Privacy Notice

The purpose of this notice is to inform you of the type of information that the surgery holds; how that information is used; who we may share that information with; and how we keep it secure and confidential.

The surgery has a duty to ensure that your personal data is kept confidential, secure and used appropriately.

What Kind Of Information Do We Use?

There are different types of information collected and used across the NHS. It should be noted that information which cannot identify an individual does not come under the Data Protection Act 2018.

We use the following types of information/data:

  • Anonymised data, which is data about you but from which you cannot be personally identified.
  • De-identified data with pseudonym identifier, which is data about you but we are able to track you through the patient pathway without using your personal information, and you cannot be personally identified.
  • De-identified data with weakly pseudonym identifier such as the NHS number. We use this to link two or more types of datasets together using your NHS number.
  • Personal data which you can be personally identified from (this includes information such as your name and address).
  • Special category data which tells us something about you (this includes information such as your ethnicity and health information).

We will only use information that may identify you (known also as personal confidential data) in accordance with the: Data Protection Act 2018.

The Data Protection Act requires us to have a legal basis if we wish to process any personal information.

What Do We Use Your Information For?

We hold your medical record so that we can provide you with safe care and treatment. We will also use your information so that our surgery can check and review the quality of care we provide, this helps us to improve the service we provide to you.

We shall share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital or your GP will send details about your prescription to your chosen pharmacy.

Aside from sharing information directly for your care, there are some other purposes that we may share data for, including:

Risk Stratification

Risk stratification is a process GPs use to help them to identify a person who may benefit from a targeted healthcare intervention and to help prevent un-planned hospital admissions or reduce the risk of certain diseases developing such as type 2 diabetes. This is called risk stratification for case-finding. As part of this, our surgery uses a primary care software system called Eclipse by Prescribing Services.

Suffolk Primary Care Practices are working with Ipswich Hospital to bring free at-home heart rhythm checks to patients. We are working with Prescribing Services to identify eligible patients who may benefit from checking their heart rhythm. Patients will be invited via text message to find out more about the project and to complete a short questionnaire. This information will be held by Prescribing Services in an anonymous format.

Website: www.esneft.nhs.uk/atrial-fibrillation

Population Health Management (PHM)

This work is aimed at improving the health of both local and national populations.

It is about improving the physical and mental health outcomes and wellbeing of people and making sure that access to services is fair and equal. It helps to reduce the occurrence of ill-health and looks at all the wider factors that affect health and care.

Population Health Management (PHM) Privacy Notice

NHS Digital

NHS Digital is a national body which has legal responsibilities to collect information about health and social care services. It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.

This surgery must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.

The General Practice Extraction Service (GPES) collects information for a wide range of purposes, including providing GP payments. It works with the Calculating Quality Reporting Service (CQRS) and GP clinical systems as part of the GP Collections service.

Website: www.digital.nhs.uk/services/general-practice-extraction-service

Care Quality Commission (CQC)

The CQC regulates health and social care services to ensure that safe care is provided. The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk.

Website: www.cqc.org.uk

Public Health

The law requires us to share data for public health reasons, for example, to prevent the spread of infectious diseases or other diseases which threaten the health of the population.

We will report the relevant information to local health protection team or Public Health England.

Who do we share your information with?

We may share your information with other parties dealing with your care. When we do this we will inform you first unless we have a legal basis.

We will not share your information with marketing organisations or other organisations that could cause you harm or lead to intrusive contact.

Some examples are:

  • Local Council
  • Hospital
  • Mental Health Trust
  • Ambulance Service
  • Care Homes
  • Social Care
  • Safeguarding
  • Integrated care board (ICB)
  • Clinical system providers
  • Police
  • Coroner
  • Confidential Waste removal company
  • Medical Examiners

The Suffolk Primary Care Partnership has signed a Suffolk Wide Information Sharing Agreement which allows health and social care providers to agree a secure and lawful way to share your information.

Summary Care Record

The Summary Care Record (SCR) is a national NHS programme which allows information about you – such as allergies and medications – to be shared between clinicians to support urgent care across the country. Adding ‘additional information’ to your Summary Care Record, such as significant medical history, makes it a much more useful source of information for emergency departments and the ambulance service if they need to treat you wherever you are in the country.

More information is available at NHS: How to get your medical records

Please note that in response to the coronavirus (COVID-19) pandemic, additional information will be included in Summary Care Records for patients by default, unless they have previously told the NHS that they did not want their information to be shared. This will improve the flow of information across the health and care system, increase safety, and improve care.

More information can be found at NHS: Additional Information in SCR

Sharing when Required by Law

We will keep you informed of how your data is used through this privacy notice, however please note that there may be times when we may not notify you such as for the prevention and detection of crime, safeguarding purposes, or as requested by a Court Order. We will only do this when the law requires us to do so.

Primary Care Networks

We are a member of the East Suffolk Primary Care Network (PCN). This means we will be working closely with a number of other Practices and health and care organisations to provide healthcare services to you. During the course of our work we may share your information with these Practices and health care organisations/professionals. We will only share this information where it relates to your direct healthcare needs.

When we do this, we will always ensure that appropriate agreements are in place to protect your information and keep it safe and secure. This is also what the Law requires us to do.

If you would like to see the information the PCN holds about you please contact the Practice Manager. See also your rights as a patient listed below.

Covid Privacy Information

Website: COVID-19: notification to GPs and NHS England to share information

Multi-disciplinary Meetings

Multidisciplinary teams (MDTs) are teams of professionals from different disciplines in primary, community, social care and mental-health services who work together to plan a patient’s care.

Social Prescribing

Social Prescribing enables GPs, nurses and other primary care professionals to refer people to a range of local, non-clinical services. NHS England describes social prescribing as “enabling all local agencies to refer people to a link worker”. Link workers – known locally as Community Connectors – give people time and focus on what matters to the person.

They connect people to community groups and agencies for practical and emotional support. If you have an appointment with a Community Connector, only limited information would be passed on. There are agreements in place to protect your data.

Diabetic Eye Screening

The Diabetic Eye Screening Programme in this area is provided by Health Intelligence after they were awarded the contract by NHS England Midlands and East to continue provision of the service from 1 April 2016. All patients aged 12 and over, with a diagnosis of diabetes will be referred by their GP surgery to the diabetic eye screening programme. You can find more information about this service as www.eadesp.co.uk.

Text Messages

Please note that we will use your mobile number to text you with information regarding your care such as appointment reminders, vaccination invitations and health check invitations.

Please let us know if you would not like your mobile number used for this purpose.

Call Recording

Please note that all our practices record their calls for training and quality purposes.

CCTV

CCTV is in place in the following practices:

  • Norwich Road Surgery, Ipswich

Research

As a research-active organisation, we may invite you to participate in research studies that may be of interest to you. This may be done via letter, text message and/or by phone. It is up to you to decide whether or not to take part.

This practice contributes to the Clinical Practice Research Datalink.

Information in patient records is important for medical research to develop new treatments and test the safety of medicines. This practice supports medical research by sending some of the information from patient records to the Clinical Practice Research Datalink (CPRD).

If you do not want anonymised information from your patient record to be used in research you can opt out by speaking to your doctor.

Community Pharmacist Consultation Service

The NHS Community Pharmacist Consultation Service (CPCS) is a national Advanced Service to refer patients requiring low acuity advice and treatment to their local community pharmacist, for a consultation.

NHS Community Pharmacist Consultation Service Privacy Notice

How Do We Protect Your Information?

All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff will receive appropriate training on confidentiality of information and staff who have regular access to personal confidential data will have received additional specialist training.

We take relevant organisational and technical measures to make sure that the information we hold is secure such as holding information in secure locations, restricting access to information to authorised personnel, protecting personal and confidential information held on equipment such as laptops with encryption and information is transferred safely and securely.

Cardinal Medical Practice do not transfer personal confidential information overseas without adequate protection.

Under the Data Protection Act 2018, Cardinal Medical Practice is required to register with the Information Commissioner’s Office detailing all purposes for which personally identifiable data is collected, held and processed.

Cardinal Medical Practice have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it.

Cardinal Medical Practice will not pass on your details to any third party or other government department unless you consent to this or when it is necessary and or required to by law. Cardinal Medical Practice is a party to a number of information sharing agreements which are drawn up to ensure information is shared in a way that complies with relevant legislation.

How Long Do We Keep Your Information?

There are different retention schedules for different types of information and types of record. In the NHS, all commissioners and providers apply retention schedules in accordance with the NHS Records Management Code of Practice.

NHS data are subject to legal retention periods and should not be destroyed unless specific instructions to do so has been determined and received from the Data Controller.

What Rights Do I Have?

By law you have certain rights related to your information. These are:

The right to be informed

You have the right to know what information that we hold about you, what we do with it and why. We inform patients through this privacy notice.

The right of access

You have the right to have a copy of the information that we hold on you. We must provide this to you within one calendar month and free of charge unless an exemption applies. We may need you to prove your identity before we can release any information to you.

The right of rectification

You have the right to have your personal data corrected if inaccurate.

The right to erasure

You have the right to have your personal data erased in certain circumstances.

The right to restrict processing

You have the right to restrict the processing of your personal data in certain circumstances.

The right to data portability

You have the right allows you to obtain and reuse your information for your own purposes. You have the right to have your information in a digital format.

The right to object

You have the right to prevent processing of your information in certain circumstances.

Rights related to automated decision making and profiling

We must inform you if we do this kind of processing, and offer you a human based alternative.