GDPR - How your information will be used
- As one of your health and social care providers, Southdene Medical Centre needs to keep and process information about you for normal health care purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to provide health care and manage our relationship with you effectively, lawfully and appropriately, during your registration, whilst you are under our care, at the time when have been discharged or no longer under our care. This includes using information to enable us to comply with any service/performance contracts, to comply with any legal requirements, pursue the legitimate interests of (Practice name) and to protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
- As a business we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, for administrative purposes or to manage your health care. We will never process your data where these interests are overridden by your own interests.
- Much of the information we hold will have been provided by you, but some may come from other internal sources, such as clinical and administrative staff, or in some cases, external sources, such as other health and social care providers.
- The sort of information we hold includes your contact details, your medical records; correspondence with or about you, for example information from other health and social care organisations, medications; records of appointments, visits and other attendances.
- Where we record or process special categories of information relating to your health and social care records, racial or ethnic origin, religious, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is required by law or the information is required to provide healthcare.
- Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
- We may record computer and telephone/mobile telephone contacts.
- Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external health insurance schemes.
- We may transfer information about you to other organisations for purposes connected with your healthcare or the management of (Practice name) business, such as Commissioning bodies, hospital trusts, health and social care services.
- In limited and necessary circumstances, your information may be transferred outside of the EU or to an international organisation to comply with our legal or contractual requirements. We have in place safeguards to ensure the security of your data. A copy of the safeguards can be obtained from the Practice.
- Your personal data will be stored only for as long as we require it in relation to the purpose for which it was collected and/or processed.
- If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
- Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data. You also have the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
- If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
- You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.
The Data Protection officer for the Practice is:
Antony White/Margaret Ross
If you would like to contact the Data Protection Officer, please use the following Email: firstname.lastname@example.org
Or you can write to the DPO at:
Data Protection officer
South Durham Health Federation
Phoenix Medical Group
Wheatley Hill Surgery
General Data Protection regulation (GDPR)
The GDPR is the replacement for the Data Protection Act and comes into effect on the 25th of May 2018. Although it is European legistlation the UK will be adopting GDPR into UK law even after Brexit. This youtune video helps explain some of the changes with the GDPR.
If you would like to know more then follow some of these links:
the ICO website - Information Commissioners Guide to GDPR
NHS Digital - NHS Digital GDPR
Below is our Privacy Statement which explains why and how we use your data as a patient at our practice.
Many NHS services use Systmone, including ourselves. Due to the extra sharing that is possible on Systmone we have an additional privacy statement that relates specifically about this software. SystmOne Privacy Statement
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Patient Records Request Form or write to the practice requesting the information. Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.