Accessing Secure Emails Sent by the Practice
Sharing Your Medical Record
Increasingly, patient medical data is shared e.g. between GP surgeries and District Nursing, in order to give clinicians access to the most up to date information when attending patients.
The systems we operate require that any sharing of medical information is consented to by patients beforehand. Patients must consent to sharing of the data held by a health provider out to other health providers and must also consent to which of the other providers can access their data.
e.g. it may be necessary to share data held in GP practices with district nurses but the local podiatry department would not need to see it to undertake their work. In this case, patients would allow the surgery to share their data, they would allow the district nurses to access it but they would not allow access by the podiatry department. In this way access to patient data is under patients' control and can be shared on a 'need to know' basis.
Sharing your NHS Patient Data
Information sharing in the NHS is subject to rigorous regulation and governance to ensure your full identifiable and personal medical data is kept confidential and only ever seen by carefully vetted doctors, nurses and administrative staff responsible for overseeing your care.
With the development of information technology the NHS will increasingly be sharing key information from your GP medical notes with Out of Hours GP Services, Hospital A&E Units, Community Hospitals, Community Nurses all of whom may at various times in your life be looking after you. Sharing information can improve both the quality and safety of care you receive and in some cases can be vital in making life-saving decisions about your treatment.
There are currently two different elements of "sharing NHS patient information"
- SCR = The NHS Summary Care Record
- Local Shared Care Record
SCR = NHS Summary Care Record
The NHS Summary Care Record was introduced many years ago to help deliver better and safer care; it contains basic information about:
- Any allergies you may have
- Unexpected reactions to medication
- Any prescriptions you have recently received
The intention of the SCR is to help clinicians in Hospital A&E Departments, Paramedics and GP 'Out of Hours' health services to give you safe, timely and effective treatment. Clinicians are only allowed to access your SCR record if they are authorised to do so and, even then, only if you give your express permission. You will be asked if healthcare staff can look at your Summary Care Records every time they need to, unless it is an emergency, for instance if you are unconscious. You can refuse if you think access is unnecessary.
Over time, health professionals treating you may add details about any health problems and summaries of your care. Every time further information is added to your record, you will be asked if you agree (explicit consent).
Patients under 16 years have an NHS Summary Care Record created for them so if you are the patient or guardian of a child then please either make this information available to them or decide and act on their behalf.
Please complete the following consent form and return to the surgery to give the surgery your consent to share your SCR with additional information to other NHS Health care providers.
Local Shared Care Record
Many people think that their GP health record is available to all healthcare professionals involved in their care, but this is not always the case.
At the moment, each professional a patient sees keeps a separate record. This can mean some important information not being communicated between health services as well as it could be. Having a single electronic record with all health information in one place means that care providers can give patients the most safe and efficient care possible. Health information recorded at Wallingbrook Health Group can be shared digitally with other health and care organisations where patients are being treated. Wallingbrook Health Group asks patients if they wish to share their information on an individual patient basis with regard to record sharing.
Sharing IN determines whether or not our GP Practice can view information in your record that has been entered by other NHS services who are providing care for you or who may provide care for you in the future (that you have consented to share out).
Sharing OUT controls whether information recorded at our GP Practice can be shared with other NHS health Care providers.
Please complete the following consent form and return to the surgery to give the surgery your consent to share your medical record with other NHS health care organisations.
Further information can be found at NHS Devon CCG
Your Data Matters to the NHS
The NHS wants to make sure you and your family have the best care now and in the future. Your health and adult social care information supports your individual care.
Unless you have chosen to opt out, your confidential patient information can be used for research and planning. You are able to make or change your decision at any time. Your confidential patient information provides numerous benefits. It is used in research to find cures and better treatments for diseases like diabetes and cancer.
Most of the time, we use anonymised data for research and planning. So your confidential patient information isn't always needed. If you do opt out, data that does not identify you may still be used.
Confidential patient information can also be used to plan health and care services more effectively. The NHS and local authorities can plan where they need to provide further care services more efficiently.
With you data, we are better able to develop and improve health and care services for the future. This helps to improve health and social care for you and your family.
The NHS collects health and care data from all NHS organisations, trust and local authorities. Data is also collected from private organisations, such as private hospitals providing NHS funded care. Research bodies and organisations can request access to this data. Further information can be found here.
There are very strict rules in how your data can and cannot be used, and you have clear data rights. Access to confidential patient information will not be given for marketing purposes or insurance purposes - unless you specifically request this.
Protection of your confidential patient information is taken very seriously and is looked after in accordance with good practice and the law.
Every organisation that provides health and care services will take every step to:
- ensure data remains secure
- use anonymised data whenever possible
- use confidential patient information for marketing or insurance purposes (unless you specifically request this)
- make it clear why and how data is being used
- respect your decision if you decide to opt out
- only use information about you where allowed by law
All NHS organisations must provide information on the type of data they collect and how it is used. Data release registers are published by NHS Digital and Public Health England, showing records of the data they have shared with other organisations.
Manage your choice
Online - Use this service to request that your confidential patient information is not used beyond your own individual care.
Telephone: 0300 303 5678 Open: 9am to 5pm Monday to Friday (excluding bank holidays). - You may contact the NHS Digital Contact Centre to verify your identity and discuss your data sharing choices.
Parents or legal guardians may also set and manage a choice on behalf of their child under the age of 13 years.
You can set and manage a choice on behalf of another individual, who is unable to manage their choice independently. For example, if you have power of attorney.
If you decide to opt out, this will be respected and applied by NHS digital and Public Health England. These organisations collect, process and release health and adult social care data on a national basis. Your decision will also be respected and applied by all other organisations that are responsible for health and care information by March 2020.
An opt-out will only apply to the health and care system in England. This does not apply to your health data where you have accessed health or care services outside of England, such as in Scotland and Wales.
If you choose to opt out, your data may still be used during some specific situations. For example, during an epidemic where there might be a risk to other people's health.
For more information on where opt outs do not apply click here.
How We Process & Share Your Data
What GDPR will mean for patients
The GDPR sets out the key principles about processing personal data, for staff or patients;
- Data must be processed lawfully, fairly and transparently
- It must be collected for specific, explicit and legitimate purposes
- It must be limited to what is necessary for the purposes for which it is processed
- Information must be accurate and kept up to date
- Data must be held securely
- It can only be retained for as long as is necessary for the reasons it was collected
There are also stronger rights for patients regarding the information that practices hold about them. These include;
- Being informed about how their data is used
- Patient to have access to their own data
- Patients can ask to have incorrect information changed
- Restrict how their data is used
- Move their patient data from one health organisation to another
- The right to object to their patient information being processed (in certain circumstances)
What is GDPR?
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA's principles. The main changes are:
- Practice must comply with subject access requests
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner's Office must be notified within 72 hours of a data breach
- Higher fines for data breaches - up to 20 million euros
What is 'patient data'?
Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc.
What is consent?
Consent is permission from a patient - an individual's consent is defined as "any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed."
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
Access to your medical records
The Access to Health Records Act 1990 and Data Protection Act give patients / clients / staff or their representatives a right of access, subject to certain exemptions, to their health records. Wallingbrook Health Group respects the rights of individuals to have copies of their information wherever possible.
No information will be released without your consent unless we are legally obliged to do so.
Medical records may be emailed to you via the secure NHSmail encryption service. For more information on accessing these email please see the Accessing Encrypted Emails Guide for Non-NHSmail users.
- Wallingbrook Health Group Patient Privacy Notice
- Data Protection Privacy Notice easy Read Information May 2020
- Subject Access Request Policy
- Safeguarding Vulnerable Adults and Children Policy
- Covid 19 Supplementary Privacy Notice June 2020
Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Data Protection Act - Patient Information
All patient information is considered to be confidential and we fully comply with the Data Protection Act 2018 and Caldicott principles. All employees in the practice have access to this information in relation to their role, have confidentiality clauses in their contracts of employment and have signed a confidentiality agreement. All staff members adhere to the confidentiality NHS Code of Practice 2003.
We need to hold personal information about you on our computer system and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. please help to keep your record up to date by informing us of any changes to your circumstances.
All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.
Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both a legal and contractual duty to keep your details private.
Where a patient wishes information not to be shared within the team providing direct care then they must discuss this with their GP or Executive Partner.
Patient information will not be shared outside of the direct care team without consent being sought. An individual has the right to refuse to have their information disclosed although this may have an impact on their care, and wishes will be complied with.
In some circumstances we may be require by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstances you may be required to give written consent before information is released - such as for medical reports for insurance, solicitors etc.
To view the Data Protection Policy click here
To view the practice Information Commissioner's Office Certificate click here
Please note that it is the Practice's policy to record all telephone calls for the purposes of patient and staff care, security, and dispute resolution. Recordings and their use will be at the Partners' discretion and will also comply with the Practice's Data Protection registration.
To ensure your privacy, we will not disclose information over the telephone unless we are sure that we are talking to you. Information will not be disclosed to family, friends, or spouses unless we have prior written consent, and we do not leave messages with others.
The Practice's Responsibilities
The Practice will ensure that employees fully understand all their responsibilities with regard to confidential data by ensuring employees undertake Information Governance training and sign a written statement of the responsibilities they are undertaking towards the security of the data. Competency will be assessed as an on-going process and as part of the appraisal process.
Freedom of Information
Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the Practice Manager.
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
For further information please download a copy of the complaints leaflet.
To submit a complaint by post, please download the complaints form and post to:
Wallingbrook Health Centre, Back Lane, Chulmleigh, Devon, EX18 7DL
Third Party Consent
If you are complaining on behalf of a patient or your complaint involves the medical care of a patient then the consent of the patient will be required. Please obtain the patients signed declaration. For further details please refer to the complaints leaflet.
Wallingbrook Health Centre, Back Lane, Chulmleigh, Devon, EX18 7DL.
The Practice takes it very seriously if a member of staff or one of the doctors or nursing team is treated in an abusive or violent way.
The Practice supports the government's 'Zero Tolerance' campaign for Health Service Staff. This states that GPs and their staff have a right to care for others without fear of being attacked or abused. To successfully provide these services a mutual respect between all the staff and patients has to be in place.
All our staff aim to be polite, helpful, and sensitive to all patients' individual needs and circumstances. They would respectfully remind patients that very often staff could be confronted with a multitude of varying and sometimes difficult tasks and situations, all at the same time. The staff understand that ill patients do not always act in a reasonable manner and will take this into consideration when trying to deal with a misunderstanding or complaint.
However, aggressive behaviour, be it violent or abusive, will not be tolerated and may result in you being removed from the Practice list and, in extreme cases, the Police being contacted.
In order for the practice to maintain good relations with their patients the practice would like to ask all its patients to read and take note of the occasional types of behaviour that would be found unacceptable:
- Using bad language or swearing at practice staff.
- Any physical violence towards any member of the Primary Health Care Team or other patients, such as pushing or shoving.
- Verbal abuse towards the staff in any form including verbally insulting the staff.
- Racial abuse and sexual harassment will not be tolerated within this practice.
- Persistent or unrealistic demands that cause stress to staff will not be accepted.
- Requests will be met wherever possible and explanations given when they cannot
- Causing damage/stealing from the Practice's premises, staff or patients.
- Obtaining drugs and/or medical services fraudulently.
We ask you to treat your GPs and their staff courteously at all times.
Non Attendance Policy
On average 110 appointments a month are classified as 'Did Not Attend' i.e. the patient did not attend their appointment and did not contact the surgery in advance to cancel/change their appointment. The effects of these are:
A potential risk to the health of the patient
An increase in waiting time for appointments for other patients
Frustration for both staff and patients where the wasted appointment could have been given to another patient who is waiting
A waste of resource
It is important that any patient non-attendance policy is agreed as a practice and that patients are made aware of the policy and the reason for implementing. Whilst it is important to be consistent, there will be exceptions on an individual case-by-case basis. The policy is conveyed by posters displayed in the waiting room and by advertising the policy on this website. This policy is discussed with the Patient Participation Group.