Privacy Statement
Introduction
Royal Manor Health Care aims to ensure the highest standard of medical care for our patients. To do this we keep records about you, your health and the care we have provided or plan to provide to you.
This statement explains who we are, why information is collected about you, the ways in which this information may be used, who it is shared with and how we keep it safe. It also explains how the practice uses the information we hold about you, how you go about accessing this information if you wish to see it and to have any inaccuracies corrected or erased.
This privacy notice does not provide exhaustive details of all aspects of the collection and use of personal information by Royal Manor Health Care. However, we are happy to provide any additional information or explanation needed. If you wish to request further information please contact the practice manager.
How We Use Your Information
In order to provide for your care, we need to collect and keep information about you and your health on our records. Your records are used to:
- Provide a basis for all health decisions made by care professionals with and for you
- Make sure your care is safe and effective
- Work effectively with others providing you with care.
We also may use, or share, your information for the following purposes:
- Looking after the health of the general public
- Making sure that our services can meet patient needs in the future
- Auditing accounts
- Preparing statistics on NHS performance and activity (where steps will be taken to ensure you cannot be identified)
- Investigating concerns, complaints or legal claims
- Helping staff to review the care they provide to make sure it is of the highest standards
- Training and educating staff
- Research approved by the Local Research Ethics Committee. (If anything to do with the research would involve you personally, you will be contacted to provide consent)
Disclosure of Information to Other Health and Social Professionals
We work with a number of other NHS and partner agencies to provide healthcare services to you. Below is a list of organisations that we may share your information with:
Our partner organisations:
- Other NHS hospitals
- Relevant GP practices
- Dentists, opticians and pharmacies
- Private Sector Providers (private hospitals, care homes, hospices, contractors providing services to the NHS).
- Voluntary Sector Providers who are directly involved in your care;
- Ambulance Trusts
- Specialist Trusts
- Clinical Commissioning Groups
- NHS 111
- Out of Hours medical service
- NHS walk in centres
- NHS England
- NHS Digital
This list is not intended to be exhaustive and we may well share data with other NHS care services, but it will always be for the purpose of your direct care.
We may also share your information, with your consent, and subject to strict sharing protocols, about how it will be used, with:
- Local authority departments, including social care and health (formerly social services), education and housing and public health
- Police and fire services
Computer System
This practice operates a clinical computer system called Systmone on which NHS staff record information securely. This information can then be shared with other clinicians so that everyone caring for you is fully informed about your medical history, including allergies and medication.
To provide around the clock safe care, unless you have asked us not to, we will make information available to trusted organisations. Wherever possible, their staff will ask your consent before your information is viewed.
Shared Care Records
To support your care, and improve the sharing of relevant information to our partner organisations when they are involved in looking after you, we will share information to other systems. The general principle is that information is passed to these systems unless you request this does not happen, but that system users should ask for your consent before viewing your record.
National Services
There are some national services like the National Cancer Screening Programme that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cervical, breast or bowel cancer screening. Often you have the right to not allow these organisations to have your information.
You can find out more about how the NHS holds and shares your information for national programmes on the NHS Choices website.
Other NHS Organisations
Sometimes the practice shares information with other organisations that do not directly treat you, for example, Clinical Commissioning Groups. Normally, it will not be possible to identify you from this information. This information is used to plan and improve services. The information collected includes data such as:
- the area patients live
- age
- gender
- ethnicity
- language preference
- country of birth
- religion
The CCG also collects information about whether patients have long term conditions such as diabetes; blood pressure, cholesterol levels and medication. However, this information is anonymous and does not include anything written as notes by the GP and cannot be linked to you.
Local Data Sharing Agreements
The practice currently is currently signed up to the following:
The Dorset Information Sharing Charter (DISC)
This enables partner organisations to share information safely and provide a more integrated service for residents. DISC aims to provide Dorset partner agencies with a robust foundation for the lawful, secure and confidential sharing of personal information between themselves and other public, private or voluntary sector organisations that they work, or wish to work, in partnership with.
It will enable all partner organisations to share information safely and provide a more integrated service for residents.
Dorset Care Record
At present, health and social care organisations in Dorset hold different sets of records about you. Information in different records may be duplicated or incomplete. The Dorset Care Record is a new confidential computer record that will join up all these different records to create one complete and up-to-date record about you. Over time this will help improve the care you receive.
Dorset Care Record is a partnership supported by:
- NHS Dorset Clinical Commissioning Group
- Dorset County Hospital
- Poole Hospital
- Royal Bournemouth and Christchurch Hospitals
- Dorset Healthcare
- Dorset County Council
- Borough of Poole and Bournemouth Borough Councils
- South Western Ambulance Trust
Dorset Diabetic Eye Screening Programme
The practice shares your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England). This supports your invitation for eye screening (where you are eligible and referred by the practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.
For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.despdorset.co.uk
Population Health Analytics
As well as using your information in caring for you, your information may be used to help improve the way we provide health and social care through research, service planning and population health management approaches. Using the information in this way is sometimes called ‘secondary use’.
We are working with partners including Optum and Dorset Healthcare to support the Dorset Health & Care system to improve short term and medium-term health outcomes for local populations through the application of Population Health Management. Initially we will use the services of Prescribing Services Limited who will extract, link and anonymise the data on our behalf and transfer it to Optum.
Subsequently following the programme Dorset Healthcare (DiiS) will provide this service on behalf of the Dorset System. A small number of analytics specialists from Optum alongside analytics staff in Dorset, all of whom are based in the UK will have access to your anonymised data (which will be anonymised in accordance with the ICO Anonymisation Code of Practice). This means that no one will be able to identify individuals and the data they receive will ensure anonymity.
Patients who have chosen not to share their data will be excluded from source and their data will never be extracted from the GP system.
In addition Weymouth & Portland Locality are working with Optum, who will spend time observing and evaluating how the practice functions to quantify potential areas of improvement for both clinical and back office service delivery. Optum are the preferred development partner with NHS England and, as with all our team, have suitable governance in accordance with all applicable laws, privacy notices and in accordance with all contracts.
How We Keep Your Information Confidential and Secure
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- General Data Protection Regulation 2017
- Data Protection Act 1998
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Codes of Confidentiality, Information Security and Records Management
- Information: To Share or Not to Share Review
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances such as a life or death situation, or where the law requires information to be passed, or where it is in the best interest of the patient to share the information.
The practice does not engage in any direct marketing, profiling or use any automated decision making tools.
Anyone Who Receives Information From Us is Also Under a Legal Duty To Keep it Confidential and Secure
All persons in the practice sign up to a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
Please be aware that your information will be accessed by non-clinical practice staff in order to perform tasks enabling the functioning of the practice. These are, but not limited to:
- Typing referral letters to hospital consultants or allied health professionals
- Opening letters from hospitals and consultants
- Scanning clinical letters, radiology reports and any other documents not available in electronic format
- Photocopying or printing documents for referral to consultants
- Handling, printing, photocopying and postage of medico legal and life assurance reports and of associated documents.
Right of Access to Your Health Information
You have a right under the Data Protection legislation to request access to obtain copies of all the information the surgery holds about you. You are also allowed to have information amended should it be inaccurate.
In order to access your medical record, you need to let the practice know by making a Subject Access Request (SAR). Usually there is no charge to see the information that the practice holds about you unless the request is excessive or complicated.
The practice will respond to your request within one month of receipt of your request. You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located.
For information about your hospital medical records, you should write direct to them.
How Long Do We Keep Your Information?
Health and social care records are subject to a nationally agreed code of practice which regulates the minimum period for which records must be kept. This specifies that GP record should be retained until 10 years after the patient’s death or after the patient has permanently left the country, unless they remain in the European Union. Electronic patient records must not be destroyed or deleted for the foreseeable future. For more information, see the records management code of practice: www.digital.nhs.uk
Other people who may ask to access your information:
- The law courts can insist that we disclose medical records to them;
- Solicitors often ask for medical reports or copies of records. These will always be accompanied by your signed consent for us to disclose information, generally under a Subject Access Request (SAR). Usually there is no charge for providing this information if made under a SAR unless the request is excessive or complicated. We will not normally release details about other people that are contained in your records (eg wife, children, parents etc) unless we also have their consent.
- Limited information is shared with Public Health England to help them organise national programmes for Public Health such as childhood immunisations;
- Social Services. The Benefits Agency and others may require medical reports on you from time to time. These will often be accompanied by your signed consent to disclose information. Failure to co-operate with these agencies can lead to loss of benefit or other support. However, if we have not received your signed consent we will not normally disclose information about you.
- Life assurance companies frequently ask for medical reports on prospective clients. These are always accompanied by your signed consent form. We must disclose all relevant medical conditions unless you ask us not to do so. In that case, we would have to inform the insurance company that you have instructed us not to make a full disclosure to them.
You have the right, should you request it, to see reports to insurance companies or employers before they are sent.
These requests are generally not made under a SAR and as such will attract a fee. Details are available on our website under Fees for Private Medical Work.
Sharing Your Information Without Consent
We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:
- Where there is a serious risk of harm or abuse to you or other people
- Where a serious crime, such as assault, is being investigated or where it could be prevented
- Notification of new births
- Where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
- Where a formal court order has been issued
- Where there is a legal requirement, for example if you had committed a Road Traffic Offence.
Have Inaccuracies Corrected or Erased
If you feel that the personal data that the practice holds about you is inaccurate or incomplete then please let us know and we will update your records within one month of notification. If it is not possible to correct the information then we will write to you to let you know the reason behind the decision and inform you how you can complain about this.
We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.
ACR Monitoring for Diabetics
A pilot programme to monitor urine albumin : creatinine ratio (ACR) annually for diabetics is being provided at this Practice by Healthy.io, which enables patients with diabetes to test their kidney function from home. With your permission we will share your contact details with Healthy.io to enable them to contact you and send a testing kit to you. This will help identify those at risk of kidney disease and proactively manage early interventions for the benefit of patient care. If you do not wish to be contacted by Healthy.io, you will have the opportunity to say so by replying to the text message sent from Two Harbours.
Information regarding the programme can be found on the Two Harbours website.
Website
Royal Manor Health Care is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Concerns
If you have any concerns about how we use or share your information, or you do not wish us to share your information, then please contact the practice manager who will be able to assist you.
We are required by law to provide you with the following information:
Data Controller
Park Estate Road
Easton
Portland
Dorset
DT5 2BJ
The Gatehouse Surgery
Castle Road
Portland
Dorset
DT5 1AU
Data Protection Officer
Mrs Ann Klust, Practice Manager.
Wyke Regis and Lanehouse Medical Practice
Portland Road
Wyke Regis
Weymouth
DT4 9BE
01305 782226
Direct Patient Care
You have the right to object to information being shared between those who are providing you with direct care.
This may affect the care you receive – please speak to the practice.
You are not able to object to your name, address and other demographic information being sent to NHS Digital. This is necessary if you wish to be registered to receive NHS care.
You are not able to object when information is legitimately shared for safeguarding reasons.
In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
National Screening Programmes
For national screening programmes, you can opt so that you no longer receive an invitation to a screening programme.
See: www.gov.uk or contact the practice.
Legal Requirement
There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.
The national data op-out model provides you with an easy way of opting-out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons.
To opt-out or to find out more about your opt-out choices please go to NHS Digital’s website.
Public Health
Legally information must be shared under public health legislation. This means that you are unable to object.
Care Quality Commission
Legally information must be shared when the Care Quality Commission needs it for their regulatory functions. This means that you are unable to object.
Court Order
Your information must be shared if it is ordered by a court. This means that you are unable to object.
Medical Research and to Measure the Quality of Care
You have a right to object under the GDPR and the right to ‘opt-out’ under the national data opt-out model. The national data opt-out model provides an easy way for you to opt-out of information that identifies you being used or shared for medical research purposes and quality checking or audit purposes.
To opt-out of your identifiable information being shared for medical research or to find out more about your opt-out choices please go to NHS Digital’s website www.digital.nhs.uk
Right to Complain
You have the right to complain to the Information Commissioner’s Office. If you wish to complain you can do so by going to the following website; www.ico.org.uk or call the helpline 0303 123 1113
Additional Privacy Statement Documents
- Children’s/Young Person’s Leaflet
- Sharing Your Medical Information
- Dorset SystmOne Fair Processing Notice
- Easy Read Patient Poster
- Patient Poster
- Healthy.io – GP Practice Privacy Notice
The Control of Patient Information Regulation notices (COPI 2002) have again been extended until the end of September 2021.