Privacy Statement - General Data Protection Regulation 2018
In the National Health Service (NHS) we aim to provide you with the highest quality healthcare. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.
The General Data Protection Regulation (GDPR) 2018 controls how your personal information is used by organisations, businesses or the Government. Dr Colin Marks Surgery is defined as a 'data controller' of personal information. We collect information to help us provide and manage healthcare to our patients.
The purpose for processing data and the legal basis
The lawful bases for processing your data is set out in Article 6 of the GDPR. The following basis is applied whenever we process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
What kind of personal information does the practice collect?
- Name, address, date of birth, NHS number and next of kin
- Details of diagnosis, treatment and hospital visits
- Allergies and health conditions
This information is retained during your lifetime.
Why we collect information about you
The people who care for you use your information and records to:
- provide a good basis for all health decisions made by you and your care professionals
- allow you to work with those providing care
- make sure your care is safe and effective
- work effectively with those providing you with care
Others in the NHS may also need to use records about you to:
- check the quality of care (called clinical audit)
- collect data regarding public health matters
- ensure NHS funding is being allocated appropriately
- help investigate any concerns or complaints you may have about your health care
With your explicit consent only, others in the NHS may also need to use records about you to:
- teach healthcare workers
- help with research
Information sharing with non-NHS organisations
For your benefit we may need to share information from your health records with non-NHS organisations from whom you are also receiving direct care, such as social services or private healthcare. We may also need to share your information, such as blood test results, for direct care processing purposes by a non-NHS organisation under an agreement with the practice. We will always seek your permission to share your information with organisations for purposes other than your direct care. However, in exceptional circumstances we may need to share information without your permission if:
- it is in the public interest e.g. there is a risk of death or serious harm
- there is a legal need to share it e.g. to protect a child under the Childrens Act 1989
- a Court Order tells us that we must share it
- there is a legitimate enquiry from the police under the Data Protection Act (1998) for information related to a serious crime
Your right to withdraw consent for your information to be shared
You have the right to withdraw and refuse consent to information sharing at any time but note that not sharing your information may affect the quality and safety of the care you receive. For further information, please contact the Data Protection Officer or Caldicott Guardian using the details below.
How do I access information recorded about me?
Under the General Data Protection Regulation individuals have the legal right to access information that is held about them by an organisation. If you have undergone medical treatment at Dr Colin Marks surgery you have the right to access your information.
You have the right of objection if you feel your information has been processed incorrectly. You have the right to access your record and to have inaccurate data corrected. The retention period for records is during a patient's lifetime. Patients have the right to lodge a complaint with the Information Commissioners Office (ICO) if you have a concern about Dr Colin Marks Surgery's information rights practices.
For further information, please contact:
Data Protection Officer - Dr Colin Marks
Caldicott Guardian - Dr Colin Marks
Data Controller - Dr Colin Marks