PRACTICE DATA FOR PLANNING AND RESEARCH (GPDPR) DATA COLLECTION
Please click on the link below for more information on the GPDPR. This link also provides a short video detailing how the NHS uses your data.
click on this link for more information on GPDPR - opens new window
The document below details the legal basis for this new data sharing arrangement; GP practices are mandated under the authority of the Secretary of State for Health to provide this information.
click here to read the Secretary of State for Health direction regarding GPDPR
The Data Provision Notice in relation to GPGDR can be read by clicking the link below:
click here to read the DPN in relation to GPDPR (opens new window)
There is information in the DPN how you might choose to Opt Out of having your data used beyond its use towards your direct health and social care (medical treatment). There is a form on the above link.
Alternatively, you can call 0300 3035678 and ask for a form to be posted to you. If you wish to register a Type 1 Opt-out with your GP practice before data sharing starts with NHS Digital, this should be done by returning this form to the surgery by 23 June 2021 to allow time for processing it.
GENERAL PRACTICE TRANSPARENCY NOTICE FOR GPES DATA FOR PANDEMIC PLANNING AND RESEARCH (COVID-19)
This practice is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital.
The health and social care system is facing significant pressures due to the coronavirus (COVID-19) outbreak. Health and care information is essential to deliver care to individuals, to support health, social care and other public services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the coronavirus outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations. This practice is supporting vital coronavirus planning and research by sharing your data with NHS Digital, the national safe haven for health and social care data in England.
OUR LEGAL BASIS FOR SHARING DATA WITH NHS DIGITAL
NHS Digital has been legally directed to collect and analyse patient data from all GP practices in England to support the coronavirus response for the duration of the outbreak. NHS Digital will become the controller under the General Data Protection Regulation 2016 (GDPR) of the personal data collected and analysed jointly with the Secretary of State for Health and Social Care, who has directed NHS Digital to collect and analyse this data under the COVID-19 Public Health Directions 2020(COVID-19 Direction).
All GP practices in England are legally required to share data with NHS Digital for this purpose under the Health and Social Care Act 2012 (2012 Act). More information about this requirement is contained in the data provision notice issued by NHS Digital to GP practices.
Under GDPR our legal basis for sharing this personal data with NHS Digital is Article 6(1)(c) - legal obligation. Our legal basis for sharing personal data relating to health, is Article 9(2)(g) – substantial public interest, for the purposes of NHS Digital exercising its statutory functions under the COVID-19 Direction.
THE TYPE OF PERSONAL DATA WE ARE SHARING WITH NHS DIGITAL
The data being shared with NHS Digital will include information about patients who are currently registered with a GP practice or who have a date of death on or after 1 November 2019 whose record contains coded information relevant to coronavirus planning and research. The data contains NHS Number, postcode, address, surname, forename, sex, ethnicity, date of birth and date of death for those patients. It will also include coded health data which is held in your GP record such as details of:
diagnoses and findings
medications and other prescribed items
investigations, tests and results
treatments and outcomes
vaccinations and immunisations
HOW NHS DIGITAL WILL USE AND SHARE YOUR DATA
NHS Digital will analyse the data they collect and securely and lawfully share data with other appropriate organisations, including health and care organisations, bodies engaged in disease surveillance and research organisations for coronavirus response purposes only. These purposes include protecting public health, planning and providing health, social care and public services, identifying coronavirus trends and risks to public health, monitoring and managing the outbreak and carrying out of vital coronavirus research and clinical trials. The British Medical Association, the Royal College of General Practitioners and the National Data Guardian are all supportive of this initiative.
NHS Digital has various legal powers to share data for purposes relating to the coronavirus response. It is also required to share data in certain circumstances set out in the COVID-19 Direction and to share confidential patient information to support the response under a legal notice issued to it by the Secretary of State under the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations).
Legal notices under the COPI Regulations have also been issued to other health and social care organisations requiring those organisations to process and share confidential patient information to respond to the coronavirus outbreak. Any information used or shared during the outbreak under these legal notices or the COPI Regulations will be limited to the period of the outbreak unless there is another legal basis for organisations to continue to use the information.
Data which is shared by NHS Digital will be subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of data necessary to achieve the coronavirus purpose will be shared. Organisations using your data will also need to have a clear legal basis to do so and will enter into a data sharing agreement with NHS Digital. Information about the data that NHS Digital shares, including who with and for what purpose will be published in the NHS Digital data release register.
For more information about how NHS Digital will use your data please see the NHS Digital Transparency Notice for GP Data for Pandemic Planning and Research (COVID-19).
NATIONAL DATA OPT-OUT
The application of the National Data Opt-Out to information shared by NHS Digital will be considered on a case by case basis and may or may not apply depending on the specific purposes for which the data is to be used. This is because during this period of emergency, the National Data Opt-Out will not generally apply where data is used to support the coronavirus outbreak, due to the public interest and legal requirements to share information.
YOUR RIGHTS OVER YOUR PERSONAL DATA
To read more about the health and care information NHS Digital collects, its legal basis for collecting this information and what choices and rights you have in relation to the processing by NHS Digital of your personal data, see:
the NHS Digital GPES Data for Pandemic Planning and Research (COVID-19) Transparency Notice
the NHS Digital Coronavirus (COVID-19) Response Transparency Notice
the NHS Digital General Transparency Notice
how NHS Digital looks after your health and care information
Wells City Practice – Your information, what you need to know
(If you want to speak to us about your data, please see our ‘contact’ page)
This notice describes why we collect information about you, how your information will be used and your rights in respect of your data.
Why we collect information about you
Your records are used to ensure you get the best possible care. Your information helps them to make the best decisions about your care and helps provide you with proactive advice and guidance. Important information is also collected to help us to remind you about specific treatment which you might need, such as health checks, immunisations for children and reminders for screening appointments. We work with other NHS services to co-ordinate these.
Information held about you may be used to help protect the health of the public and to help us to improve NHS services. Information may be used within the GP practice to monitor the quality of the service provided (known as ‘clinical audit’).
What data do we collect and receive about you?
Records are stored electronically and on paper and include personal details about you such as your address, carers, legal representatives, emergency contact details, as well as:
- Any appointments, visits, emergency appointments
- Notes and reports about your health
- Details about your diagnosis, treatment and care
- Details about any medication you are taking
- Results of investigations such as laboratory tests, x-rays
- Relevant information from health and care professionals, relatives or carers
We also receive information from other organisations that are caring for you that we hold in your record. This will include letters and test results.
How we use your information: For providing your care
Where you have agreed we will send information on your prescriptions to pharmacies, either by electronic systems or by paper.
Test requests and results
Where we undertake tests on you, such as blood tests, we will send the sample and details of the tests we are requesting to the most appropriate pathology laboratory. The data shared with the laboratory will include your NHS number, name, the type of test requested and any health information relevant to doing the test and producing the result or report. We will receive the test results back from the laboratory electronically and these will be stored in your patient record.
Extended services and out of hours
We work closely with neighbouring practices and ‘out of hours’ providers including NHS 111 to ensure that if you need care from a doctor outside of normal hours that they have access to your records when needed to give you the best possible care. This may be delivered over the phone or via video consultation as appropriate. Services may be run by ‘GP Federations’ and ‘Primary Care Networks’.
With your agreement, your GP or Nurse may refer you to other services not provided by the practice, or they may work with other services to provide your care in the practice. Information will be shared by letters, emails and shared record systems.
Once you have been seen, the other care agency will tell us about the treatment they have provided for you and any support which your GP needs to provide. This information is then included in your record. Referrals can be to lots of different services, such as smoking cessation services, social prescribers, voluntary services and other health and care agencies, as appropriate, for your care.
Hospital, Community or Social Care Services
Sometimes the staff caring for you need to share some of your information with others who are also supporting you. This could include hospital or community based specialists, nurses, health visitors, therapists or social care services. Information will be shared to organisations where you receive care, whether that is local or further away, if you need specialist care or emergency care in another.
Shared computer systems
Health and Social care services are developing shared systems to share data efficiently and quickly. It is important for anyone treating you to be able to access your shared record so that they have all the information they need to care for you. This will be during your routine appointments and also in urgent situations such as going to A&E, calling 111 or going to an Out of hours appointment. It is also quicker for staff to access a shared record than to try to contact other staff by phone or email.
Only authorised staff can access the systems and the information they see is carefully checked so that it relates to their job. Systems do not share all your data, just data which services have agreed is necessary to include.
For more information about shared care records, please visit: The SIDeR Website
Safeguarding of children or vulnerable adults
If we have significant concerns or hear about an individual child or vulnerable adult being at risk of harm, we may share relevant information with other organisations, such as local authorities and the Police, involved in ensuring their safety.
Ensuring medicines work well
We work with the local Medicines Management team of the Clinical Commissioning Group to help get the best out of medicines for patients and ensure they are effective in managing conditions. This generally uses anonymous data, but occasionally they will assist in reviews of medication for patients with complex needs. Doctors may also seek advice and guidance on prescribing queries.
Identifying health risks
Systems known as ‘risk stratification tools’ are used to help determine a person’s risk of suffering particular conditions and enable us to focus on preventing ill health before it develops. Information in these systems comes from a number of sources, such as hospitals and the practice. This can help us identify and offer you additional services to improve your health.
Multi-disciplinary team meetings
For some long term conditions, such as diabetes, the practice participates in meetings with staff from other agencies involved in providing care, to help plan the best way to provide care to patients with these conditions.
National Services (including screening programmes)
There are some national services like National Diabetes Audit and the National Cancer Screening Programmes that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cervical, breast or bowel cancer screening.
You can find out more about how the NHS holds and shares your information for national programmes on the NHS Screening Website. Please visit: NHS Screening Website
Data may also be shared on anyone who contracts a ‘communicable disease’, such as Covid 19, in order to manage public health and safety.
How we use your information: beyond providing your care
The information collected about you when you use our services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning new services
- public health screening
- assisting the Care Quality Commission with any investigations
- investigating fraud
Wherever possible data used for these purposes is anonymised so that you cannot be identified. If information cannot be completely anonymous, then this may only take place when the law allows the information to be used. All these uses help to provide better health and care for you, your family and future generations.
Sometimes we are duty bound by laws to disclose information to organisations such as the Care Quality Commission, the Driver and Vehicle Licencing Agency, the General Medical Council, Her Majesty’s Revenue and Customs and Counter Fraud services. In these circumstances we will always try to inform you before we are required to disclose and we only disclose the minimum information that the law requires us to do so.
Objecting to the of use of data for purposes beyond your care
The NHS Constitution states ‘You have a right to request that your personal and confidential information is not used beyond your own care and treatment and to have your objections considered’. For further information please visit: The NHS Constitution Website
National data opt-out
The national data opt-out enables patients to opt-out from the use of their personal confidential data for research or planning purposes. To find out more or to register to opt out, please visit: NHS Your Data Matters Website
If you have any concerns about use of your data not covered by the National Data Opt out, please contact the practice.
How long do we hold information for?
Records are kept for the lifetime of the patient. If you move to a new practice, your record will be transferred. If the practice you have left need to access your record, for example to deal with a historic complaint, they will let you know. When information has been identified for destruction or deletion it will be disposed of using approved confidential disposal procedures.
Data Protection laws give you a number of rights, including access to your data, correction, erasure, objection and restriction of use of your data. Details on how to request access to your data are set out below. If you have any concerns about the accuracy and use of your records, please contact us.
Right of Access to your information (Subject Access Request)
You have the right to have a copy of the information we hold about you. There are some safeguards regarding what you will have access to and you may find information has been removed for the following reasons.
- Where your doctor has decided that some information may cause significant harm to you or someone else
- Where the information is about someone else (third party) and is confidential to them
You can make a request by asking or writing to the practice. We may ask you to complete a form so that we have a record of your request. You will need to provide proof of identity.
If you would like to access your GP record online please visit our website: Wells City Practice
Lawful basis for processing:
The use of personal data for providing care is supported under the following Article 6 and 9 conditions of the GDPR:
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Change of Details
It is important that you tell us as soon as you can if any of your details such as your name or address, email address or mobile number have changed. This is to make sure no information about you is sent to an old address.
Mobile telephone number
If you provide us with your mobile phone number, we may use this to send you text reminders about your appointments or other health screening information. Please let us know if you do not wish to receive text reminders on your mobile.
Where you have provided us with your email address we will use this to send you information relating to your health and the services we provide. If you do not wish to receive communications by email, please let us know.
Any changes to this notice will be published on our website and in a prominent area at the Practice.
Data Protection Officer
Should you have any questions or concerns about your data, please contact our Data Protection Officer Kevin Caldwell via the following:
Telephone: 01935 384000
Right to complain
If you have concerns or are unhappy about any of our services, please contact the Practice on 01749 601333 or use the Practice Complaints page on the practice website. Please visit: Suggestions and Complaints (wellscitypractice.nhs.uk)
For independent advice about data protection, privacy and data-sharing issues, you can contact:
The Information Commissioner
Phone: 0303 123 1113 Visit the ICO Website: Information Commissioners Office Website
We are committed to protecting the privacy of all individuals using this website.
This policy explains how we use any personal information we collect from you through this website.
Collection of personal information
You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.
Use of personal information
We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:
We shall use your personal information to administer, and may respond to, your request.
We shall securely store the information you supply together with any response we may provide.
If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.
This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.
All data obtained by us is held and used in compliance with the Data Protection Act 2018.
This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.
Access to your personal information
You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.