The General Data protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data. In General Practice we have always been used to managing patient data safely and confidentially. The new regulations has ensured that we have checked and risk assessed all our systems to ensure that they meet the stringent demands of both paper and online sharing.
For more information about how Oldham Medical Services manages and protects your personal clinical and non clinical information please see attached:
GDPR Practice Leaflet
Fair Process Notice
Under GDPR you have the right to understand what the GP surgery holds on you and how we will use your personal information.
- Data Controller: This is your GP Surgery who holds your personal data and decides on how to use the data it holds.
- Principle 1: Legality, Transparency and Fairness: In using your data there may be times when we have to seek your consent to use the data but on other occasions we may need to use your data to comply with our NHS contract, compliance with a legal obligation, to safeguard your vital interest, carry out tasks of public interest or to comply with our official authority. You have a right to understand how your data is used by the surgery in a clear and transparent manner and have the right to access your information free of charge as long as doesn't become excessive. You have the right to request correction of any inaccurate information held on you. Under Data Protection Act (2018) children from age 13 will have the right to consent to their own services ad how the Surgery engages with and provides them care (no need to engage with parent parent or guardian under DPA (2018) but directly with child).
You can also view the Fair Processing attachment above for more information.
- Principle 2: Purpose Limitation: Data collected on you will be limited to what is required for the Surgery to comply with its duty to you and the NHS to deliver healthcare. Your data may be shared with other agencies that work with the GP surgery. These will include the local Out Of Hours Service, 7 Day GP Services, Hospitals, Pharmacies, Community Nurses, Ambulance services and others who may need to be involved in your care. The Surgery may need to share your data for the purpose of medical research. Information shared will be limited to what is required to continue providing on going care. Once in Place a boroughwide IT system allowing safe sharing of information across the health and social care services will ensure safe sharing of your data to enhance the care you receive. In certain circumstances you will have the right to object to your data being shared.
- Principle 3: Minimisation: The data the Surgery holds will be relevant, adequate and limited to what is required foe the Surgery to fulfill its duty.
- Principle 4: Accuracy: Data held will be up to date. Any inaccurate information should be brought to the attention of the Surgery to ensure the inaccuracies are rectified.
- Principle 5: Storage Limitation: Your data will be kept in line with the NHS requirements. The Surgery will retain records from birth to death. Following death the NHS may destroy your records after 10 years.
- Principle 6: Integrity and Confidentiality: The Surgery complies with NHS rules on keeping your data safe and secure. The Surgery IT system that stores your data on EMIS Web and is one of the NHS approved GP computer systems. The Surgery also has internal systems in place to ensure that the premises are secure and staff appropriately trained to comply with confidentiality with regards to your data. When sharing your data with other agencies the Surgery complies with NHS rules on safe transfer of information.
- Principle 7: Accountability: The Surgery has taken the appropriate steps to comply with GDPR. The Surgery has appointed a Data Protection Officer (DPO) to ensure the surgery complies with GDPR legislation and you can contact the DPO by email: firstname.lastname@example.org
For more information please see the Privacy Notice attachment below;
GP Privacy Notice
Below are some examples of how the Surgery may share your data:
IT/ Electronic Patient Records
1. Referral Management- all clinical correspondence sent on behalf of patients automatically includes NHS Numbers for efficient identification.
2. Electronic Appointment Booking- the Practice offers patients the facility to book, view, amend, cancel and print their appointments online. Access is password protected and supplied only when the patient identification has been validated.
3. Online Booking of Repeat Prescriptions- the Practice offers patients the facility to view and order their repeat medication online. access is password protected only when patient identification has been validated.
4. Summary Care Records- Oldham Medical Services is enabled to provide automated uploads of any changes to a patient's 'Summary Care Record (SCR)' which allows clinicians at hospital or other surgeries where you may register temporarily for urgent care whilst away from home to receive basic information (medication and allergies) to help manage your problem. If you do not want your 'summary' medical records to be used in this way you will need to let us know so that we can update your records.
5. GP2GP Records Transfers- when a patient registers at a new Practice it can take some time for their paper records to reach their new GP possibly causing delays in treatment and care. Oldham Medical Services is able to transfer your medical details electronically via GP2GP as soon as you register elsewhere.
6. Patient Access to their GP Record- You can view, export or print a summary of your medical records via our online services system.
Summary Care Records
Today, records are kept in all the places where you receive care. These places can usually only share information form your records by letter, email, fax or phone. At times, this can slow down treatment and sometimes make it hard to access information.
Summary Care Records have been introduced to improve the safety and quality of patient care. Because the Summary Care Record is an electronic record, it will give healthcare staff faster, easier access to essential information about you, and help to give you safe treatment during an emergency or when your GP surgery is closed.
For example, a person who lives in London is on holiday in Brighton. One evening, they're knocked unconscious in a car accident and taken to accident and emergency (A&E) department. Under the current system of storing health records, it would be difficult for A&E staff to find out whether there are any important factors to consider when treating the person (such as any serious allergies to medications), especially as their GP surgery is likely to be closed. If healthcare staff cannot get the relevant health information quickly, patients may be at risk.
Summary Care Record is an electronic record that's stored at a central location. As the name suggests, the record will not contain detailed information about your medical history, but will only contain important health information, such as:
- Whether you're taking and prescription medication
- Whether you have any allergies
- Whether you've previously had a bad reaction to any medication
Access to your Summary care Record will be strictly controlled. The only people who can see the information will be healthcare staff directly involved in your care who have a special smartcard and access number (like a chip and pin credit card).
Healthcare staff will ask your permission every time they need to look at your Summary Care Record. if they cannot ask you, e.g. because your unconscious, healthcare staff may look at your record without asking you. if they have to do this, they will make a note on your record.
Do I have a Summary Care Record?
You can choose to have a Summary Care Record. if you would like one you won't need to do anything. It will happen automatically.
You can choose not to have a Summary Care Record. Let the Practice know by filling and returning an opt out form. See attachment below to download a copy.
Opt out Form SCR
If you opt out, you can rejoin the scheme at any time. An opt out form will automatically be included with your registration paperwork if you are new to the Practice.
More information about Summary Care Records is available at www.nhscarerecords.nhs.uk
Fair Processing of Information
Sharing information with Oldham Clinical commissioning Group (CCG)
Like all other practices in Oldham we have historically worked with NHS Oldham CCG to receive support in providing the best possible treatment and care to patients. One of the ways this is achieved is through data sharing between our medical system and the CCG.
Please see link below which explains more about the process and governance of information sharing with our local CCG.