Lancashire and South Cumbria has been chosen by NHS England to be a national pilot for the digitisation of Medical Records. Scanning these paper based records and making them digital will enable better utilisation of space, creating more clinical space, staff areas, multi team space and video hubs, removing the need for some practices to build extensions. In addition it will also make your record more easily and speedily accessible to clinical staff within your practice.
Your complete GP medical record will be digital and stored in a secure cloud based clinical system (only accessible by your GP practice) with the paper based records being securely destroyed following BS EN 15713:2009 Secure destruction of confidential material. Your GP will still be able to access your records easily within this system. The scanning and destruction of the paper records will follow strict data protection guidelines adhered to by the NHS. As with paper based records, digital records are stored for the durations specified in the Records Management Codes of Practice for Health and Social Care. For GP patient records, this states that they may be destroyed 10 years after the patient’s death if they are no longer needed.
If you wish to discuss the scheme, please inform the Practice direct either by letter or via e-mail email@example.com
Your data, privacy and the Law
How we use your medical records
General Data Protection Regulations (GDPR)
Station House Surgery has a legal duty to explain how we use any personal information we collect about you as a patient of this practice. This is called a Privacy Notice.
We must comply with the General Data Protection Regulation (GDPR) and ensure that information is provided to patients about how their personal data is processed in a clear and concise manner.
WHAT IS GDPR?
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and requires that personal data be processed according to many of the same principles as the current Data Protection Act 1998. It is designed to harmonise data privacy laws across Europe, to protect all EU citizens’ data privacy and re-shape the way organisations approach data privacy.
WHAT INFORMATION DO WE COLLECT?
We collect information that helps the delivery of effective medical care, such as: name, address, date of birth, next of kin, appointments, your health records, treatments, medications, immunisations, test results and so on.
HOW DO WE USE YOUR INFORMATION?
- We use your data to provide patient care. We are legally obliged to disclose this information if the law requires us to do so (this is called ‘lawful basis’. For example if we are inspected or reporting certain illnesses or safeguarding vulnerable people. We can also disclose information if you give consent or if it is justified in the public interest.
- We share medical records with health professionals for example A&E, Out of Hours etc - who are involved in providing you with care and treatment.
- Data about you is used to manage national screening campaigns such as Flu, Cervical cytology and Diabetes prevention.
- We are a Research Accredited practice. This means that we may use patient non-identifiable information to support specific medical research programmes. We would not share any information about you that is identifiable. Should this be the case then we will ask your permission.
Station House Surgery is committed to maintaining confidentiality and protecting information we hold about you. We adhere to the General Data Protection Regulation (GDPR), NHS Code of Confidentiality & Security as well as guidance provided by the Information Commissioner’s Office (ICO).
Risk stratification techniques are used by the NHS to determine a person’s risk of suffering a particular condition, preventing an unplanned or readmission to hospital and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. Information is then electronically processed and given a risk score. This is relayed to your GP who can decide on any necessary actions.
In order for the Practice to be paid, basic and relevant necessary data about you may need to be transmitted securely & confidentiality to NHS payment services. The release of this data is required by English Law and is not used for any other purposes or shared with third parties.
WHAT THIS MEANS TO YOU
- You have the right to object to your information being shared. Please speak to Reception to let us know. We may not be able to withhold information about you if we have ’compelling legitimate grounds’ to share.
- You have the right to access the information we hold about you. This is called a ‘Subject Access Request’. Please speak to Reception who will help with this. You can receive a copy of your medical record free of charge.
- You have the right to have any inaccurate data in your record corrected.
Jeanette Cawley, Data Controller, Station House Surgery, Station Road, Kendal LA9 6SA
Contact us on 01539 722660 and ask to speak to the Practice Manager.
We hope you are happy with the information we have provided regarding our data-processing methods. However, if not and you do not feel that we can resolve it then you have the right to lodge a complaint with the Information Commissioners Office (ICO). www.ico.org.uk.
General Practice Privacy Notice
Freedom of Information Requests (FOI)
The Freedom of Information (FOI) Act 2000 provides public access to information held by public authorities. It does this in two ways:
• Public authorities are obliged to publish certain information about their activities
• Members of the public are entitled to request information from public authorities
The Act covers any recorded information that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland.
Anyone has a right to request information from a public authority. Station House Surgery has two separate duties when responding to these requests:
- To tell the applicant whether they hold any information falling within the scope of their request
- To provide that information, unless there is a legitimate reason not to disclose (where an exemption applies)
We will respond to a request made under FOI within 20 working days .