The General Data Protection Regulation applied in the UK from 25 May 2018 and is the biggest change to data protection law in a generation according to the ICO.
- The aim is to set the guidelines for the collection, processing, storage and protection of personal and sensitive data
- To give individuals the rights to access and correct their personal data and prevent it from being used for purposes that they don’t want it to be.
The Privacy Notice explains why the GP practice collects information about you and how that information may be used.
This website collects some personal data from users, as stated in our website provider’s Privacy Policy.
Dr Jonathon Taylor is the Data Controller and Lisa Taylor, Managing Partner is the Data Protection Officer. Contact details are:
Auchenblae Medical Practice
Mackenzie Avenue
Auchenblae
AB30 1XU
Email: [email protected]
We are also required to have a NHS Data Protection Office and their details are as follows:
Miss Roohi Bains
Acting Information Governance Manager
Information Governance
Aberdeen Royal Infirmary
Rosehill House
Aberdeen Royal Infirmary
Tel No: 01224 551943
Email: [email protected]
What personal information do we hold?
Details about you, such as your name, address, contact details, your family, what you do, your employers, carers and any legal representative.
Any contact the surgery has had with you, such as appointments, clinic visits. emergency appointments, etc
Notes and reports about your health
Details about your treatment and care
Results of investigations such as laboratory tests, x-rays, etc
Relevant information from other health professionals, relatives or those who care for you
· Health care professionals, who provide you with care, maintain records about your health and any treatment or care you have received previously (e.g. NHS, GP Surgery, Walk-in Clinic, etc.) These records are used to help to provide you with the best possible healthcare.
· NHS health care records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.
Identifying patients who might be at risk of certain diseases
Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
This means we can offer patients additional care or support as early as possible.This process will involve linking information from your GP record with information from other health or social care services you have used.
Information which identifies you will only be seen by this practice.
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided. Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be indentified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.
How is your personal data collected?
We use different methods to collect data from and about you including through direct interactions, for example, you may give us your identity, by filling in forms or by corresponding with us by phone, post, email or otherwise.
Who we share information with:
After a patient agrees to a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care.
If your care requires treatment outside the practice, we will exchange with those providing such care and treatment whatever information may be necessary to provide safe, high quality care.
Once you have seen the care provider, they will normally send us details of the care they have provided you with, so that we can understand your health better.Your consent to this sharing of data, within the practice and with those outside the practice is assumed and is allowed by the Law; however we will gladly discuss this with you.
The Practice team (clinicians, administration and reception staff) only access the information they need to allow them to perform their function and fulfil their roles.
You have the right to object to our sharing your data in these circumstances but we have an overriding responsibility to do what is in your best interests.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
Data Protection Act 2018 and General Data Protection Regulation 2016
Human Rights Act 1998
Common Law Duty of Confidentiality
Health and Social Care Act 2012
NHS Codes of Confidentiality, Information Security and Records Management
Information: To share or not to share review
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. We have a practice confidential policy which our staff sign.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (information to share/not to share) where” The duty to share information can be as important as the duty to protect patient confidentiality”. This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out be the Caldicott principles. They should be supported by the polices of their employers, regulators and professional bodies.
Disclosures of your personal data
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Changes to the privacy notice and your duty to inform us of change
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for