Your data, privacy and the Law
How we use your medical records
General Data Protection Regulations (GDPR)
Station House Surgery has a legal duty to explain how we use any personal information we collect about you as a patient of this practice. This is called a Privacy Notice.
We must comply with the General Data Protection Regulation (GDPR) and ensure that information is provided to patients about how their personal data is processed in a clear and concise manner.
WHAT IS GDPR?
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and requires that personal data be processed according to many of the same principles as the current Data Protection Act 1998. It is designed to harmonise data privacy laws across Europe, to protect all EU citizens’ data privacy and re-shape the way organisations approach data privacy.
WHAT INFORMATION DO WE COLLECT?
We collect information that helps the delivery of effective medical care, such as: name, address, date of birth, next of kin, appointments, your health records, treatments, medications, immunisations, test results and so on.
HOW DO WE USE YOUR INFORMATION?
- We use your data to provide patient care. We are legally obliged to disclose this information if the law requires us to do so (this is called ‘lawful basis’. For example if we are inspected or reporting certain illnesses or safeguarding vulnerable people. We can also disclose information if you give consent or if it is justified in the public interest.
- We share medical records with health professionals for example A&E, Out of Hours etc - who are involved in providing you with care and treatment.
- Data about you is used to manage national screening campaigns such as Flu, Cervical cytology and Diabetes prevention.
- We are a Research Accredited practice. This means that we may use patient non-identifiable information to support specific medical research programmes. We would not share any information about you that is identifiable. Should this be the case then we will ask your permission.
Station House Surgery is committed to maintaining confidentiality and protecting information we hold about you. We adhere to the General Data Protection Regulation (GDPR), NHS Code of Confidentiality & Security as well as guidance provided by the Information Commissioner’s Office (ICO).
Risk stratification techniques are used by the NHS to determine a person’s risk of suffering a particular condition, preventing an unplanned or readmission to hospital and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. Information is then electronically processed and given a risk score. This is relayed to your GP who can decide on any necessary actions.
In order for the Practice to be paid, basic and relevant necessary data about you may need to be transmitted securely & confidentiality to NHS payment services. The release of this data is required by English Law and is not used for any other purposes or shared with third parties.
WHAT THIS MEANS TO YOU
- You have the right to object to your information being shared. Please speak to Reception to let us know. We may not be able to withhold information about you if we have ’compelling legitimate grounds’ to share.
- You have the right to access the information we hold about you. This is called a ‘Subject Access Request’. Please speak to Reception who will help with this. You can receive a copy of your medical record free of charge.
- You have the right to have any inaccurate data in your record corrected.
Data Controller, Station House Surgery, Station Road, Kendal LA9 6SA
Contact us on 01539 722660 and ask to speak to the Practice Manager.
We hope you are happy with the information we have provided regarding our data-processing methods. However, if not and you do not feel that we can resolve it then you have the right to lodge a complaint with the Information Commissioners Office (ICO). www.ico.org.uk.