What is happening and how is my data being used?
Auchenblae Medical Practice are back scanning all GP paper records including the Lloyd George Wallets (LGW) to store them in a digital format.
Personal data and Special categories of personal data
All paper records and LGWs will be scanned which contain your personal data and health data which is recorded in your GP records.
This will include but not limited to your full name, DOB, CHI, address, previous addresses and names, contact details such as telephone numbers and email addresses, NOK & emergency contact name(s) and contact details, details of your family along with potentially family history, social history, health information, imaging and photography, any other data received from other organisations such as NHS Boards, private healthcare, local authority, other health organisations or voluntary organisations.
Data controller
Dr Jonathon Taylor is the data controller for the data to be digitised.
The scanning of your paper health records will be undertaken by a company called NEC Software Solutions UK Limited (NEC).
NEC are providing a complete end-to-end solution with records being digitised and automatically filed within the GP Practice’s Docman application by suppliers Microtech.
NEC are also supported by other organisations they have contracted with to deliver the end-to-end solution. They use Freight-port as their couriers for transportation of the records from the GP practice to NEC, and they use Shred-it for the secure destruction of the patient records after they have been scanned and instruction provided to NEC by the Practice to destroy the physical records.
The Practice have a signed an Agreement with NEC setting out instructions and standards on how your information is processed by them and their sub-processors.
Personal data which the Practice is data controller for, is retained in the same way as the other medical information we hold about you. Please see our full privacy notice for more information – Privacy Notice (auchenblaesurgery.co.uk)
NHS Inform also provides information how NHS Scotland uses and retains your data; please see the link below:
A specific Information Sharing Agreement has been put in place to document the sharing of personal data by the participating health organisations, including GP Practices. This is supported by a high level Agreement known as the Intra NHS Scotland Information Sharing Accord (2020) which enables participating health organisations share your personal data for specific purposes.
Lawful processing
We assert that it is lawful for us to process your personal data in this way as:
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
We assert that it is lawful for us to process special categories of your personal data in this way as:
- processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards … ;
AND
DPA 2018 Schedule 1 Condition:
2(1) Health & Social Care Purposes
- processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
- processing is necessary for the establishment, exercise or defence of legal claims.
- processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
Your rights
We respect your rights and preferences in relation to your data. If you wish to update, access, erase, limit, or complain about the use of your information, please let us know by emailing [email protected] in the first instance and we will consider your questions. You may also wish to contact the Health Board under which your care is being delivered or the Information Commissioner’s Office.