Privacy Notice

How your information is used to provide you with care

This practice keeps medical records confidential and complies with the General Data Protection Regulation.

We hold your medical record so that we can provide you with safe care and treatment.

We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.

We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see: https://digital.nhs.uk/summarycare-records or alternatively speak to your practice.
You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.

The practice will contact you by email or text message to send you reminders for booked appointments, to invite you for health checks and immunisations, and to make you aware of information that may be relevant to you specifically. We may also contact you by email or text message regarding your medical care. This may contain personal and sensitive information. If you would prefer not to receive information by text message or email you can opt out by contacting the practice and asking the team to remove this information from your medical record.

Other important information about how your information is used to provide you with healthcare

Registering for NHS care

All patients who receive NHS care are registered on a national database.
This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.
The database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.
More information can be found at: https://digital.nhs.uk/ or call 0300 303 5678.

Identifying patients who might be at risk of certain diseases

Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
This means we can offer patients additional care or support as early as possible.
This process will involve linking information from your GP record with information from other health or social care services you have used.
Information which identifies you will only be seen by this practice.
Speak to the practice for more information.

Safeguarding

Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
These circumstances are rare.
We do not need your consent or agreement to do this.
Speak to the practice for more information.

For research and planning

Your health and care information is used to improve your individual care.

It is also used to help the NHS research new treatments, decide where to put GP clinics and plan for the number of doctors and nurses in your local hospital.

Wherever possible, the NHS try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.

You can opt out from sharing your confidential information for research and planning if you want to.

To opt out, or to find out more information, you can visit NHS - Your Data Matters.

You can also call 0300 303 5678.

OpenSAFELY
NHS England has been directed by the Government to establish and operate the OpenSAFELY service. This service provides a Trusted Research Environment that supports COVID-19 research and analysis.

Each GP practice remains the controller of its own patient data but is required to let researchers run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym, through OpenSAFELY.

Only researchers approved by NHS England are allowed to run these queries and they will not be able to access information that directly or indirectly identifies individuals.

The NHS App

We use the NHS Account Messaging Service provided by NHS England to send you messages relating to your health and care. You need to be an NHS App user to receive these messages.

Further information about the service can be found in the privacy notice for the NHS App managed by NHS England.

We are required by law to provide you with the following information about how we handle your information.

Data Controller contact details	Chris Newman, Managing Partner Clapham Park Group Practice, 72 Clarence Avenue, LONDON, SW4 8JP
Data Protection Officer contact details	Danielle Gibbons North East London Commissioning Support Unit (NELCSU)
Purpose of the processing	To give direct health or social care to individual patients. For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care. To check and review the quality of care. (This is called audit and clinical governance).
Lawful basis for processing	These purposes are supported under the following sections of the GDPR: Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...” Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
Recipient or categories of recipients of the processed data	The data will be shared with: healthcare professionals and staff in this surgery local hospitals out of hours services diagnostic and treatment centres or other organisations involved in the provision of direct care to individual patients.
Rights to object	You have the right to object to information being shared between those who are providing you with direct care. This may affect the care you receive – please speak to the practice. You are not able to object to your name, address and other demographic information being sent to NHS Digital. This is necessary if you wish to be registered to receive NHS care. You are not able to object when information is legitimately shared for safeguarding reasons. In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm. The information will be shared with the local safeguarding service.
Right to access and correct	You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention period	GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found here
Right to complain	You have the right to complain to the Information Commissioner’s Office. If you wish to complain please click here or call the helpline 0303 123 1113
Data we get from other organisations	We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.

London Care Record

This practice uses a shared record system called the London Care Record. The London Care Record is a secure view of your health and care information and lets health and care professionals involved in your care see important details about your health when and where they need them. Having a single, secure view of your information helps speed up communication between care professionals across London, improves the safety of care and can save lives.

London Care Record can only be lawfully looked at by staff who are directly involved in your care. Your information isn’t available to anyone who doesn’t need it to provide treatment, care and support to you. Your details are kept safe and won’t be made public, passed on to a third party who is not directly involved in your care, used for advertising or sold. For more information please read the London Care Record privacy notice for South East London

Opting out of the London Care Record

You have the right to object to your information being available through London Care Record. Although patients have the right to object and request restrictions on sharing their records, there may be instances where this request will not be upheld due to a clinical need as determined by the direct care giver. Please discuss this with your GP/ health and social care worker and you can find further information on the One London website

For further information and advice about data protection or your right to object to sharing your data you can contact the team at Lewisham and Greenwich Trust who manage the London Care Record for South East London via their website or you can call 020 3192 6011 and leave your name and number for someone to contact you.

If you have already requested to stop sharing on ConnectCare/Local Care Record in South East London, then you will not have to request this again for London Care Record.