Data Protection

GDPR and Privacy Notices

Selsey Medical Practice is aware of and adheres to the General Data Protection Regulations (GDPR).  This webpage provides details of our compliance.

Selsey Medical Practice will comply with GDPR article 30(1) and will document in writing and maintain a record of our processing activities, covering areas such as processing purposes, data sharing and retention. This information is available to patients in the following Privacy Notices:

Please note these Privacy Notices are likely to be updated. 

How your information is shared so that this practice can meet legal requirements

The law requires Selsey Medical Practice to share information from your medical records in certain circumstances other than during the normal course of your health care. Information is shared so that the NHS or Public Health England can, for example: 

  • plan and manage services;
  • check that the care being provided is safe;
  • prevent infectious diseases from spreading.

We must also share your information if a court of law orders us to do so. 

We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so.

Please see the detailed explanations below for more information.

COVID 19 and your information

Updated on 9th April 2020

Supplementary privacy notice on Covid-19 for Patients

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak.  It supplements our main Privacy Notice.

The health and social care system is facing significant pressures due to the COvid-19 outbreak.  Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health.  Information will also be vital in researching, monitoring, tracking and managing the outbreak.  In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law, the Secretary of State has required NHS Digital; NHS England and bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak.  Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.  Further information is available on gov.uk here and some FAQs on this law are available here.

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information.  This includes National Data Opt-Outs. However in relation to the Summary Care Record, existing choices will be respected.  Where data is used and shared under these laws your right to have personal data erased will also not apply.  It may also take us longer to respond to Subject Access Requests (SARs), Freedom of Information requests (FOIs) and new opt out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information included health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text message or email.

During this period of emergency we may offer you a consultation via telephone or video conferencing. By accepting the invitation and entering the consultation you are consenting to this.  Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak.  Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.

NHS England and Improvement and the NHSX have developed a single, secure store to gather data from across the health and care system to information the Covid-19 response.  This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital.  New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patient themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you.  Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

We may amend this Privacy Policy at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.

COVID-19 Research and Planning

Purpose

Personal confidential and Special Category data will be extracted at source from GP systems for the use of planning and research for the Covid-19 pandemic emergency period. Requests for data will be required from NHS Digital via their secure NHSX SPOC Covid-19 request process.  

Legal Basis

NHS Digital has been directed by the Secretary of State under section 254 of the 2012 Act under the COVID-19 Direction to establish and operate a system for the collection and analysis of the information specified for this service: GPES Data for Pandemic Planning and Research (COVID-19). A copy of the COVID-19 Direction is published here:

COVID-19 Public Health Directions 2020

Patients who have expressed an opt out preference via Type 1 objections with their GP surgery, not to have their data extracted for anything other than their direct care will not be party to this data extraction.

Processor

NHS Digital NHS X

NHS Digital

  • NHS Digital is a national body which has legal responsibilities to collect information about health and social care services. 
  • It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
  • This practice must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.

More information about NHS Digital and how it uses information can be found at: https://digital.nhs.uk/home

Care Quality Commission (CQC)

  • The CQC regulates health and social care services to ensure that safe care is provided.
  • The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk. 

For more information about the CQC see: http://www.cqc.org.uk/

Public Health England

  • The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population.
  • We will report the relevant information to local health protection team or Public Health England.

For more information about Public Health England and disease reporting see: https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report

Freedom of Information

Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice management.

Working with other Organisations, Managing your record

Our Computer System is set-up so that your electronic patient record is stored remotely on a secure server.

If you receive direct care from any of the organisations below they can gain access to this record. This helps them to provide the best care for you.   

Some older paper notes are also held in secure onsite storage. We scan in any confidential printed material which arrives at the surgery. It is then disposed of using a professional service.

Community Nursing Team

Onecall & Echo

St Wilfrid’s Hospice

GP Extended Access

Other providers of health care

Storage and Disposal

The nurses and other health professionals who work in the community and visit patients at their home

The team who coordinate Urgent Care and End of Life Care in the community

The team who Provide Tailored End of Life Care in the Community & at their Chichester Hospice

The new Minor Injury & Minor Illness clinics providing additional GP Appointments

For example Emergency Practitioners who treat minor injuries in the Bognor War Memorial Hospital

SystmOne Clinical system

Confidential waste disposal

 

The direct care  organisations owe the medical records a duty of confidentiality, and will use implied consent to access them.  But they will also ask for your consent before opening your GP record.

Some patients may also have a SCR or care plan held on other forums.  In a life or death situation these organisations do not need consent to access your record. In this case the legal basis for this is Article  6 1 (d) vital interests. 

Important Information

We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data.

Data Controller contact details

Nicola Collins, Practice Manager

Selsey Medical Practice

High Street

Selsey

PO20 0QG

 Data Protection Officer contact details

Trudy Slade

NHS South 

1 The Causeway

BN12 6BT

Purpose of the processing

Compliance with legal obligations or court order.

Lawful basis for processing

The following sections of the GDPR mean that we can share information when the law tells us to.

  1. Where we have a contract with an organisation we are sharing with or we are obliged to share as in HMRC - Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’
  2. When we share patient information with another provider of health care it is in line with - Article 6 1 (e )  ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’

  3. Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’
  4. We will be sharing different types of data with these organisations, and for a different legal basis;
    The data will be shared with NHS Digital.
    The data will be shared with the Care Quality Commission.
    The data will be shared with our local health protection team or Public Health England.
    The data will be shared with the court if ordered.

Rights to object and the National Data Opt-out

There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.

 NHS Digital

  • You have the right to object to information being shared with NHS Digital for reasons other than your own direct care.
  • This is called a ‘Type 1’ objection – Type 1 objections are local (GP) objections, where the GP surgery has to record a code and not share any patient personal information for any purpose other than for direct care.
  • Please note: The ‘Type 1’ objection, however, will no longer be available after 2020.
  • This means you will not be able to object to your data being shared with NHS Digital when it is legally required under the Health and Social Care Act 2012.

National Opt Out

  • The national data op-out model provides you with an easy way of opting-out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons.
  • To opt-out or to find out more about your opt-out choices please go to NHS Digital’s website: https://www.nhs.uk/your-nhs-data-matters/

 Public health

  • We may share information with public health under Articles 6 1 (c) and 9 2 (i). This means that you are unable to object.

Care Quality Commission

  • Legally information must be shared when the Care Quality Commission needs it for their regulatory functions. This means that you are unable to object.

 Court order

  • Your information must be shared if it is ordered by a court. This means that you are unable to object.

Access to Records, Corrections, Retention and Complaints

Right to access and correct

  • You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff to find out how to see your medical record

We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Retention period

Right to complain

  • You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/  or call the helpline 0303 123 1113