Dr Norris, Dr Gorecka, Dr Burgess and Dr Paterson
Data Security and Protection Policy
The Data Protection Act 1998 (DPA) and General Data Protection Regulations (GDPR 2018) requires a clear direction on Policy for security of information within the Practice.
The policy provides direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information.
Data Protection Principles:
We support and fully comply with eight principles of the Act as summarised below. We will ensure a patient’s data is:
- Used fairly and lawfully
- Used for limited, specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Kept for no longer than absolutely necessary
- Handled according to people’s data protection rights
- Kept safe and secure
- Not transferred outside the EEA without adequate protection
The following is a Statement of Policy which will apply:
- The Practice is committed to security of patient and staff records.
- The Practice will make available information on Access to Medical Records and Data Protection for patients in our handbook and our website.
- The Practice will take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant.
- This will include training on Confidentiality issues and Information Governance, DPA principles, working security procedures and the application of Best Practice in the workplace.
- The Practice will undertake arrangements for the backup and recovery of data in the event of an adverse event.
- The Practice will maintain a system of “Significant Event Reporting” through a no-blame culture to capture and address incidents which threaten compliance.
- DPA issues will form part of the Practice general policies.
Protecting and using your personal and medical information
All the information you give to a member of the Primary Health Care Team (PHCT) (e.g. doctor, practice or district nurse, health visitor) which is held either on paper records or computer is safeguarded by the Data Protection Act 1998. This Act sets out clear rules about how the recorded information can be used and demands openness about how the information is used. It also gives you certain rights, e.g. you have the right of access to your to your health records. If you want to see your record you should contact to us. You have the right to receive a copy of your record or you may access your medical record via EMIS online services.
- At all times, everybody working for the NHS – i.e. all the members of the PHCT – has a legal duty to keep information about you confidential.
Why do we need information about you?
We have to ask you for information so that we can make a decision about the best care and treatment for your needs.
This information and the information about the care you receive are often kept on paper record or on computer because we might need it when we see you again or you have questions about your care or treatment.
Your record will include your:
- Name, address, date of birth, telephone number and next of kin
- Treatments, for example your tablets and medicines
- Injections/immunisations against diseases or illnesses like tetanus, influenza, whooping cough, polio
- Information from other health professionals such as nurses, health visitors, physiotherapists
- Results of tests such as x-rays and blood tests
- Letters from an inpatient stay or an outpatient appointment.
What else do we do with this information?
In some cases the GP has to pass on information about your treatment or care so the Practice can get paid for it, for example, GP’s declare when cervical screening and certain childhood vaccinations have been performed. Your GP might need to ask the CCG to fund certain elements of your care and for this we may need to give the CCG details of your personal and clinical records.
The GP needs to notify Primary Care Support England (PCSE) when you first register and your entire health record will be sent to the PCSE when you change your GP. The PCSE will then pass these records over to your new GP.
If you are referred to a specialist (e.g. consultant) or need assistance in your treatment or management (e.g. require a wheelchair, need help from social services, counselling etc.) relevant information about you will be passed on so we can all work together for your benefit.
The information is also used for doctors and nurses/health professionals who are learning about health and treatments.
If you were to see a nurse or doctor in the Gosport HUB, they would be able access your medical record via a joint clinical computer system. You would be asked to give permission for this to happen, before an appointment is made.
Sometimes other people are allowed to look at your health records without asking you:
- The law demands that details of patients with certain serious infectious diseases that can spread, like measles or meningitis, have to be passed on to the authorities so action can be taken to protect the public’s health. You can receive a list of all notifiable diseases from the CCG,
- The law demands that information is passed on if a serious crime (e.g. murder, manslaughter, rape, child abuse, kidnapping) can be prevented.
- When a baby is born the registrar working for the government must be told.
- If you are not well and are a danger to yourself or to others, doctors and nurses might have to tell other people who can help you to keep safe and get the right treatments for you.
- Information about you may also be needed to review the care you receive to make sure it is of the highest standard. It is used for the managing and planning of the NHS, so that services can meet patient needs in the future, accounts can be audited and the NHS performance and activity analysed.
However, we will only pass information on to people who really need to know it and have a genuine interest and we also will only pass on as much information as is absolutely necessary.
You can choose whether or not to be involved in the training and education of staff or students and if you want to participate in clinical trials or other research projects.
Anyone to whom information about you is passed by a member of this practice is also under a legal duty to keep it confidential.
Partner organisations with which information about you may be shared are:
- NHS England and PCSE
- NHS Trusts
- Ambulance service
- Social services
- Education services
- Voluntary and private sector providers
Without your authorisation we cannot pass on information about the progress of your health to your relatives, friends and carers.
If you would like further information please do not hesitate to contact our Practice Manager:
Mrs Suzanne Ayles
Gosport Medical Centre
Tel: 02392 583302
Everyone working in this Practice and for the NHS has a legal duty to keep information about you confidential.
Sometimes we have to pass your information on, but anyone who receives this information is also under a legal duty to keep this information confidential.
Update May 2018
Review January 2020