QUEENS MEDICAL CENTRE PRIVACY NOTICE
This privacy notice describes the data, the practice holds about you, why we hold it, where and how we store it, how long for and how we protect it. It also tells you about your rights under the Data Protection Legislation and how the law protects
Who we are and what do we do?
Queens Medical Centre
6/7 Queen Street
Barnstaple EX32 8HY
Tel: 01271 372672
Email: d-icb.queensmc@nhs.net
Queens Medical Centre is a Data Controller for the data we hold about you. We hold your data in order to provide you with health and social care.
What is personal data and what data do we use?
Your personal data is any information that can be connected to you personally. If you can be identified from the data, it is personal data. The types of personal data we use and hold about you are:
Details about you: your name, address, contact number, email address, date of birth, gender, ethnicity and NHS number. We may also hold information about your emergency contact, next of kin and carer
Details about your medical care: medical diagnosis, record of treatment received, referrals, history of prescribed medication, results of investigations such as X-rays etc
Information provided by you: this includes correspondence relating to feedback, concerns and complaints about the service you have received
Relevant information from other healthcare professionals, relatives or those who care for you
We may also hold the following information about you:
Religion or other beliefs of a similar nature
Family, lifestyle and/or social circumstances
Employment details
Financial details
Your email address and mobile number
When we collect your mobile number, we use it to text you to remind you of appointments, provide you with test results, send video consultation links, respond to online consultations, or provide you with information and other aspects relating to your care. These messages may come from our core clinical system (TPP SystmOne) or AccuRx (a third-party organisation). If you no longer wish to receive communication this way, please let a member of staff know who will be able to update your preferences.
When we collect your email address, we use it to respond to AccuRx Patient Triage (online consultations) and emails you have sent to the surgery. If you no longer wish to receive communication this way, please let a member of staff know who will be able to update your preferences.
Why do we process your data and what legal basis do we have to process your data?
In order to process your personal data or share your personal data outside of the practice, we need a legal basis to do so. If we process or share special category data, such as health data, we will need an additional legal basis to do so.
We rely upon Article 6(1)(e) (public interest task) and Article 9(2)(h) (health and social care) for most of our processing and sharing, in particular to:
Provide you with health and social care
Share data from, or allow access to, your GP record, for healthcare professionals involved in providing you with health and social care
Receive data from or access your data on other NHS organisation clinician systems
Work effectively with other organisations and healthcare professionals who are involved in your care
Ensure that your treatment and advice, and the treatment of others is safe and effective.
Participate in National Screening Programmes
Use a computer program to identify patients who might be at risk from certain diseases or unplanned admissions to Hospitals
Help NHS Digital and the practice to conduct clinical audits to ensure you are being provided with safe, high quality care
Support medical research when the law allows us to do so
Supply data to help plan and manage services and prevent infectious diseases from spreading
We rely upon Article 6(1)(d) (vital interest) and Article 9(2)(c) (vital interests) to share information about you with another healthcare professional in a medical emergency.
We rely upon Article 6(1)(e) (public interest task) and Article 9(2)(g) (substantial public interest) to support safeguarding for patients who, for instance, may be particularly vulnerable to protect them from harm or other forms of abuse.
We rely upon Article 6(1)(c) (legal obligation) and Article 9(2)(h) to share your information for mandatory disclosures of information (such as NHS Digital, CQC and Public Health England).
We rely upon Article 6(1)(c) (legal obligation) and Article 9(2)(f) (legal claims) to help us investigate legal claims and if a court of law orders us to do so.
We rely upon Article 6(1)(a) (consent) and Article 9(2)(a) (explicit consent), in order to:
Help the practice investigate any feedback, including patient surveys, complaints or concerns you may have about contact with the practice
Help manage how we provide you with services from the practice, for example, when you nominate individuals to contact the practice on your behalf
Share your information with third parties, for example, insurance companies and medical research organisations
We also use anonymised data to plan and improve health care services. Specifically, we use it to:
Review the care being provided to make sure it is of the highest standard
Check the quality and efficiency of the services we provide
Prepare performance reports on the services we provide
Common law duty of confidentiality
Healthcare staff will respect and comply with their obligations under the common law duty of confidence. We meet the duty of confidentiality under one of the following:
· You have provided us with your explicit consent
· For direct care, we rely on implied consent
· We have approval from the Confidentiality Advisory Group (CAG)
· We have a legal requirement to collect, share and the use the data
· One a case – by – case basis, we will share information in the public interest
How do we collect your data?
The practice collects data that you provide when you:
Receive treatment or care from the practice
Contact the practice by telephone (all telephone calls received and made by the practice are recorded), online or in person
Complete a form electronically or in paper
Contact the practice via a Social Network (for example if you communicate with the practice through Facebook)
Visit the practice’s website (If cookies are enabled)
We receive information about you from other providers to ensure that we provide you with effective and comprehensive treatment. These providers may include:
The GP Practices within the Barnstaple Primary Care Network
Other GP Practices
NHS Trusts/Foundation Trusts
NHS Commissioning Support Units (CSUs)
Community Services (Community Nurses, Rehabilitation Services and out of hours services)
· Hospices
Ambulance or emergency services
Independent contractors such as Pharmacies, Dentists and Opticians
NHS Devon Integrated Care Board (ICB)
NHS England
Local authorities
Police and Judicial Services
Educational Services
NHS 111
· UK Health Security Agency
· Office for Health Improvement and Disparities
Non-NHS health care providers
Research providers
Who do we share your data with?
In order to deliver and coordinate your health and social care, we may sometimes share information with other organisations. We will only ever share information about you if other agencies involved in your care have a genuine need for it. Anyone who receives information from the practice is under a legal duty to keep it confidential and secure.
Please be aware that there may be certain circumstances, such as providing emergency care, assisting the police with the investigation of a serious crime, where it may be necessary for the practice to share your personal information with external agencies without your knowledge or consent.
We may share information with the following organisations:
The GP Practices (Brannam, Fremington, Litchdon, Queens) within the Barnstaple Alliance Primary Care Network
Other GP Practices
NHS Trusts/Foundation Trusts
Hospices
NHS Devon Integrated Care Board (ICB)
NHS Commissioning Support Units
Community Services (Community Nurses, Primary Care Liaison Nurses, Rehabilitation Services and out of hours services)
Ambulance or emergency services
Independent contractors such as Pharmacies, Dentists and Opticians
Local authorities
Multi-Agency Safeguarding Hub (MASH)
Police and Judicial Services
Educational Services
Fire and Rescue Services
NHS 111
The Care Quality Commission, ICO and other regulators
NHS England
· UK Health Security Agency
· Office for Health Improvement and Disparities
Non-NHS health care providers
Research providers
Livewell Southwest CIC
Kernow Heath CIC
Devon Partnership Trust (DPT)
Alzheimer’s Society
Interface Clinical Services
InHealth
The practice will also use carefully selected third party service providers that process data on behalf of the practice. When we use a third party service provider, we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating responsibly to ensure the protection of your data. Examples of functions that may be carried out by third parties includes:
Organisations that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate video consultation, appointment bookings or electronic prescription services; document management services, social prescribing software etc
Organisations who are delivering services on behalf of the practice (for example conducting Medicines Management Reviews to ensure that you receive the most appropriate, up to date and cost-effective treatments or supporting practices in offering choices of providers and appointments to patients who are being referred via the NHS E-Referral system)
Delivery services (for example if we were to arrange for delivery of any medicines to you)
Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).
For further information of who we share your personal data with and our third-party processors, please contact the Practice Manager.
Where do we store your data?
We use a number of IT systems and tools to store and process your data, on behalf of the practice. Examples of tools we use include our Core Clinical System (TPP/SystmOne), NHSmail, Microsoft 365 including Teams, and AccuRx.
For further information on this, please contact the Practice Manager
How will my Personal Data be used?
The information will include personal data about your health care. This information will be combined and anything that can identify you (like your name or NHS Number) will be removed and replaced with a unique code.
This means that the people working with the data will only see the code and cannot see which patient the information relates to.
Examples of how the information could be used for a number of healthcare related activities include;
· Improving the quality and standards of care provided
· Research into the development of new treatments
· Preventing illness and diseases
· Monitoring safety
· Planning services
Who will my Personal Data be shared with?
Your GP and other care providers will send the information they hold on their systems to NHS Devon Integrated Care System (ICS), the NHS organisation responsible for planning, commissioning (or buying) and developing healthcare services for the 1.2 million people who live in Devon.
NHS Devon ICS will link all the information together. Your GP and other care providers will then review this information and make decisions about the whole population or particular patients that might need additional support.
NHS Devon ICS is legally obliged to protect your information and maintain confidentiality in the same way that your GP or hospital provider is.
Is using my Personal Data in this way lawful?
Health and Social Care Providers are permitted by data protection law to use personal information where it is ‘necessary for medical purposes’. This includes caring for you directly as well as management of health services more generally.
Some of the work that happens at a national level with your personal information is enabled by other legislation. Sharing and using your information in this way helps to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law and, in the majority of cases, anonymised data is used so that you cannot be identified.
For more information, speak to our Data Protection Officer who will be happy to help with any queries you may have.
Can I object to my Personal Data being used as part of the Personal Health Management project?
You have a right to object to your personal information being used in this way. If you do choose to ‘opt out’ please contact our Data Protection Officer in the first instance. If you are happy for your personal information to be used as part of this project then you do not need to do anything further, although you do have the right to change your mind at any time.
If you still have concerns, you can also contact the Information Commissioner’s Office directly at the following link:
https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.
How long do we hold your data?
We only hold your data for as long as necessary and are required to hold your data in line with the NHS Records Management Code of Practice for Health and Social Care 2021 Retention Schedule. Further information can be found online at:
https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code/
What rights do you have?
You have various rights under the UK GDPR and Data Protection Act 2018:
Right of access
You have the right to request access to view or request copies of the personal data, we hold about you; this is known as a Subject Access Request (SAR). In order to request access, you could write, email or verbally request access from the practice.
Please note that you are entitled to a copy of your data that we hold free of charge; however, we are entitled to charge in certain circumstances where the law permits us to do so. We are also entitled to refuse a request, where the law permits us to do so. If we require a fee or are unable to comply with your request, we will notify you within 1 calendar month of your request.
Right to restrict or object the use of your information
There are certain circumstances in which you can object from your data being shared. Information regarding your rights to opt-out is detailed below:
Consent
If the practice is relying on the consent as the basis for processing your data, you have the right to withdraw your consent at any time. Once you have withdrawn your consent, we will stop processing your data for this purpose.
However, this will only apply in circumstances on which we rely on your consent to use your personal data. Please be aware that if you do withdraw your consent, we may not be able to provide certain services to you. If this is the case, we will let you know.
Summary Care Record (SCR)
NHS England have implemented the SCR which contains information about you; including your name, address, data of birth, NHS number, medication you are taking and any bad reactions to medication that you have had in the past. This information is automatically extracted from your records and uploaded onto a central system.
Many patients who are seen outside of their GP Practice are understandably not able to provide a full account of their care or may not be in a position to do so. The SCR means patients do not have to repeat their medical history at every care setting and the healthcare professional they are seeing is able to access their SCR. The SCR can only be viewed within the NHS on NHS smartcard-controlled screens or by organisations, such as pharmacies, contracted to the NHS.
As well as this basic record, additional information will also be added to include further information. You can find out more about the SCR here: https://digital.nhs.uk/services/summary-care-records-scr
The SCR improves care; however, if you do not want one, you have the right to object to sharing your data or to restrict access to specific elements of your records. This will mean that the information recorded by the practice will not be visible at any other care setting.
To view your options and for further information regarding the SCR visit: https://digital.nhs.uk/services/summary-care-records-scr/summary-care-records-scr-information-for-patients#opting-out.
If you wish to discuss your options regarding the SCR, please speak to a member of staff at the practice or complete the SCR opt-out form on the above link and return it to the practice. You can also reinstate your consent at any time by giving your permission to override your previous dissent.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
National Screening Programmes
The NHS provides national screening programmes so that certain diseases can be detected at early stages. These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service. More information on the national screening programmes can be found at: https://www.gov.uk/topic/population-screening-programmes
If you do not wish to receive an invitation to the screening programmes, you can opt out at https://www.gov.uk/government/publications/opting-out-of-the-nhs-population-screening-programmes or speak to the practice.
Type 1 Opt-out:
You have the right to object to your confidential patient data being shared for purposes beyond your direct care by asking the practice to apply a Type 1 opt-out to your medical records. A type 1 opt-out prevents personal data about you, being extracted from your GP record, and uploaded to any other organisations without your explicit consent. To download a Type 1 opt-out form, please visit Opt out of sharing your health records - NHS (www.nhs.uk). If you wish for a Type 1 opt-out to be applied to your record, please contact the Practice Manager
National Data Opt-out:
You have the right to object to your data being shared under the national data opt-out model. The national data opt-out model provides an easy way for you to opt-out of sharing data that identifies you being used or shared for medical research purposes and quality checking or audit purposes.
To opt-out of your identifiable data being shared for medical research or to find out more about your opt-out choices please ask a member of staff or go to NHS Digital’s website:
https://digital.nhs.uk/services/national-data-opt-out
Our organisation is compliant with the national data opt-out policy.
Right to rectification
You have the right to have any errors or mistakes corrected within your medical records. This applies to matters of fact, not opinion. If the information is of clinical nature, this will need to be reviewed and investigated by the practice. If you wish to have your records amended, please contact the Practice Manager.
If your personal information changes, such as your contact address or number, you should notify the practice immediately so that we can update the information on our system. We will also ask you from time to time to confirm the information we hold for you, is correct.
Right to erasure
The practice is not aware of any circumstances in which you will have the right to delete correct data from your medical record, which the practice is legally bound to retain. Although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the data and contact the practice if you hold a different view.
Right to complain
Please let us know if you wish to discuss how we have used your personal data, raise a concern, make a complaint or compliment. You can contact us at d-icb.queensmc@nhs.net.
You also have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link: https://ico.org.uk/global/contact-us/ or call the helpline on 0303 123 1113.
Data outside EEA
We do not send your personal data outside of the EEA. However, if this is required, the practice would only do so, with your explicit consent.
Data Protection Officer
The Data Protection Officer can be contacted via email on d-icb.deltdpo@nhs.net or by post: Delt Shared Services Limited, BUILDING 2 – Delt, Derriford Business Park, Plymouth, PL6 5QZ.
Cookies
The practice’s website uses cookies. A cookie is a small file, typically of letters and numbers, downloaded on to a device (like your computer or smart phone) when you access certain websites. Cookies allow a website to recognise a user’s device. Some cookies help websites to remember choices you make (e.g. which language you prefer if you use the Google Translate feature). Analytical cookies are to help us measure the number of visitors to our website. The two types the practices uses are ‘Session’ and ‘Persistent’ cookies.
Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time. We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.
What can I do to manage cookies on my devices?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/ If you are concerned about cookies and would like to discuss this, please contact the Practice Manager
Telephony System (Horizon & Horizon Collaborate)
In addition to all Practice internal and external calls being recorded, a number of our Primary Care Network staff, who work across the four Barnstaple Alliance surgeries (Brannam, Fremington, Litchdon and Queens) use an application called Horizon Collaborate to make and receive telephone calls. Just as the Practices main telephone system, calls with our Primary Care Network staff will also be recorded via the Horizon App or by the individual practice’s telephony systems. Call recordings are retained for 36 months.
CCTV (Closed Circuit Television)
We may record CCTV images of people entering, approaching or passing our buildings to:
· Help staff and visitors feel safer
· Act as a deterrent to offenders
· Allow the collection of evidence to help find and convict offenders
· There will be clear signs within our premise to advise you CCTV is in operation.
Your information may be shared with other organisations, but we will only do this when necessary or if they have a legal right to it. Recordings which are not required for the purposes of security of staff, patient and premises, will not be retained for longer than is necessary and no longer than 12 weeks. This ensures that any subsequent investigations can be completed.
Our legal reasons for processing this data is ‘legitimate interest’ under UK GDPR Article 6(1)(f). The processing achieves its purpose of providing a secure environment for staff and service users by providing evidence in the case of a security incident. There isn’t an alternative way to provide this level of security for all involved. The only aim of our CCTV is to provide a deterrent and to have a way of evidencing events should an incident occur.
You have the right to:
· View a copy of the CCTV recording
Request that the CCTV recording be deleted if you believe the practice is processing it for longer than is necessary
For further information or to request copies of CCTV recording please contact the Practice Manager
Enhanced Access
Who will we share your information with?
As part of our Enhanced Access Initiative, Queens Medical Centre patients will be able to book evening and weekend appointments, both here and at the other local GP Practices in North Devon. This will benefit you as a patient as it ensures that there are more appointments available to you at times that are more convenient out of the practice’s usual hours.
GP practices in our locality use one of the following clinical systems to securely host your electronic patient record: SystmOne (provided by TPP) EMIS Web (provided by EMIS)
Enhanced Access between practices using the same clinical system
When an Enhanced Access appointment is booked at a remote surgery whose clinical system is the same as that of your registered practice, the sharing of your full patient record will occur securely and electronically and the sharing only occurs when you choose to book the appointment (you will be asked to consent to the sharing of your record at the point of booking the appointment).
Access to your record at the remote surgery will only be made by staff involved in your appointment. If you have any concerns regarding this, or wish to object to the sharing of your medical record in this way, please speak to one of our reception team, who will be able to record your decision and change the settings for your record.
Please note that should you object, you will not be able to attend an appointment at a remote surgery offering the Enhanced Access service.
Enhanced Access between practices using different clinical systems
When an Enhanced Access appointment is booked at a remote surgery whose clinical system is different to that of your registered GP practice, the following procedure will occur in order to provide the clinician at the remote surgery with essential details of your medical record: To ensure that the clinician who is offering the Enhanced Access appointment has full access to a summary of your medical records, our reception team will ask you to consent to share your medical records summary when you book your appointment, which will ensure an effective and safe service.
On confirmation of booking this appointment, your medical records summary will be sent securely from this practice to the remote surgery (you will be asked to consent to the sharing of your record at the point of booking the appointment). Sharing of your data only occurs between us and staff at the remote surgery who are involved in your appointment. The clinician you visit will also be required to gain your consent prior to accessing your medical records summary. Once you have attended your appointment, we will be securely notified of the outcome of it and will follow up any clinical comments that require action. Your medical record will be updated accordingly.
Enhanced Data Sharing Module
We share your record using the Enhanced Data Sharing Module to make sure that, whether you are visiting the practice, attending hospital, or being seen in the community or at home by a care professional, everyone knows the care you need and how you want to be treated. Your electronic health record is available to the practices in North Devon as part of the Enhanced Access, DPT. It is shared with the practices within the Barnstaple Alliance PCN via shared administration within SystmOne, North Devon Hospice, Hospice care and the medical examiners service, with via SystmOne EDSM who are involved in your care. This includes the sharing of personal contact details, diagnosis, medications, allergies and test results. Your records will be treated with the strictest confidence and can only be viewed if you use their service.
Please note that if you have previously dissented (opted-out) to sharing your records, this decision will be upheld, and your record will only be accessed by the practice. Should you wish to opt-out of, please speak to reception who will be able to update your personal preferences. Please note that by opting out of this sharing, other health professionals may not be able to see important medical information, which may impact on the care you receive.
GPConnect
We share your record using GP Connect to make sure that, whether you are visiting the practice, attending hospital, or being seen in the community or at home by a care professional, everyone knows the care you need and how you want to be treated. Your electronic health record is available to local providers who are involved in your care. This includes the sharing of personal contact details, diagnosis, medications, allergies and test results. Your records will be treated with the strictest confidence and can only be viewed if you use their service.
Please note that if you have previously dissented (opted-out) to sharing your records, this decision will be upheld.
Should you wish to opt-out of, please speak to Emma Easterbrook – Practice Manager or Caitlin Hadley – Deputy Practice Manager. who will be able to update your personal preferences. Please note that by opting out of this sharing, other health professionals may not be able to see important medical information, which may impact on the care you receive.
Automated Registrations
We work in partnership with HealthTech-1 to provide improved access to our GP Practices through the use of automated digital registration. Their privacy notice can be found here https://docs.healthtech1.uk/privacy-policy
Heidi Health
We use Heidi Health (an AI digital note taking tool) to capture the details of your clinical consultations allowing the clinician to focus more time on your care. We also utilise the software to record and transcribe clinical and non-clinical meetings and other appropriate discussions to aid minute taking.
Heidi does not use your personal data to teach the AI models nor is any of your data transferred outside of the UK.
You have the right to opt out of your consultation being recorded using Heidi at any time, should you wish to opt out, please let your clinician know at the start of your consultation or as early as possible.
If you have any concerns about the use of AI within the Practice and want to discuss this further, please contact the Practice Manager.
Anima Health – Document Processing
To support safe and effective care delivery, this practice will be using Anima AI to assist with the processing of clinical and administrative documents. Anima AI helps our team manage incoming correspondence such as hospital letters, test results and patient communications but extracting key information and organising it within our workflow systems.
We rely on implied consent for this processing, as patients would reasonably expect their health
information to be used in this way to ensure continuity of care. This processing supports timely
clinical decision making and reduces delays when handling important documents.
We are transparent about this use of data, and details are outlined in this privacy notice and other
relevant policies. Due to the nature of this service and operational requirements within the practice,
there is no current opt-out process available for this specific use of Anima AI.
Population Health Management
Population Health Management (or PHM for short) is aimed at improving the health of an entire population. It is being implemented across the NHS and this Practice is taking part in a project extending across Devon.
PHM is about improving the physical and mental health outcomes and wellbeing of people and making sure that access to services is fair, timely and equal. It helps to reduce the occurrence of ill-health and looks at all the wider factors that affect health and care.
The PHM approach requires health care organisations to work together with communities and partner agencies, for example, GP practices, community service providers, hospitals and other health and social care providers.
These organisations will share and combine information with each other in order to get a view of health and services for the population in a particular area. This information sharing is subject to robust security arrangements.
One Devon Dataset
As well as using your data to support the delivery of care to you, your data may be used to help improve the way health and social care is delivered to patients and service users throughout Devon using Population Health Management methods.
We will use a pseudonymised extract (ie. not identifiable information) which will be sent securely to NHS Devon ICB (Integrated Care Board) and in partnership with the Local Authorities. Data will be used to support the Devon Integrated Care System to improve short-term and medium-term health outcomes for local populations. If you would benefit from some additional care or support, your information will be shared back to the practice, or another local provider involved in your care, so that they can offer you direct care.
Further information about Population Health Management can be found here:
https://www.england.nhs.uk/integratedcare/what-is-integrated-care/phm/
Further information about the One Devon Dataset can be found here:
https://www.devon.gov.uk/privacy/privacy-notices/privacy-notice-for-one-devon-dataset/
We will rely on public interest task as the legal basis for processing your data for this purpose. You have a right to object to your information
Devon & Cornwall Care Record
Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive.
This shared system is called the Devon and Cornwall Care Record.
It’s important that anyone treating you has access to your shared record so they have all the information they need to care for you. This applies to your routine appointments and also in urgent situations such as going to A&E, calling 111 or going to an out-of-hours appointment.
It’s also quicker for staff to access a shared record than to try to contact other staff by phone or email.
Only authorised staff can access the Devon and Cornwall Care Record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data – just data that services have agreed is necessary to include.
For more information about the Devon and Cornwall Care Record, please go to https://www.devonandcornwallcarerecord.nhs.uk/
NHS South, Central and West Commissioning Support Unit – Child Health Information Services (CHIS)
Purpose – South, Central and West Child Health Information Services (SCW CHIS) is commissioned by NHS England to support the monitoring of care delivered to children. Personal data is collected from the child’s GP record to enable health screening, physical examination and vaccination services to be monitored to ensure that every child has access to all relevant health interventions.
For more information: Fair Processing Notice Child Health Information Services - NHS SCW Support and Transformation for Health and Care (scwcsu.nhs.uk)
Legal Basis – Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Processor – SCW, Apollo Medical Software Solutions, System C
Research
We are a research practice and work with Health Innovation South West to deliver research studies and trials. Employees of the practices will access your information in order to determine whether you are suitable to be invited to participate in a study. We will only share your information with the research providers with your explicit consent. Further information regarding the research providers can be found here: https://healthinnovationsouthwest.com/privacy-statement/
Clinical Practice Research Datalink (CPRD)
This practice contributes to medical research and may send relevant data to CPRD. CPRD collects de-identified patient data from a network of GP practices across the UK. Primary care data is linked to a range of other health related data to provide a longitudinal, representative UK population health dataset. Further information regarding CPRD can be found here: https://cprd.com/transparency-information.
National Institute for Health and Care Research (NIHR) Clinical Research Network (CRN) South West Peninsula
We're excited to share news of our partnership with seasoned NIHR RRDN experts, seamlessly integrated into our practice team. In the pursuit of advancing medical research, these professionals, alongside our practice team, may access your patient record for pre-consented activities. This involves identifying potential eligibility for research opportunities and supporting recruitment and follow-up for clinical trials. This process operates under the lawful bases of Article 6 (public task) and Article 9 (substantial public interest) of the GDPR. Be assured, that your privacy and data security are rigorously safeguarded. This collaboration also supports NIHR and NHS's pursuit in improving equality to access research. Any eligible individuals will be contacted by the practice, and their consent will be requested before any further processing takes place.
https://www.nihr.ac.uk/documents/nihr-privacy-policy/12242
OpenSAFELY Data Analytics Service
NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.
Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers that directly or indirectly identifies individuals are removed and replaced with a pseudonym.
Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
Here you can find additional information about OpenSAFELY.
National Disease Registration Service
The National Disease Registration Service (NDRS) is run by NHS England and collects patient data on cancer, congenital anomalies and rare diseases, and provides analysis to support clinical teams, academics, charities and policy makers to help plan and improve treatments and healthcare in England.
Further information regarding the registry and your right to opt-out can be found at: https://digital.nhs.uk/services/national-disease-registration-service
Ardens Manager
We use Ardens Manager, a clinical decision support tool, to help us deliver safe, effective and proactive care to our patients. Ardens Manager is fully integrated within our clinical system (SystmOne) and works using information already held in your GP record. It does not create or store a separate patient record outside of this system.
Ardens Manager supports the practice to:
· Identify patients who may benefit from reviews, screening or preventative care
· Manage recalls, invitations, and follow ups
· Monitor long term conditions
· Support clinical decision making and improve the quality of care
The tool uses personal and special category data already recorded in your GP record, such as demographic details and clinical information (e.g diagnoses, medications and test results).
All processing takes place within the secure clinical system environment and is limited to what is necessary for your direct care and the management of healthcare services.
Ardens does not routinely extract or store patient identifiable data outside of the clinical system when used in this way.
Ardens Manager may highlight patients who meet defined clinical criteria; however, all decisions about your care are made by healthcare professionals. This processing may also support wider population health management activities, as described elsewhere in this privacy notice.
Changes to privacy notice
The practice reviews this privacy notice regularly and may amend the notice from time to time. If you wish to discuss any elements of this privacy notice, please contact the Practice Manager
