Your healthcare records contain information about your health and any treatment or care you have received previously (e.g., from a hospital clinic, same day access clinic, community care provider, mental health provider, walk in centres, social services).
These records may be electronic, a paper record or a mixture of both. We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.
Why do we collect this information?
The NHS Act 2006 and Health and Social Care Act 2012 invests statutory functions on GP practices to promote and provide primary health services in England, improve quality of services, reduce inequalities, conduct research, review performance of services and deliver education and training.
To do this we will need to process your information in accordance with current data protection legislation to:
· Protect your vital interests.
· Pursue our legitimate interests as a provider of medical care, particularly where the individual is a child or a vulnerable adult.
· Perform tasks in the public’s interest.
· Deliver preventative medicine, medical diagnosis, medical research.
· Manage the health and social care system and services.
What do we use your personal information for?
· For your direct care needs and to ensure you receive the best possible care.
· To respond to queries from you or health care providers directly involved in your care.
· To identify whether you are at risk of a future, unplanned hospital admission.
· To support and effectively manage a long-term condition.
· For clinical audit to monitor the quality of service provided.
· To understand the local population needs and plan for future requirements.
This is known as ‘Risk Stratification for Commissioning.
How is this information collected?
Your information is collected electronically using secure NHS email or a secure electronic document transfer system using an NHS encrypted network connection. In addition, physical information in paper form will be sent to the practice.
This information will be stored within your GP electronic record or within your physical medical record.
Who will we share your information with?
In order to deliver, coordinate and improve your health and social care, we may share information with the following organisations:
· Acute Visiting Service, GP Extended Access and local GP practices in order to deliver extended primary care services.
· Portsmouth Hospitals NHS trust (QA hospital, Gosport War Memorial hospital, St Mary’s hospital and Petersfield Hospital).
· Any other Hospital that you have chosen to receive care or treatment.
· NHS 111, Southern Central Ambulance and the out of hours services.
· Local social services and community care services such as district nurses, palliative care nurses, counsellors, health visitors.
· Voluntary support organisations commissioned to provide services by Hampshire & IOW ICB
· Product services commissioned by the Hampshire & IOW ICB such as the continence and stoma service
·
· Your information will only be shared if it appropriate for the provision of your care or to satisfy our statutory function and legal obligations.
We do not share information that identifies you unless we have a fair and lawful basis, such as:
· You have given us permission; consented.
· We need to act to protect children and vulnerable adults.
· When a formal court order has been served upon us.
· When we are lawfully required to report certain information to the appropriate authorities e.g., to prevent fraud or a serious crime.
· Emergency planning reasons such as for protecting the health and safety of others.
· When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals.
Your information will not be transferred outside the European Union.
The information from your patient record will only be used for purposes that benefit care – we would never share it for marketing or insurance purposes.
We may share anonymised, pseudonymised and aggregated statistical information with other organisations for the purpose of improving local services, research, audit and public health; for example, understanding how health conditions spread across our local area compared to other areas.
Who do we receive information from?
Whilst we share your information with the above organisations, we may also receive information from them to ensure your medical records are kept up to date and so that your GP can provide the best care.
We also receive data from NHS Digital (as directed by the Department of Health) such as the uptake of flu vaccinations and disease prevalence in order to assist us to improve community primary care.
How do we maintain confidentiality of your records?
We are committed to protecting your privacy and will only use information that has been collected lawfully.
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential and only share for the purpose of providing direct health care.
We ensure that access to your personal data is limited to appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal reason for access.
We maintain our duty of confidentiality by conducting annual training and regular review of policies and protocols.
We have a clear desk policy which means that at all patient identifiable data should be locked away at the end of the day.
All paper records are stored in lockable cupboards and kept in an office with a locked door.
All patient information transferred by email is done an NHS mail email account. This has the highest security standards.
Information is not held longer than necessary and is held in accordance with the Records Management Code of Practice for Health and Social Care 2021.
Consent and Objections
Do I need to give my consent?
The GDPR sets a high standard for consent.
Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps to build trust. However, consent is only one potential lawful basis for processing information so your we may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that it is used for your direct care.
‘We do not rely on consent to use your information as a ‘legal basis for processing’. We rely on specific provisions under Article 6 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller’ and ‘…processing is necessary for compliance with a legal obligation’.
We are also guided by Article 9 which states we can use information ‘necessary for the purposes of preventative or occupational medicine for assessingthe working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services…’
This means we canuseyour personal informationtoprovideyouwithyour care without seeking your consent. However, you do have the right to say ‘NO’ to our use of your information but this could have an impact on our ability to provide you with care.
We will contact you if we are required to share your information for any other purpose which is not mentioned in this notice and your consent will be documented in your electronic record.
What will happen if I withhold my consent or raise an objection?
You have the right to write to withdraw your consent at any time for any particular instance of processing, provided consent is the legal basis for the processing, for example if you have your health record available for other healthcare professionals to see, in the form of a summary care record, you can withdraw consent for this at any time.
If you need a referral to a specialist for further treatment, your GP does not need to ask for consent but if you then tell the GP you do not want them to send any of your relevant health information to the specialist, the GP may then not be able to refer.
Please contact the practice if you require further information and to raise any objections.
Health Risk Screening/Risk Stratification
This is a process that helps us to determine whether you are at risk of an unplanned admission or deterioration in health. By using selected information such as age, gender, NHS number, diagnosis, long-term conditions, medication, admissions we may be able to judge if you are likely to need more support, or if the right services are in place to support the local population’s needs.
To summarise, Risk Stratification is used in the NHS to:
· Help decide if a patient is at a greater risk of suffering from a particular condition.
· Prevent an emergency admission.
· Identify if a patient needs medical help to prevent a health condition from getting worse; and/or
· Review and amend provision of current health and social care needs.
We use our computer system to do specialised searches to identify patients who are most at risk. This is done with support from our local Commissioning Support Unit who is tasked by the NHS to assist healthcare providers in performing their duties, plus an accredited risk stratification provider. These contracts are arranged Hampshire & IOW ICB in accordance with the current Section 251 Agreement. None of these parties will have access to your personal data; they are only there to assist.
We routinely conduct the risk stratification process in the practice, it is conducted electronically. The resulting report is then reviewed by a multidisciplinary team of staff, here, which may result in us contacting you if alterations to your care are needed.
A Section 251 Agreement is where the Secretary of State for Health and Social Care has granted permission for personal data to be used for the purpose of risk stratification.
As mentioned above, you have the right to object to your information being used in this way. However, you should be aware that your objection may have a negative impact on the timely and proactive provision of your care.
Please contact the practice if you would like todiscuss how disclosure of your personal record can be limited.
Sharing of your electronic patient record within the NHS
Electronic patient records are kept in most places you receive healthcare. Our clinical system is called EMIS and this enables your parts of your record to be shared with organisations involved in your direct care, such as:
· GP practices.
· Community services such as district nurses, rehab services.
· Child health services that undertake routine treatment or health screening.
· Urgent care organisations, minor injury units or out of hours services.
· Community hospitals.
· Palliative care hospitals and services. Mental health trusts.
· Hospitals.
· Social care organisations.
· Pharmacies
Summary Care Record
In addition, we have the Summary Care record which contains information such as your current medications and allergies but could also include health problems, if you opt for this and this is available to healthcare professionals across the country.
The SCR means other healthcare staff can give you better care if, for example, you are in an emergency or if you are seen out of normal surgery houses.
You can opt out of this service, please speak to a member of staff for more information.
Care and Health Information Exchange (CHIE)
Formerly known as the Hampshire Health Record, is a local health and social care record which brings together information from participating Health and Care organisations ie GP practices, community providers, acute hospitals and social care providers.
From your patient record we share your name, address, contacts ie your next of kin, diagnosis, allergies and alerts as well as information about your appointments, care plans, immunisations and referrals, with CHIE.
If you do not want your information shared with CHIE, please discuss this with your healthcare professional.
For more information, please visit http://www.careandhealthinformationexchange.org.uk/
Health Intelligence
The Practice shares your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England).
This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.
For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.desphiow.co.uk
NHS Health Check
The NHS Health Check is a health check-up for adults in England aged 40-74. It's designed to spot early signs of stroke, kidney disease, heart disease, type 2 diabetes or dementia. As we get older, we have a higher risk of developing one of these conditions.
An NHS Health Check helps find ways to lower this risk. For the invitation to get to you we share your name, address and month of birth with Public Health at Hampshire County Council.
If you do not wishto have these invites please letus know. We also share anonymised data from the NHS Health checks in order to get a better idea of health issues in our area.
Data Extraction by Hampshire & Isle of Wight Integrated Care Board (HIOWICB)
The HIOWICB at times extracts information about your care, but the information they extract via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify (it is pseudonymised).
We will never give the ICB access to any system or information that would enable them to identify you.
The Clinical Commissioning Group requires this pseudonymised information for the following purposes:
· For management and monitoring of the GP Practice core contract
· For management and monitoring of the GP Practice enhanced services
· For assurance of compliance with these contracts
· For assurance of the effective spending of public funding
· To conform with delegated responsibilities from NHS England
· To fulfil the CCGs role in ensuring services commissioned meet patient population need and are being delivered in accordance with commissioning intentions.
NHS Digital
On behalf of NHS England, NHS Digital assesses the effectiveness of the care provided by publicly-funded services – we have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.
You have the right to object to us sharing your information to NHS Digital – this will not affect your care in any way. For information about how you can Opt-Out of sharing your data with NHS Digital please visit the NHS Digital National Data Opt-Out Programme Website.
Invoice Validation
If you have received treatment within the NHS, the local Commissioning Support Unit (CSU) may require access to your personal information to determine which ICB is responsible for payment for the treatment or procedures you have received. Information such as your name, address, date of treatment and associated treatment codes may be passed onto the CSU to enable them to process the bill. These details are held in a secure environment and kept confidential and will not be shared for any other purposes.
How can you access the information we hold about you?
You have a right to see the information we hold about you, both on paper or electronic, except for information that:
· Has been provided about you by someone else if they haven’t given permission for you to see it.
· Relates to criminal offences.
· Is being used to detect or prevent crime.
· Could cause physical or mental harm to you or someone else.
You can access much of your electronic medical record using the NHS App. For further information or to request access to any paper records, please contact the surgery.
In writing to : The Reception Team Lead, Solent View Medical Practice, Lee on the Solent Health Centre, Manor Way, Lee on the Solent PO13 9JG
By telephone: 02392 550220
By email: hiowicb-hsi.leeonsolenthealthcentre@nhs.net
We will request proof of identity before we can give access to Patient Access or disclose personal information.
Complaints
In the event that you feel we have not complied with the current data protection legislation, either in responding to your request for access to your record or in our general processing of your personal information, you should raise your concerns, in the first in writing to the practice manager at:
Practice Manager, Solent View Medical Practice, Lee on the Solent Health Centre, Manor Way, Lee on the Solent PO13 9JG
If you remain dissatisfied with our response you can contact:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Telephone: 0303 123 1113 Website: https://ico.org.uk/concerns/
|
Legal Basis for sharing information. Activity
|
Rationale
|
|
HIOWICB
|
Purpose – Anonymous information is shared to plan and design care services within the locality.
Legal Basis – non identifiable data only
Data Processor – Hampshire & IOW ICB
|
|
Individual Funding Requests – The CSU
|
Purpose – We may need to share your information with the IFR team for the funding of treatment that is not normally covered in the standard contract
Legal Basis – The clinical professional who first identifies that you may need the treatment will explain to you the information that is needed to be collected and processed in order to assess your needs and commission your care; they will gain your explicit consent to share this.
Data processor – We ask NHS South, Central and West Commissioning Support Unit (CSU) to do this on our behalf.
|
|
Summary Care Records
|
Purpose – Limited Personal identifiable data is shared with the Summary Care Record to help with emergency doctors and nurses help you when you contact them when the surgery is closed.
Legal Basis – This is for your direct care and in an emergency – you can opt out of your record being shared
Data Processor – Central NHS database
|
|
Care and Health Information Exchange (CHIE)
|
Purpose – Is a local combined electronic health record. It brings together information in your health records from different parts of the NHS to assist with your direct care – you may opt out of having your information shared on this system.
Legal Basis – This service is for provision of health, social care or treatment and in order for treatment to be safe, knowledge of a patients medical history is required. - you can opt in or out at any point.
Data Processor – Local NHS organisation
|
|
Care and Health Information Analytics (CHIA)
|
Purpose - This is a database which holds pseudonymised information,whichmeans nopatientscanbeidentified. This information is received from the CHIE and it is used to look at trends in health, to improve future care, to shape NHS services and support medical research.
Legal basis - This database collection enables our ICB and local authorities to provide good health and social care, which is a duty in law. You can opt in or out at any point.
Data Processor - South Central and West Commissioning Support unit
|