicines Management
The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost-effective treatments.
Opt-outs
Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering a Type 1 opt-out, preventing your information from being shared outside this practice.
What to do if you have any questions
Should you have any questions about our privacy policy or the information we hold about you, you can:
- Contact us via email at syheartlandsicb.parishesbridge@nhs.net – FOA practice manager
- Write to the practice at Parishes Bridge Medical Practice, The Health Centre, Madeira Road, West Byfleet, Surrey, KT14 6DH
- Ask to speak with the practice manager.
Your Rights
You have the right to:
- Receive a copy of your data (Subject Access Request)
- Have your data corrected, erased or restrict processing
- Complain to our Data Protection Officer or the supervisory authority (the Information Commissioner) about our use or handling of your data
If you wish to exercise your rights, please contact the practice in the first instance - details above. You can also contact the Data Protection Officer if you prefer – details are again given above, or you can contact the Information Commissioner (ICO) – details via their website at https://ico.org.uk.
Identity and Contact details of the Data Controller and Data Protection Officer
Practice Contact Details
Parishes Bridge Medical Practice, The Health Centre, Madeira Road, West Byfleet, Surrey, KT14 6DH
01932 336933
Practice ICO Reference Number: Z7478448
Data Protection Officer
You can contact the data protection officer by post at the practice address, addressed for the attention of the Data Protection Officer, or by email to
Name: Adam Spinks
Email: ajspinksltd.surreyheartlandsdpo@nhs.net
Please quote the practice name in any communication. If you wish to exercise your rights, please contact the practice in the first instance - details above. You can also contact the Data Protection Officer if you prefer – details are again given above, or you can contact the Information Commissioner (ICO) – details via their website at https://ico.org.uk.
The Surrey Care Record Update
The Surrey Care Record is an Electronic Health Record (EHR) linking system that brings together patient/client’s information across health and care systems in a secure manner, giving a summary of your information which is held within a number of local records.
For more information see: www.surreyheartlands.uk/surrey-care-record-privacy-notice
Records Management Code of Practice
Data Protection Act 2018 Section 10
Section 251B Health and Social Care Act 2012
Common Law of Duty of Confidentiality