Parish Fields Practice aims to ensure the highest standard of medical care for our patients. To do this we keep records about you, your health and the care we have provided or plan to provide to you.
This privacy notice does not provide exhaustive details of all aspects of the collection and use of personal information by Parish Fields Practice. However, we are happy to provide any additional information or explanation needed. If you wish to request further information please contact the Practice Manager.
How we use your information
In order to provide for your care, we need to collect and keep information about you and your health on our records. Your records are used to:
- Provide a basis for all health decisions made by care professionals with and for you;
- Make sure your care is safe and effective;
- Work effectively with others providing you with care.
We also may use, or share, your information for the following purposes:
- Looking after the health of the general public;
- Making sure that our services can meet patient needs in the future;
- Auditing accounts;
- Preparing statistics on NHS performance and activity (where steps will be taken to ensure you cannot be identified);
- Investigating concerns, complaints or legal claims;
- Helping staff to review the care they provide to make sure it is of the highest standards;
- Training and educating staff;
- Research approved by the Local Research Ethics Committee. (If anything to do with the research would involve you personally, you will be contacted to provide consent);
Disclosure of information to other health and social professionals
We work with a number of other NHS and partner agencies to provide healthcare services to you. Below is a list of organisations that we may share your information with:
Our partner organisations
- other NHS hospitals
- relevant GP Practices
- dentists, opticians and pharmacies
- Private sector providers (private hospitals, care homes, hospices, contractors providing services to the NHS)
- Voluntary sector providers who are directly involved in your care
- Ambulance trusts
- Specialist trusts
- Health and social care information centre (HSCIC);
- Clinical Commissioning Groups
- NHS 111
- out of Hours medical service
- NHS walk in centres
- NHS England
- The Health and Social Care Information Centre (HSCIC).
Parish Fields Practice shares your diabetes related data with the Diabetic Eye Screening Programme commissioned by NHS England. This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.
This list is not intended to be exhaustive and we may well share data with other NHS care services but it will always be for the purpose of your direct care.
We may also share your information, with your consent, and subject to strict sharing protocols, about how it will be used, with:
- local authority departments, including social care and health (formerly social services), education and housing and public health;
- Police and fire services
Computer system
This practice operates a clinical computer system called Emis Web on which NHS staff record information securely. This information can then be shared with other clinicians so that everyone caring for you is fully informed about your medical history, including allergies and medication.
To provide around the clock safe care, unless you have asked us not to, we will make information available to trusted organisations. Wherever possible, their staff will ask your consent before your information is viewed.
We consider patient consent as being the key factor in dealing with your health information.
Shared Care Records
To support your care, and improve the sharing of relevant information to our partner organisations when they are involved in looking after you, we will share information to other systems. The general principle is that information is passed to these systems unless you request this does not happen, but that system users should ask for your consent before viewing your record.
How we keep your information confidential and secure
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998, Article 8 of the Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.
Everyone working in, or for, the NHS must use personal information in a secure and confidential way.
We will only ever use or pass on your information if there is a genuine need to do so. We will not disclose information about you to third parties without your permission unless there are exceptional circumstances, such as when the law requires.
At all times your information is kept secure. We use encryption for sending electronic information and if we are sending your information in the post we use the special delivery service for sensitive medical information.
To protect your confidentiality, we will not normally disclose any medical information about you over the telephone, or by fax, unless we are sure that we are talking to you. This means that we will not disclose information to your family, friends, and colleagues about any medical matters at all, unless we know that we have your consent to do so.
Anyone who receives information from us is also under a legal duty to keep it confidential and secure
All persons in the practice sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
Please be aware that your information will be accessed by non-clinical practice staff in order to perform tasks enabling the functioning of the practice. These are, but not limited to:
- Typing referral letters to hospital consultants or allied health professionals
- Opening letters from hospitals and consultants
- Scanning clinical letters, radiology reports and any other documents not available in electronic format
- Photocopying or printing documents for referral to consultants
- Handling, printing, photocopying and postage of medico legal and life assurance reports and of associated documents
Right of access to your health information
The Data Protection Act 1998 allows you to find out what information about you is held on computer and in manual records. This is known as “right of subject access” and applies to personal information held about you. If you want to see the information about you that the practice holds:
- you will need to make a written request to the practice manager
- there may be a charge to view or have a printed copy of the information held about you
- we are required to respond to you within 30 days
- you will need to give adequate information (for example full name, address, date of birth NHS number etc)
- you will be required to provide ID before any information is released to you
Who else may ask to access your information?
- The law courts can insist that we disclose medical records to them;
- Solicitors often ask for medical reports. These will always be accompanied by your signed consent for us to disclose information. We will not normally release details about other people that are contained in your records (eg wife, children, parents etc) unless we also have their consent;
- Limited information is shared with Public Health England to help them organise national programmes for Public Health such as childhood immunisations;
- Social Services. The Benefits Agency and others may require medical reports on you from time to time. These will often be accompanied by your signed consent to disclose information. Failure to co-operate with these agencies can lead to loss of benefit or other support. However, if we have not received your signed consent we will not normally disclose information about you;
- Life assurance companies frequently ask for medical reports on prospective clients. These are always accompanied by your signed consent form. We must disclose all relevant medical conditions unless you ask us not to do so. In that case, we would have to inform the insurance company that you have instructed us not to make a full disclosure to them.
You have the right, should you request it, to see reports to insurance companies or employers before they are sent.
Sharing your information without consent
We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:
- where there is a serious risk of harm or abuse to you or other people
- where a serious crime, such as assault, is being investigated or where it could be prevented
- notification of new births
- where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
- where a formal court order has been issued
- where there is a legal requirement, for example if you had committed a Road Traffic Offence
Website
Parish Fields Practice is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
You may choose to restrict the collection or use of your personal information in the following ways:
- information you supply using any electronic form(s) on this website will only be used for the purpose(s) stated on the form
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting the surgery
Concerns
If you have any concerns about how we use or share your information, or you do not wish us to share your information, then please contact Nicky Watson, Practice Manager who will be able to assist you.
Data Protection Officer (DPO)
Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with General Data Protection Regulation (GDPR) requirements. All organisations must have appointed a DPO who should be independent and not have conflicts of interest. Our DPO is Howard Green. He is also the Data Protection Officer for South Norfolk Healthcare CIC. Howard has recently passed the IBITG-accredited examination for the Certified EU General Data Protection Regulation Foundation (GDPR) Training Course.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice will be reviewed again in January 2020.