The General Data Protection Regulation (GDPR) comes in to force on 25 May 2018, superseding the current Data Protection Act (1998).
Under the terms of the new GDPR, a privacy notice is required to explain to patients what personal data is held about them and how it is collected and processed.
How we obtain your personal data
Information provided by you
You provide us with personal data on registration when you either book by telephone with the practice or by signing up to membership services on our website. This includes name, address, date of birth, landline phone number, mobile phone number and email address.
We may also keep information contained in any correspondence or conversations you may have with us. By agreeing to a booking acts as consent that we may hold on to your personal information and you agree to our terms and conditions.
Information collected from other sources
By registering with the practice, you consent to your medical history from your previous practice(s) being sent to the practice at your request. The provision of this information is optional and essential in some circumstances in order that we can deliver personal care and medical treatment.
How we use your personal data
The admin team use your information to make appointments for you, to generate prescriptions, to electronically file hospital and clinic records, and to provide test results as requested by you. The admin team will only access your medical information on a “need to know” basis in order to perform their duties.
Your mobile phone number is used to send you text reminders of your appointments, to send texts regarding GP clinics and other clinics you may attend, and to send texts regarding administrative matters, eg surgery closures. We may share your mobile phone number with other healthcare professionals involved in your care.
If you have provided your email address, we may communicate with you in this way or send referrals by email to other services involved in your medical treatment who may then communicate with you by email.
The clinical team use your information to provide you with care and medical treatment.
We undertake at all times to protect your personal data in a manner which is consistent with the practice team’s duty of confidentiality and the requirements of the General Data Protection Regulation. We will also take all reasonable measures to protect your personal data stored in paper files and on our electronic system.
We will keep information about you confidential and will only disclose any information with third parties if it is in your interests to do so and when we are sure that the party with whom we are sharing information is a medical practitioner with whom you have already shared personal information or have agreed to share your medical records with. For example, we might give your mobile phone number to a hospital which wishes to contact you about an appointment which has been made for you.
With your written or verbal consent, we will share information about you with a carer.
We may, on occasion, share your name and address with a mailing company which provides a service for us on the understanding that they keep the information confidential.
Information shared with solicitors and insurance companies is only done so when we are sure you have given your express consent.
Information will be shared with legal agencies and the police on production of a court order or if by not doing so the practice would be breaking the law.
How long do we keep this information about you?
We will keep your paper and electronic (hospital/clinic) records as long as you are a patient at the practice. If you leave the practice or the practice ceases to exist, these will be returned to the Health Board for forwarding to your new practice. The practice will retain information held on its clinical system relating to consultations, immunisations, medical history and prescribing, but this information will be archived for a minimum of 7 years.
Patient (Data Subject) Rights
Right to be informed
This privacy notice informs you of your rights.
Right of access
The General Data Protection Regulation (GDPR) grants you the right to access particular personal data which we hold about you. This is referred to as a subject access request. We will respond promptly and at least within one calendar month from the date of receiving the request and all necessary information in writing from you, there is an administration charge for this.
Right to rectification
If considered appropriate, a clinician can make a retrospective entry if you have concerns regarding the accuracy of your clinical record. You will also have the right to have incomplete personal data completed, if necessary by providing a signed and dated supplementary statement. We will respond to the request for rectification at least within one calendar month.
Right to erasure
You have the right to request erasure of personal information concerning you if this is no longer relevant and is legal.
Right to restrict processing
Subject to exemptions, you will have the right to obtain from us restriction of processing if:
(a) The accuracy of the personal information is contested by you.
(b) We no longer need the personal information for the purpose of delivering personal care and medical treatment
(c) We are acting within the law
Right to object
You have the right to object to processing of your data for direct marketing or for the purposes of scientific/historical research and statistics.
Right of data portability
We can respond to a request from you for the supply of your personal information in an electronic format, which you then have the right to transmit elsewhere.
Rights in relation to automated decision
Patients have the right not to be subject to a decision based on automated processing. Patients have the right to (a) obtain human intervention, (b) express their point of view, and (c) obtain an explanation of the decision and challenge it.
Invoking your rights
If you would like to invoke any of the above data subject rights with the practice, please write to the Practice Manager, Park Health Clinics, The Parkside Suite, Frimley Park Hospital, Portsmouth Rd, Frimley, Camberley GU16 7UJ
Questions and queries
If you have a complaint regarding the use of your personal information, please write to the Practice Manager, Park Health Clinics, The Parkside Suite, Frimley Park Hospital, Portsmouth Rd, Frimley, Camberley GU16 7UJ