Privacy Notice

A Privacy Notice explains why the GP Practice collects information about you, what is collected and how that information may be used.

A full version (13 pages) of this Privacy Notice updated Oct 2020 is available here.
We also have a more basic version written for younger people (which is also easier to understand for everyone!).

Why we hold information about you:
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). We also keep a running commentary on current problems, creating a contemporaneous record to enable any professional involved in your care to understand what is happening and help to give you the best joined up care, avoiding risks, duplication and omissions. It also allows a record of your concerns and expectations. It allows the clinical decision making systems we have to optimise your care. In all it helps to provide you with the tools to deliver the best possible healthcare.

What we hold:
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which this GP Practice may hold about you may include the following information:

  • Details about you, such as address, contact details and next of kin
  • Any contact the surgery has had with you, such as appointments, real or virtual by any means, clinic visits, emergency appointments, phone calls, SMS messages, correspondence by any media etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations, such as laboratory tests, x-rays, etc.
  • Relevant information from other health or social care professionals or organisations involved in your care, relatives or those who care for you

How the information may be used:

  • To ensure you receive the best possible care, your records are used to facilitate the care you receive. It is vital that someone else providing treatment or care has enough information to be able to do this safely and effectively.
  • Information held about you may be used to help protect the health of the public and to help us manage the NHS.
  • Information may be used for clinical audit to monitor the quality of the service provided.
  • Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
  • Sometimes your information may be requested to be used for vital medical research purposes to help develop new treatments or for improving our understanding of health and diseases – the surgery will always endeavour to gain your consent before releasing the information (unless it is anonymised).
  • Patient Segmentation and Risk stratification tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then calculated through an analysis of your de-identified information using software managed by the NW London CCG as the data processor and is provided in identifiable form ONLY to your GP or member of your care team. Patient Segmentation and Risk stratification enables your GP to focus on the preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services. Please note that you have the right to opt out.
  • Safeguarding duties may require us to share sensitive information to protect adults and children, subject to strict legal and ethical frameworks.

Should you have any concerns about how your information is managed at the surgery please contact the Practice Manager to discuss how the disclosure of your personal information can be limited.

Further information on fair processing of data within the whole NHS can be obtained in the NHS Privacy Notice here.

How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the GDPR, Data Protection Act 2018 (both overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation has a legal duty to keep it confidential.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.

Which are our partner organisations?
We may share relevant information about you, subject to strict agreements on how it will be used and the context, with the following organisations:

  • NHS Trusts (hospitals, clinics, community services, hospices)
  • Specialist Trusts
  • NHS 111
  • Independent Contractors such as dentists, opticians, pharmacists
  • National Screening Programmes (eg breast, cervical, bowel cancer)
  • Private Sector Providers
  • Charities such as RM Partners (West London Cancer Alliance)
  • Voluntary Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Public Health
  • Social Care Services
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police
  • Care Quality Commission (CQC)
  • Health Services Ombudsman
  • Education services
  • NHS Digital
  • Other ‘data processors’

More on Third Party data processors:
In addition to sharing data within the NHS, the practice will use carefully selected third party service providers as listed above. When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately.

Some examples of functions that may be carried out by third parties includes:

  • Companies that provide IT services & support, including our core clinical systems (such as our EMIS clinical computer), communication (eg SMS, electronic consultation and video consultation systems), systems which manage patient facing services (such as our website and services accessible through the same or apps.); data hosting service providers; systems which facilitate appointment bookings, referrals or electronic prescription services; document management services etc.
  • Delivery services (for example if we were to arrange for delivery of any medicines to you).
  • Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

Further details regarding specific third party processors can be supplied on request.

Local information sharing arrangements
In order to provide you with health and social care services your GP practice works in close collaboration with several other practices locally in Harness North Primary care Network (PCN). (These include The Surgery, Pearl Medical, Wembley Park Drive Medical Centre, SMS Medical Practice, Lanfrac Medical Centre, Sunflower Practice, Church Lane Surgery, Preston Road Surgery, Sudbury & Alperton Surgery). This PCN is part of Harness Federation which provides certain services.

Staff working within the PCN are trained to understand their legal and professional responsibilities of confidence to their patients and will only access your records when they are required to do so to support you care. They will identify themselves and their role using their NHS smart card and access to your PCN record is logged, monitored, and audited.

In all cases, your information is only accessed and used by authorised staff who are involved in providing or supporting your direct care. Your permission will be asked before the information is accessed, other than in exceptional circumstances (e.g. emergencies) if the healthcare professional is unable to ask you and this is deemed to be in your best interests (which will then be logged).

Access to personal information (‘Subject Access Request’):
You have a right under the Data Protection Act 2018 to access / view the information the surgery holds about you and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

If you would like to make a ‘Subject Access Request’ please request from a staff member. We have a request form to help decide what you need (though it is not a requirement) – it is usually not necessary to view or copy the whole of your medical record.

If you would like further information about how we use your information, or if you do not want us to use your information in this way, please contact the Practice Manager.

Your right to withdraw consent:
At any time you have the right to refuse / withdraw consent to information sharing – see below. The possible consequences will be fully explained to you and could include delays in receiving care.

If you have any questions or concerns regarding the information we hold on you or the use of your information, please contact the Practice Manager.

For independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner (Tel: 08456 30 60 60 or 01625 54 57 45 ).