Privacy Policy

Data Protection Privacy Notice for Patients

Introduction

 

This privacy notice lets you know what happens to any personal data that you give to Wallingbrook Health Group, or any that we may collect from or about you. This privacy notice applies to personal information processed by or on behalf of the practice.

The General Data Protection Regulation (GDPR) became law in the UK on 25th May 2018. This is a single EU wide regulation on the protection of confidential and sensitive information. The current UK Data Protection Act 2018 will need to be read alongside the EU GDPR to ensure your rights as Data subjects are protected.

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation, Regulation (EU) 2016/679 the "GDPR"), and the Data Protection Act 2018 the practice responsible for your personal data is Wallingbrook Health Group. This notice describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

For additional information about the General Data Protection Regulation please see:

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/

 

Data Controller:

Wallingbrook Health Group, Back Lane, Chulmleigh, Devon EX18 7DL

 

Data Protection Officer:

 

Bex Lovewell, email bex.lovewell@nhs.net or postal address: DELT Shared Services Ltd, BUILDING 2 DELT, Derriford Business Park, Plymouth, PL6 5QZ

 

How Wallingbrook Health Group uses your information to provide you with healthcare

We hold your medical record so that we can provide you with safe care and treatment.

NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which the practice holds about you may include the following information:

  • Details about you, such as your address, carer, legal representative, emergency contact details
  • Any contacts the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health.
  • Details about your treatment and care.
  • Results of investigations such as laboratory tests, x-rays etc.
  • Relevant information from other health professionals, relatives or those who care for you.
  • Photos pertaining to your health care (taken in practice or received securely via AccuRx secure messaging or email).

We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.

Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record For more information see:

https://digital.nhs.uk/services/summary-care-records-scr

This practice is part of the Local Shared Care Record scheme. This is a Devon wide service and includes:

  • Out of hours health services, hospital wards and A&E within Devon,
  • Community Health services such as District Nurses, Podiatrists, Occupational Therapists and SWAST (South West Ambulance Service Trust).

It includes data such as recent diagnosis, test results, allergies, medications, current or past (and significant) illnesses, encounters and referrals. Access will only be granted to health care professionals on a need to know basis with your consent.

For more information see:

https://www.newdevonccg.nhs.uk/ccg-wide-projects/local-shared-care-record-101516

You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.

 

Improved Access – GP Connect

 

Who will we share your information with?

As part of our Improved Access Initiative, Wallingbrook Health Group patients will be able to book evening and weekend appointments, both here and at other local GP Practices that are part of the Mid Devon Healthcare Primary Care Network (Bow Medical Practice, Cheriton Bishop and Teign Valley Practice, Chiddenbrook Surgery, Mid Devon Medical Practice and New Valley Practice). This part of the clinical system is known as GP Connect. This will benefit you as a patient as it ensures that there are more appointments available to you at times that are more convenient out of the practice’s usual hours.

GP practices in our Primary Care Network (PCN) use one of the following clinical systems to securely host your electronic patient record:

  • SystmOne (provided by TPP)
  • EMIS Web (provided by EMIS)

We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.

If you have any concerns regarding this, or wish to object to the sharing of your medical record in this way, please speak to one of our Patient Services Team, who will be able to record your decision and change the settings for your record.

Please note that should you object, you will not be able to attend an appointment at another PCN surgery offering the Improved Access service.

Other important information about how your information is used to provide you with Healthcare

Registering for NHS care

  • All patients who receive NHS care are registered on a national database.
  • This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.
  • The database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.
  • More information can be found at: https://digital.nhs.uk/ or the phone number for general enquires at NHS Digital is 0300 303 5678

Identifying patients who might be at risk of certain diseases

  • Your medical records will be searched by a computer program so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
  • This means we can offer patients additional care or support as early as possible.
  • This process will involve linking information from your GP record with information from other health or social care services you have used.
  • Information which identifies you will only be seen by this practice.
  • More information can be found at: https://digital.nhs.uk/ or the phone number for general enquires at NHS Digital is 0300 303 5678

Intervention

 

PINCER is a proven pharmacist led IT-based intervention to reduce clinically important medication errors in primary care. The intervention comprises of three core elements:

  1. Identification of patients at risk of potentially hazardous prescribing using a set of prescribing safety indicators.
  2. Pharmacists specifically trained to deliver the intervention, providing an educational outreach intervention where they meet with GPs and other practice staff to:
    • Discuss the results and highlight the importance of the hazardous prescribing identified using brief educational materials.
    • Agree an action plan for reviewing patients identified as high risk and improving prescribing and medication monitoring systems using root cause analysis (RCA) to minimise future risk.
  1. Pharmacists (and pharmacy technicians) working with, and supporting, general practice staff to implement the agreed action plan.

All patient level data remains within the GP practice with only practice summative data being submitted to the CHART Online national comparative database.

For more details of the study please visit online:

https://www.nottingham.ac.uk/primis/pincer/pincer-intervention.aspx

Safeguarding

  • Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
  • These circumstances are rare.
  • We do not need your consent or agreement to do this.
  • Please see our local policies for more information: Wallingbrook Safeguarding Vulnerable Adults and Children policy at http://www.wallingbrook.co.uk

We are required by law to provide you with the following information about how we handle your information.

 

Purpose of the processing:

 

  • To give direct health or social care to individual patients, for example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
  • To check and review the quality of care (this is called audit and clinical governance).

Lawful basis for processing:

 

These purposes are supported under the following sections of the GDPR

  • Article 6(1)(e) ‘...necessary for the performance of a task carried out in the public interest or in the exercise of official authority...’; and
  • Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”

Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.

Recipient or categories of recipients of the processed data

 

We may share information with the following organisations:

  • The GP Practices within the Mid Devon Healthcare Primary Care Network
  • NHS Trusts/ Foundation Trust
  • Devon Clinical Commission Group (CCG);
  • NHS Commissioning Support Units
  • Community Services (District Nurses, Rehabilitation Services and out of hours services)
  • Ambulance or emergency services
  • Independent contractors such as Pharmacies, Dentist and Opticians
  • Local authorities
  •  Multi-Agency Safeguarding Hub (MASH)Health and Social Care Information Centre (HSCIC)
  • Child Health Intelligence Service
  • Police and Judicial Services
  • Educational Services
  • Fire and Rescue Services
  • NHS 111
  • The Care Quality Commission, ICO and other regulated auditors
  • Public Health England and Screening
  • NHS England
  • NHS Digital
  • Non-NHS health care providers
  • Research providers

Data we get from other organisations

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a communication to let us know what happens. This means your GP medical record is kept up to date when you receive care from other parts of the health service.

Electronic reporting software used in conjunction with Subject Access Requests and Medical Insurance Reports

In accordance with the General Data Protection Regulation and the Data Protection Act 2018 we are required to advise you that Wallingbrook Health Group uses an integrated software system called iGPR, which extracts data from your patient record (held within the TPP SystmOne secure electronic clinical system) when we receive a:

  • Subject Access Request
  • Medical insurance report request (made under the Access to Medical Records Act 1998)

Either type of report may include details of consultations, test results, procedures, letters from consultants etc. Wallingbrook Health Group shares your medical records this way when the request is made by yourself, a Third Party acting on your behalf (like a Solicitor or the Police) or Insurance Company.

The iGPR software is provided by Niche Health (NicheSys Ltd). Their website can be found at: https://www.igpr.co.uk/

The software is important because:

  • It allows for patient’s data to be extracted securely with electronic security measures.
  • It allows the patient’s data to be sent securely to the requestor of the data

(either directly from the software itself or as a file secured by encrypted nhs email service).

Sage Finance Programme

The practice will send invoices to patients and companies when Non NHS work has been completed. Patients name and occasionally their date of birth are used for identification purposes for the receiver of the invoice as well as for the practice.

Retention Period

 

The practice will also retain a copy of the Subject Access Request or Insurance

Report. We hold this securely on our internal computer systems for the time as outlined by General Data Protection Regulation and Section 6 of the Access to Medical Reports Act 1988:

  • SAR Reports: 3 years from the date the report is supplied
  • Insurance Reports: 1 year from date the report is supplied

The reports are then permanently deleted after this period.

SMS Texting and Email Communications Software

If you provide us with a mobile contact number and email address, we may from time to time send you SMS messages or emails which relate directly to your healthcare. Texts / emails may be regarding appointment confirmations, cancellations and reminders of annual clinics or signpost beneficial services which relate directly to your healthcare.

Under the General Data Protection Regulation the lawful basis for this action is defined as:

  • Article 6(1)(e) ‘...necessary for the performance of a task carried out in the public interest or in the exercise of official authority...’; and
  • Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”

At the time of General Data Protection Regulation introduction (25th May 2018) wesent out texts and emails to ask our patients if they would like to continue receiving SMS texts from the practice (no further action was necessary if this was ok with you). Should you wish to change your mind at any time please contact the practice directly.

NHSmail

 

Wallingbrook Health Group staff use NHSmail which is a secure email service approved for sharing sensitive information. NHSmail can be used for both emails and the facility to send SMS directly from your clinical records.

MJOG

 

Additional software which the practice uses in conjunction with SMS texting and emailing is called MJOG https://www.mjog.com/.This software securely connects to the practice clinical system in order to obtain the mobile number or email held in the contact details portion of your clinical record. MJOG is used for appointment reminders, cancellations and invitations.

For full Privacy Policy and security information please visit the following links: https://www.mjog.com/privacy-policy/

AccuRxDigital communications software

AccuRx is an NHS Digital approved video consultation system and secure messaging service.

We us it for the following:

  • Remote video consultations
  • Electronically receiving Photos taken by Patients
  • Electronically sending Med3 Fit to work assessment documents

For full Privacy Policy and security information please visit the following links: https://www.accurx.com/security

https://www.accurx.com/privacy-policy

Photos submitted by patients are saved on to the clinical system and form part of the patient clinical record.

Microsoft Office 365

 

Wallingbrook Health Group uses Microsoft Office 365 and Teams.

Recipient or categories of recipients of the processed data

eConsult GP Online Consultation Service

By law, all organisations that use personal information (personal data) must provide a clear description of how it is used and in addition provide any related information to ensure that the processing is carried out lawfully and fairly.

 

Online Consultation Service

Wallingbrook Health Group has engaged with a specialised online consultation service supplier who has been authorised by NHS England to provide the technical aspects of the online consultation service (the supplier has successfully met all of NHS England’s stringent IT technical and security requirements).

NHS England, on behalf of Wallingbrook Health Group, contracts with the supplier and acts as a Joint Controller for this service if a patient completes an eConsult via the eConsult app. NHS England will not, however, receive any of your personal information (the practice remains responsible for your data and will ensure that any data you provide is used for the online consultation purposes only).

The name of the organisation providing this service is eConsult Health Ltd (eConsult)., who will act as a Processor of your personal data under GDPR.

On behalf of Wallingbrook Health Group NHS Digital manages your online connection to the eConsult service, (via their secure authentication service known as NHS login). If you use NHS login, NHS Digital will also act as a Processor under GDPR.

What is the lawful basis for your GP practice’s online consultation service?

 

The following legal bases set out in the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 allows your GP practice to use your information when using the online consultation service:

  1. when using your Personal Information (Personal Data) article 6 (1) (e) of the GDPR, allows the lawful processing of your personal information which is necessary to provide a service that is in the public interest
  2. when using your Sensitive Personal Information (Sensitive Personal Data): article 9(2) (h) of the GDPR allows the lawful processing of your health information which is necessary for the provision of health treatment.

What are the purposes of the processing?

Online consultations allow the GP practice’s patients to contact the practice without having to wait on the phone or take time to come into the practice in person, especially if a patient is not sure whether they need a face to face consultation.

These consultations enable patients to use a secure online system to ask questions and report symptoms, which will then be followed up with a response from an appropriate staff member at the practice (eg a GP in regards to a medical query or administrative staff member in the event of a request for administrative assistance).

What personal information is used?

As this service is accessed online, Wallingbrook Health Group must ensure that it continues to provide you with a confidential and high-quality service. In order to do so staff must correctly identify you, accurately note your request and subsequently provide an appropriate response. If they were prevented from using this essential information, they would be unable to provide the service securely and confidentially.

Information which is not required for the service is not collected.

Wallingbrook Health Group uses the following information to identify and deal with your request.

  1. Identity and Contact Information: includes name, gender, date of birth, NHS number, email address and telephone number, postal address. If you have created an NHS login account you will already have verified who you are and you can, if you wish, use those details from your NHS login account to save you time and avoid having to manually enter your details to re-identify yourself to use the Online Consultation service.
  2. Special Categories of Personal Information: your health information such as your symptoms, conditions, medication and other details which are already held in your GP records and / or which you provide through the online consultation process.

Do we share your personal information?

Wallingbrook Health Group will only use your information to provide you with health services.

As previously mentioned, the practice has engaged with eConsult (a specialised organisation) so that it can provide an online consultation service to you. Relevant personal information is shared between both organisations.

If you are advised to seek urgent care, your information will not be shared with other health and care providers.

The online consultation service is also made available to patients who use the NHS App. This can be downloaded online from the App Store and Google Play. The NHS App is provided by NHS Digital and provides health services which include the ability to view your medical record. If you are logged into the NHS App, then you will also have access to your GP practice online consultation service. Requests you make to the service will be securely sent from the NHS App to your GP practice clinical system via NHS Digital.

Whenever your GP shares your information, they will always comply with the law.

Where is your information processed and stored?

It is processed and stored within the United Kingdom.

How long is your personal information kept?

 

Wallingbrook Health Group is obliged to hold personal information in line with NHS records management schedules. The practice instructs eConsult, their engaged contractor in this instance, to comply with these schedules. When the information you submit on eConsult is copied across to Wallingbrook Health Group own IT systems then the information held by eConsult will be deleted. eConsult retain your contact details (name, email) for up to 5 weeks, in order to facilitate communication relating to the consultation, after which they are automatically deleted.

If you have been advised online to seek urgent care elsewhere, then your information will not be transferred to Wallingbrook Health Group and will not be retained after you have read the advice given.

Right to restrict or object the use of your information

There are certain circumstances in which you can object from your information being shared. Information regarding your rights to opt-out is detailed below.

Consent:

If the practice is relying on the consent as the basis for processing your data, you have the right to withdraw your consent at any time. Once you have withdrawn your consent, we will stop processing your data for this purpose.

However, this will only apply in circumstances on which we rely on your consent to use your personal data. Please be aware that if you do withdraw your consent, we may not be able to provide certain services to you. If this is the case, we will let you know.

  • You have the right to object to information being shared between those who are providing you with direct care.
  • This may affect the care you receive - please speak to the practice.
  • You are not able to object to your name, address and other demographic information being sent to NHS Digital. This is necessary if you wish to be registered to receive NHS care.
  • You can opt out of receiving SMS and emails. Please reply Stop to an SMS or email that you have been sent or speak to a member of the Patient Services Team.
  • You are not able to object when information is legitimately shared for safeguarding reasons.
  • In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
  • The information will be shared with the local safeguarding service:

For Adults - Devon Care Direct

For Children – Devon Multi Agency Safeguarding Hub, Health Visitors & School Nurses

Devon Out of hour’s service.

Summary Care Record:

The SCR improves care; however, if you do not want one, you have the right to object to sharing your information or to restrict access to specific elements of your records. This will mean that the information recorded by your GP will not be visible at any other care setting. 

If you wish to discuss your options in regards to the SCR, please speak to a member of the Patient Services Team. You can also reinstate your consent at any time by giving your permission to override your previous dissent.

Right to access and correct

  • You have the right to access your medical record and have any errors or mistakes corrected. To access your record you can sign up for online services

(view your record online) or submit a SAR (subject access request) by contacting or calling in at the practice.

  • We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Retention period

 

We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records management code of practice for health

and social care and national archives requirements. More information on records retention can be found online at:

https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016

Right to complain

 

You have the right to complain. Please contact the Managing Partner, Lucy Harris if you wish to make a complaint. You may also make your complaint directly to the Information Commissioner’s Office. Further information can be found at: https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113.

How your information is used for medical research and to measure the quality of care

 

Medical research

 

Wallingbrook Health Group shares information from medical records:

  • To support medical research when the law allows us to do so, for example to learn more about why people get ill and what treatments might work best;
  • We will also use your medical records to carry out research within the practice.

This is important because:

  • The use of information from GP medical records is very useful in developing new treatments and medicines;
  • Medical researchers use information from medical records to help answer important questions about illnesses and disease so that improvements can be made to the care and treatment patients receive.
  • The CCG Medicine Optimisation Team, Continuity Counts and Primis are used in some circumstances to create clinical system reports.

We share information with the following medical research organisations with your explicit consent or when the law allows:

Exeter National Institute for Health Research, Clinical Research facility – StartRight Study https://exetercrfnihr.org/

Biobank - UK Biobank extracts data on its volunteer participants. To find out more information regarding the study and for your rights to opt-out/ withdraw consent go to https://www.ukbiobank.ac.uk/.

You have the right to object to your identifiable information being used or shared for medical research purposes. You can manage your preference online -see the national data opt out scheme at: https://digital.nhs.uk/services/national-data-opt-out

or if you do not wish to use this service but still object then please call the practice.

Checking the quality of care - national clinical audits

Wallingbrook Health Group contributes to national clinical audits so that healthcare can be checked and reviewed.

  • Information from medical records can help doctors and other healthcare workers measure and check the quality of care which is provided to you.
  • The results of the checks or audits can show where hospitals are doing well and where they need to improve.
  • The results of the checks or audits are used to recommend improvements to patient care.
  • Data is sent to NHS Digital a national body with legal responsibilities to collect data.
  • The data will include information about you, such as your NHS Number and date of birth and information about your health which is recorded in coded form - for example the code for diabetes or high blood pressure.
  • We will only share your information for national clinical audits or checking purposes when the law allows.
  • For more information about national clinical audits see the Healthcare Quality Improvements Partnership website: https://www.hqip.org.uk/ or phone

020 7997 7370.

  • You have the right to object to your identifiable information being shared for national clinical audits. Please contact the practice if you wish to object.

Checking the quality of care – using personal data to contact people to ask for their feedback – Friends and Family Test

 

Wallingbrook Health Group contributes to national audits so that healthcare can be reviewed.

 

  • Information from medical records can help doctors and other healthcare workers measure and check the quality of care which is provided to you.
  • The results of the audits can show NHS England how the practice is doing and where they need to improve.
  • The responses received are collated and the figures (number of responses) are sent to NHS England..
  • The data sent to NHS England will not include information about you or any personal identifiers.
  • The Friends and Family Test is not compulsory, patients can choose not to participate.
  • For more information contact the Friends and Family Test Helpdesk at england.friendsandfamilytest@nhs.net

We are required by law to provide you with the following information about how we share your information for medical research purposes.

 

Purpose of the processing:

 

Medical research and to check the quality of care which is given to patients (this is called national clinical audit).

Lawful basis for processing:

 

The following sections of the GDPR mean that we can use medical records for research and to check the quality of care (national clinical audits)

Article 6(1)(e) – ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.

Article 9(2)(a) – ‘the data subject has given explicit consent...’

Recipient or categories of recipients of the processed data

 

For medical research the data will be shared with StartRight Exeter National Institute for Health Research, Clinical Research facility.

Biobank - UK Biobank extracts data on its volunteer participants.

For national clinical audits which check the quality of care the data will be shared with NHS Digital.

Rights to object and the national data opt – out

You have the right to object to your information being shared under the national data opt-out model. The national data opt-out model provides an easy way for you to opt-out of sharing information that identifies you being used or shared for medical research purposes and quality checking or audit purposes. 

To opt-out of your identifiable information being shared for medical research or to find out more about your opt-out choices please ask a member of the Patient Services Team or go to NHS Digital’s website: 

https://digital.nhs.uk/services/national-data-opt-out-programme

How your information is shared so that this practice can meet legal

requirements

 

The law requires Wallingbrook Health Group to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:

  • plan and manage services;
  • check that the care being provided is safe;
  • prevent infectious diseases from spreading.

We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information.

We must also share your information if a court of law orders us to do so.

NHS Digital

  • NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.
  • It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
  • This practice must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
  • More information about NHS Digital and how it uses information can be found at: https://digital.nhs.uk/

Care Quality Commission (CQC)

  • The CQC regulates health and social care services to ensure that safe care is provided.
  • The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk.
  • For more information about the CQC see: https://www.cqc.org.uk/

Public Health

  • The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population.
  • We will report the relevant information to local health protection team or Public Health England.
  • For more information about Public Health England and disease reporting see:

https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report

We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data

Purpose of the processing:

 

Compliance with legal obligations or court order.

Lawful basis for processing:

 

The following sections of the GDPR mean that we can share information when the law tells us to.

Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject...’

Article 9(2)(h) – ‘processing is necessary for the purpose of preventative...medicine...the provision of health or social care or treatment or the management of health or social care systems and services...’

Recipient or categories of recipients of the processed data

  • The data will be shared with NHS Digital.
  • The data will be shared with the Care Quality Commission
  • The data will be shared with our local health protection team or Public Health England.
  • The data will be shared with the court if ordered

Rights to object the Type 1 Opt-out and National data opt – out:

All health and care organisations (including GP practices) are required to comply with this information standard which was initially introduced on 25 May 2018.

The standard exists in order to enable patients to be able to opt out from the use of their personal data for anything other than their individual care and treatment (for example research or planning purposes in line with the recommendations of the National Data Guardian).

You have the right to object to your confidential patient information being shared for purposes beyond your direct care by asking the practice to apply a Type 1 opt-out to your medical records. A type 1 opt-out prevents identifiable information about you, being extracted from your GP record, and uploaded to any other organisations without your explicit consent. If you wish for a Type 1 opt-out to be applied to your record, please contact a member of the Patient Services Team.

Please note that the type 1 opt-out will no longer be available after 2020 and therefore you will be unable to object to your data being shared with NHS Digital when it is legally required under the Health and Social Care Act 2012.

 

There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.

For reference you can update your data sharing opt - out preferences at any time by visiting: https://digital.nhs.uk/services/national-data-opt-out

For further information on compliance with the national data opt out policy please visit: https://digital.nhs.uk/services/national-data-opt-out/compliance-with-the-national-data-opt-out

NHS Digital

  • You have the right to object to information being shared with NHS Digital for reasons other than your own direct care.
  • The national data op-out model provides you with an easy way of opting out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons.

To opt - out of your identifiable information being shared for medical research or to find out more about your opt - out choices please go to NHS Digital’s website:

https://digital.nhs.uk/services/national-data-opt-out

Public health

  • Legally information must be shared under public health legislation. This means that you are unable to object.

Cancer Registry

 

  • The National Cancer Registration and Analysis Service is run by Public Health England and is responsible for cancer registration in England, to support cancer epidemiology, public health, service monitoring and research. 

Further information regarding the registry and your right to opt-out can be found at: https://www.gov.uk/guidance/national-cancer-registration-and-analysis-service-ncras

Care Quality Commission

  • Legally information must be shared when the Care Quality Commission needs it for their regulatory functions. This means that you are unable to object.

Court order

  • Your information must be shared if it ordered by a court. This means that you are unable to object.

National screening programmes

  • The NHS provides national screening programmes so that certain diseases can be detected at an early stage.
  • These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service.
  • The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme.

More information can be found at: https://www.gov.uk/topic/population-screening-programmes or speak to the practice.

We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data

Purpose of the processing:

 

  • The NHS provides several national health screening programmes to detect diseases or conditions early such as cervical and breast cancer, aortic aneurysm and diabetes.
  • The information is shared so that the correct people are invited for screening. This means those who are most at risk can be offered treatment.

Lawful basis for processing:

 

Article 6(1)(e) – ‘processing is necessary...in the exercise of official authority vested in the controller...’’

Article 9(2)(h) – ‘processing is necessary for the purpose of preventative...medicine...the provision of health or social care or treatment or the management of health or social care systems and services...’

Recipient or categories of recipients of the processed data

  • Devon Diabetic Eye Screening Programme 3 Manaton Court, Manaton Close, Matford Business Park, Exeter, EX2 8PF, Tel: 01392 241000 email enquiries.devondesp@nhs.net Website: http://www.devondesp.co.uk/
  • Cervical Cancer screening - Open Exeter
  • NHS Bowel Cancer Screening Programme (BCSP) Tel: 0800 7076060 Website: www.nhs.uk/conditions/bowel-cancer-screening/
  • North & East Devon Breast Screening Service Matford Business Centre, Matford Park Road, Exeter, Devon EX2 8ED Tel: 01392 262600

National Screening Programmes Rights to object

If you do not wish to receive an invitation to the screening programmes, you can opt out at https://www.gov.uk/government/publications/opting-out-of-the-nhs-population-screening-programmes or speak to the practice.