We respect your right to privacy and keep all your health information confidential and secure. It is important that the NHS keeps accurate and up-to-date records about your health and treatment so that those treating you can give you the best possible advice and care.
The information is only available to those involved in your care and you should never be asked for medical information by anyone not involved in your care.
You have a right to know what information we hold about you. If you would like to see your records, please contact our practice manager. We aim to treat all our patients courteously at all times and expect our patients to treat our staff in a similarly respectful way.
GDPR, Data Extraction/Data Sharing, and your right to object
General Data Protection Regulations (GDPR) come into force in May 2018. Basically these cover much the same ground as Information Governance (see above), but they lay more emphasis on written policies and procedures, and on organisations such as surgeries taking responsibility for informing staff and patients of the data they hold and how it is managed.
Most of the data we hold about our patients is on our clinical computer system (EMIS Web), which is managed offsite via the EMIS server based in Leeds. Patients should be aware that this data (and in fact all computerised GP records in doctors’ surgeries across the UK) is regularly accessed by a data extraction service called the General Practice Extraction Service (GPES), but that this service only extracts anonymised data for the sake of national statistics about patients and their health (for example the National Diabetes Audit).
Some non-anonymised, personal data for individual patients is also routinely shared with the national Summary Care Record service, which allows other health professionals to see things like your allergies and repeat prescriptions: this information can be very helpful if you have to be admitted to hospital as an emergency.
There may also be instances where we ask permission to share your personal details with other health services – for example if we have a Care Plan for an elderly or vulnerable patient, including next-of-kin details and emergency contact telephone numbers, we might ask your permission to share it with the out-of-hours services and the ambulance service, so that they would have access to the information if something happened when the surgery was closed.
You are entitled to refuse permission for any of these data extractions or data sharing arrangements: if you do so then your decision will be recorded on your notes and the data extractions and data sharing will not take place for you.