Privacy notice

Unfortunately due to the design limitations it is difficult to ensure total privacy in the sub reception area. Therefore if you have problems such as hearing or unusual difficulties please inform the reception staff at the time you make your appointment and we will do our best to meet your requirements.

PRIVACY NOTICE

LINENHALL MEDICAL PRACTICE  

Privacy Notice                                       

The General Data Protection Regulation (GDPR)

 

Data protection by design is essential for our practice.  We are registered with the Information Commissioners Office – ZA147561.  The Data Protection Officer is Mrs Linda Macartney/Ruth Timpany.   The GP partners are the data controllers and are responsible for your personal data.  We never release your information to third parties for marketing purposes.

Your doctors and other health professionals caring for you, such as nurses, physiotherapists and occupational therapists, keep records about your health treatment so that they are able to provide you with the best possible care.

 These records are called your "health care record" and may be stored in paper form or on computer and electronic systems and may include:

 Personal Data:  basic details about you, such as address, date of birth, NHS Number and next of kin

 We also process Sensitive Personal Data:

 Contact we have had with you, such as clinical visits

  • Notes and reports about your health
  • Details and records about your treatment and care
  • Results of x-rays, laboratory tests etc.

Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.

What do we do with your information?

  • Refer you to other healthcare providers when you need other services or tests - these include Diabetes Education Programme (Desmond), Diabetic Retinopathy Screening, Cervical Cancer Screening, Aortic Aneurysm Screening and Breast Cancer Screening.
  • Share samples with laboratories for testing (like blood samples)
  • Share test results with hospitals or community services (like blood tests)
  • Allow out of hours providers to look at your practice record when you go to an appointment (these are all strongly vetted individuals and the information is encrypted)
  • Samples are provided to the courier service provided by the South Eastern Trust for delivery to pathology services/labs
  • Share reports with the coroner or his officers under his or her direction
  • Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital
  • Supporting staff training
  • Sharing reports with solicitors and insurance companies only with valid patient consent.
  • Sharing information with outside agencies such as the vehicle licensing authority (DVLNI) – with patient with patient consent
  • Sharing information on behalf of the patient for the Tribunal service of Northern Ireland to appeal decisions made by the department of work and pensions
  • Sharing information with Community Pharmacies, for example if you have requested a chemist to collect your prescriptions
  • Sharing information with the Per Capita organisation as required for the assessment of benefits such as PIPS (personal independence payments) the application for this benefit includes patient consent.
  • Sharing when Required by Law
  • Sometimes we will be required to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults or where required by court order.

Information Access and Rights

Data protection law provides you with a number of rights that the practice must support you with.

 

Right to Access

You have the right to obtain:

  • Confirmation that information is being used, stored or shared by the practice.
  • A copy of information held about you

 

We will respond to your request within 30 days of receipt of your request which can be written, or an electronic request. We are required to validate your identity of someone making a request on your behalf.

 

Right to Correction

If information about you is incorrect, you are entitled to request that we correct it.  (There may be occasions, where we are required by law to maintain the original information - our Data Protection Officer will talk to you about this and you may request that the information is not used during this time.)

 

Right to safe & secure storage

Security and non-corruption of your records is of the highest priority so that your record can be passed to other care providers when properly legally and securely requested.

 

Right To portability of your records

As part of the NHS we enable the portability of the secure data to others on your behalf to facilitate your care.

 

How long for?

We hold your records securely until requested securely by the NHS to transfer your records to your next practice. Records are returned after death to the BSO service in Belfast under a secure system.

 

The GDPR covers us when we are alive but other data protections regulations protect us even after death and will continue to do so.

 

What else do we do with your information?

Along with these activities that allow us to provide health care to you, we use information in other ways which allow us to ensure that care is safe and to provide data for the improvement and planning of services. This data is anonymised and encrypted;

 Quality / payment / performance reports are provided to service commissioners

  • As part of clinical research - information that identifies you will be removed, unless you have consented to being identified
  • Undertaking clinical audits within the Practice
  • Supporting staff training

Complaints

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

For more detailed information on your rights visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

Case Finding

Sometimes your information will be used to identify whether you need particular support from us. Those involved in your care might look at particular indicators and contact you to take action for healthcare purposes such as preventing you from having to visit accident and emergency by supporting you in your own home or in the community.

 

Our Data Protection Officer will be happy to speak to you about this if you have any concerns or objections.

The practice will use third parties to provide services that involve your information such as:

 

  • Removal and destruction of confidential waste- this is via the South Eastern Trust and is industry standard
  • Provision of clinical systems currently the VISION computer system
  • Provision of connectively and servers

 

We have contracts in place with these third parties that prevent them from using it in any other was than instructed. These contracts also require them to maintain the highest standards of security to ensure your confidentiality.

 

How do we protect your Information?

We are committed to ensuring the security and confidentiality of your information. There are a number of ways in which we do this:

  • Staff receives annual training about protecting and using personal data
  • Policies are in place for staff to follow and are regularly reviewed
  • We check that only minimum amount of data is shared or accessed
  • We use encrypted emails and storage which would make it difficult for someone to 'intercept' your information
  • We report and manage incidents to make sure we learn from them and improve
  • We put in place contracts that require providers and suppliers to protect your data as well
  • We do not send your data outside of the EU

 

 



Health and Social CareThis site is brought to you by My Surgery Website