The practice complies with Data Protection and Access to Medical Records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases Anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Everyone who works for the NHS has a legal duty to keep information about you confidential. We will only provide information to those who are authorised to receive it and who will keep it confidential. Whenever possible any information passed on will be anonymised.
Use of your contact details
We may try to contact you using the mailing address, land line telephone number, mobile telephone number (including text messaging) or email address that you provide. This may be for, amongst other things, appointment reminders, information about special clinics or to request information from you. If you prefer not to be contacted by one or more of these means then please let us know so that we can record your preferences.
Data Protection Notice
We ask you for information about yourself so that you can receive proper care and treatment. All personal information (updated as appropriate), together with details of your care, is stored in your medical record which is held on paper and computer. All members of the practice are contractually and ethically obliged to maintain the confidentiality of your medical record at all times, even after leaving the practice. Just because we hold the data does not give every member of staff the right to look at it. Anyone viewing your medical record must have a valid reason to do so in the course of performing their job. All computer held records have an audit trail of activity by all users.
Officially, your medical record is the property of the Secretary of State for Health. However, we are considered to be the Data Controller and therefore responsible for the confidentiality of your medical record whilst you are registered as a patient with us.
We are required to share certain identifiable data about you with other parts of the NHS in relation to financial claims. This will ordinarily just be your NHS number. We also share demographic and relevant clinical details within the NHS for the purpose of operating recall systems, eg childhood immunisations, cancer screening and diabetic retinopathy programmes.
If you require care from another healthcare provider, eg a referral to see a specialist, then we will need to share relevant information about you and your care. We assume that you consent to this sharing if you are in agreement with the need for the referral.
The information we hold about you may be used for secondary purposes. This includes planning health services, clinical audit, monitoring the spread of disease (epidemiology) etc. Your personal details are never disclosed for secondary purposes, only relevant clinical data is provided, for example the total number of people registered with us who have diabetes.
We will never disclose any information about you to a third party without your consent, unless required to do so by law.
Access to Records
If you wish to request access to your medical records under the terms of the Data Protection Act 1998 then you should apply in writing to the Data Controller. You should include your name, date of birth and the address that we will have on your file. Such requests must be accompanied by a signature and you are therefore advised to write or fax. Please note that you are required to pay a fee for this service. Further information about your rights under this Act are available from the Information Commissioner's website.
Privacy information leaflet for children
Ailsa Craig Medical Practice
270 Dickenson Road, Longsight, Manchester, M13 0YL
0161 224 5555
What is a privacy notice?
A privacy notice helps your doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your healthcare record.
Why do we need one?
Your doctor’s surgery needs a privacy notice to make sure it meets the legal requirements which are written in a new document called the General Data Protection Regulation (or GDPR for short).
What is the GDPR?
What a great question! The GDPR is a new document that helps your doctor’s surgery keep the information about you secure. It’s new and will be introduced on the 25th May 2018, making sure that your doctor, nurse and any other staff at the practice follow the rules and keep your information safe.
How do you know about our privacy notice?
At your surgery, we have posters in our waiting room and leaflets to give to children and adults and we also have lots of information about privacy on our website, telling you how we use the information we have about you.
What information do we collect about you?
Don’t worry; we only collect the information we need to help us keep you healthy – such as your name, address, information about your parents or guardians, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays and any other information to enable us to care for you.
How do we use your information?
Another great question! Your information is taken to help us provide your care. But we might need to share this information with other medical teams, such as hospitals, if you need to been seen by a special doctor or sent for an X-ray. Your doctor’s surgery may be asked to help with exciting medical research; but don’t worry, we will always ask you, or your parents or adults with parental responsibility, if it’s okay to share your information.
How do we keep your information private?
Well, your doctor’s surgery knows that it is very important to protect the information we have about you. We make sure we follow the rules that are written in the GDPR and other important rule books.
What if I’ve got a long-term medical problem?
If you have a long-term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them help you, making sure you get the care you need when you need it!
Don’t want to share?
All of our patients, no matter what their age, can say that they don’t want to share their information. If you’re under 16 this is something which your parents or adults with parental responsibility will have to decide. They can get more information from a member of staff at the surgery, who can also explain what this means to you.
How do I access my records?
Remember we told you about the GDPR? Well, if you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). Your parents or adults with parental responsibility will do this on your behalf if you’re under 16. But if you are over 12, you may be classed as being competent and you may be able to do this yourself.
What do I do if I have a question?
If you have any questions, ask a member of the surgery team or your parents or adults with parental responsibility. You can:
- Contact the practice’s data controller via email at firstname.lastname@example.org. GP practices are data controllers for the data they hold about their patients
- Write to the data controller at 270 Dickenson Road, Longsight Manchester, M13 0YL
- Ask to speak to the practice manager Karen Cullen, or their deputy Rebecca Phillips
The Data Protection Officer (DPO) for Ailsa Craig Medical Practice is [DPO TBC] and he/she is based at Manchester CCG.
What to do if you’re not happy about how we manage your information
We really want to make sure you’re happy, but we understand that sometimes things can go wrong. If you or your parents or adults with parental responsibility are unhappy with any part of our data-processing methods, you can complain. For more information, visit ico.org.uk and select ‘Raising a concern’.
We always make sure the information we give you is up to date. Any updates will be published on our website, in our newsletter and leaflets, and on our posters. This policy will be reviewed on [insert review date].
 BMA GPs as data controllers under the GDPR