INFORMATION FOR NEW PATIENTS,

POLICIES, DATA PROTECTION & COMPLAINTS

New Patients

Practice Boundary

Our catchment is the SS7 postcode area bounded by Canvey Way and Rayleigh Spur Road (A130) to the West, A127 to the North, Southend Borough to the East and Benfleet Creek to the South.

To Register

To register with us, please visit our Reception desk, if possible bringing with you your NHS Medical card. (If you do not have this, you will be given a Registration form to complete). You will also be asked to complete a questionnaire, and will need to book for a Registration Examination with one of our Nurses, for each new patient aged 5 and over, before the Registration process can be fully completed.

All patients have now been allocated a named accountable GP who will have overall responsibility for the care and support that our surgery provides to them. Your Named Accountable GP is Dr Carlos Volkmar and should be advised to you on initial registration with us.

We DO NOT tolerate violent or abusive language or actions towards staff or premises. Any such person will be asked to leave the premises (with the assistance of the Police if necessary) and may also be removed from the Doctors' list

Please help us to keep our records up to date by telling the receptionist promptly if you change your name, address, phone number or any other information you feel we should be aware of.

Policies & Protocols

PATIENT PRIVACY NOTICE

HOW WE USE YOUR PERSONAL INFORMATION

This fair processing notice explains why the GP practice collects information about you and how that information may be used.

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.

NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.

Records which this GP Practice hold about you may include the following information;

• Details about you, such as your address, carer, legal representative, emergency contact details

• Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.

• Notes and reports about your health

• Details about your treatment and care

• Results of investigations such as laboratory tests, x-rays etc

• Relevant information from other health professionals, relatives or those who care for you

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.

Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.

REGISTRATION FORM

PRACTICE FAIR PROCESSING

& PRIVACY NOTICE

Your Information, Your Rights

Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the Data Protection Act 2018 and the EU General Data Protection Regulations (GDPR).

The following notice reminds you of your rights in respect of the above legislation and how your GP Practice will use your information for lawful purposes in order to deliver your care and the effective management of the local NHS system.

This notice reflects how we use information for:

The management of patient records;
Communication concerning your clinical, social and supported care;
Ensuring the quality of your care and the best clinical outcomes are achieved through clinical audit and retrospective review;
Participation in health and social care research; and
The management and clinical planning of services to ensure that appropriate care is in place for our patients today and in the future.

Data Controller

As your registered GP practice, we are the data controller for any personal data that we hold about you.

What information do we collect and use?

All personal data must be processed fairly and lawfully, whether received directly from you or from a third party in relation to your care.

We will collect the following types of information from you directly, or about you from a third party (provider organisation) engaged in the delivery of your care:

‘Personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified from the data. This includes, but is not limited to name, date of birth, full postcode, address, next of kin and [NHS number/HCN number/ CHI number];
‘Special category / sensitive data’ such as medical history including details of appointments and contact with you, medication, emergency appointments and admissions, clinical notes, treatments, results of investigations, supportive care arrangements, social care status, race, ethnic origin, genetics and sexual orientation.

How the NHS and care services use your information

Your healthcare records contain information about your health and any treatment or care you have received previously (e.g., from an acute hospital, GP surgery, community care provider, mental health care provider, walk-in centre, social services). These records may be electronic, a paper record or a mixture of both. We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.

High Road Family Doctors is one of many practices working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
monitoring safety
planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

National Data Opt-Out

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

See what is meant by confidential patient information
Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
Find out more about the benefits of sharing data
Understand more about who uses the data
Find out how your data is protected
Be able to access the system to view, set or change your opt-out setting
Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Our organisation is currently compliant with the national data opt-out policy.

Why do we collect this information?

The NHS Act 2006 and the Health and Social Care Act 2012 invests statutory functions on GP Practices to promote and provide the health service in England, improve quality of services, reduce inequalities, conduct research, review performance of services and deliver education and training. To do this we will need to process your information in accordance with current data protection legislation to:

Protect your vital interests;
Pursue our legitimate interests as a provider of medical care, particularly where the individual is a child or a vulnerable adult;
Perform tasks in the public’s interest;
Deliver preventative medicine, medical diagnosis, medical research; and
Manage the health and social care system and services.

Who will we share your information with?

In order to deliver and coordinate your health and social care, we may share information with the following organisations:

Local GP Practices, as part of a Primary Care Network (PCN), in order to deliver extended primary care services
NHS Secondary Care, i.e. Hospitals
111 and Out of Hours Service
Local Social Services and Community Care services
Voluntary Support Organisations commissioned to provide services by [Mid & South Integrated Cared System]

Your information will only be shared if it is appropriate for the provision of your care or required to satisfy our statutory function and legal obligations.

Your information will not be transferred outside of the European Union.

Whilst we might share your information with the above organisations, we may also receive information from them to ensure that your medical records are kept up to date and so that your GP can provide the appropriate care.

In addition, we receive data from NHS Digital (as directed by the Department of Health) such as the uptake of flu vaccinations and disease prevalence in order to assist us to improve “out of hospital care”.

My Care Record

Your GP, hospital, community health, mental health and social care teams may all hold records about your care separately. Often, only health and care professionals within the same organisation can see this information. This means it can be difficult for them to work together to deliver the best care.

My Care Record is an approach to improving care by joining up health and care information. Wherever possible, health and care professionals will be able to access your records from other services when it is needed for your care. This will make it easier and faster for them to make the best decisions. For example, a doctor treating you in hospital or a nurse working in the community could view the information they need from your GP record.

Several different secure computer systems are used across the region. These allow health and care professionals to digitally access your records held by other services. In some areas systems are already in place, in other areas more work is underway to invest in the technology needed.

The approach also provides an agreement between all the health and care organisations involved. This means they commit to sharing information in a secure way to help improve your care.

The My Care Record approach is in line with General Data Protection Regulation (GDPR) which provides the legal basis to share information between health and care services when it is needed to deliver care. All your information will be held securely.

You can object to your record being shared between services. To do this, speak to the person delivering care to you at each organisation such as your GP, specialist or social worker.

It is important to understand that not allowing access to your information may affect the quality of the care you receive.

In many situations it is necessary to share information between services to deliver care. However, it may be possible to request that specific or sensitive information is not made available.

There may also be some situations where information still needs to be made available. For example, if there is a serious concern about an individual’s safety. Please see the My Care Record website www.mycarerecord.org.uk for more information.

More information about the areas where your information may be used can be found on the My Care Record website My Care Record: Privacy Notice

Primary Care Networks

Many people are living with long term conditions such as diabetes and heart disease or suffer with mental health issues and may need to access their local health services more often.

To meet these needs, GP practices are working together with community, mental health, social care, pharmacy, hospital, and voluntary services in their local areas in groups of practices known as primary care networks (PCNs).

PCNs build on existing primary care services and enable greater provision of proactive, personalised, coordinated and more integrated health and social care for people close to home. Clinicians describe this as a change from reactively providing appointments to proactively caring for the people and communities they serve.

We are part of the Benfleet PCN (Primary Care Network) which is a network of GPs practices established to provide integrated services to the local population. Members of the network are:

Dr. Khan & Partners

St. Georges Medical Practice

The Hollies

Essex Way Surgery

High Road Family Doctors

PA Patel

Benfleet Surgery

By operating as a network, we as the PCN are responsible for delivering the following services working collaboratively with other providers:

Social Prescribing; Covid Vaccination Programme; First Contact Physiotherapy; First Contact Psychological Wellbeing Practitioner

Where necessary and relevant to support your direct care, we will share your confidential patient information with members of our network and with our collaborative organisations to support safe, efficient and effective care and treatment.

If you are not happy for your health data to be shared with the organisations detailed above if you wish to access PCN services, then you can object to this. To do so you should contact your registered Practice so they can discuss the potential impact this could have on your care and treatment.

Data Processors

Data processors act on behalf of the Practice, as a data controller and under our authority. In doing so, they serve our interests rather than their own. A processor can be a company or other legal entity (such as an incorporated partnership, incorporated association or public authority), or an individual, for example a consultant.

The following is a list of processors that the practice has engaged, and a description of the work they carry out on our behalf:

The Phoenix Partnership (TPP)
- SystmOne (GP clinical system) – The practice uses a computer system to record and store patient’s clinical information, this is provided by TPP. All information recorded within the system is held on TPP servers, accessible to the practice over the secure Health and Social Care Network (HSCN). All data processed by TPP is used and stored within the UK.
Mid & South Essex Integrated Care Board (ICB)
- Information Governance (IG) [& Data Protection Officer (DPO)] Services – The IG service supports the practice with GDPR and Data Protection compliance, including advice and assistance with breaches of legislation, data subjects’ rights and other data protection issues raised by patient’s or public, as well as helping with completion of the Data Security & Protection Toolkit, and data protection impact assessments. [The DPO service provides a named experienced IG professional within the team to act on behalf of the practice as their Data Protection Officer, to assist monitoring internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Information Commissioner’s Office (ICO).]
Arden & GEM Commissioning Support Unit (CSU)
- Primary Care Enabling Services (IT) – The IT service includes access to the secure network (including HSCN) and cyber security, including electronic storage of information on hosted servers.
- Business Intelligence (BI) – The BI function within the CSU, receives pseudonymised patient data, combines this with other pseudonymised data sets provided by the ICB (including hospital, community, mental health and ambulance data), then supports practices with analysis of that information, in order for the practice to better target services to their population. This includes population health management and risk stratification (more detail on these programmes of work is available below).
NHS Digital
- Data Services for Commissioners Regional Office (DSCRO) – Hosted within Arden & GEM CSU, but contracted to work for NHS Digital, the DSCRO receives clear patient identifiable information and applies a key to scramble this information, this is called pseudonymisation and renders the data essentially anonymous although still linkable across other datasets pseudonymised using the same key. This data is then shared with the CSU BI Team for linkage and analysis.
- NHSmail – Provides the practice with a secure email service, common across much of the NHS. This includes access to Microsoft Teams and other software.
Surgery Connect (X-on) Telephone System

Call recording will be used for all calls and information stored for 12 months.

You have the right to object to data processors handling your personal information, though bear in mind that this is not an absolute right, the practices legitimate grounds can override objections raised. Please raise any issues with the practice manager who will arrange for a discussion and consideration of any objections. Further information on this right is available here:

https://ico.org.uk/your-data-matters/the-right-to-object-to-the-use-of-your-data/

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information that has been collected lawfully. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access.

Information is not held for longer than is necessary. We will hold your information in accordance with the Records Management Code of Practice for Health and Social Care 2016.

Consent and Objections

Do I need to give my consent?

The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps you build trust and enhance your reputation. However, consent is only one potential lawful basis for processing information. Therefore, your GP practice may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. Your GP Practice will contact you if they are required to share your information for any other purpose which is not mentioned within this notice. Your consent will be documented within your electronic patient record.

What will happen if I withhold my consent or raise an objection?

You have the right to write to withdraw your consent to any time for any particular instance of processing, provided consent is the legal basis for the processing. Please contact your GP Practice for further information and to raise your objection.

Population Health Management

Population Health Management (PHM) – is helping us understand our current, and predict our future, health and care needs so we can take action in tailoring better care and support with individuals, design more joined up and sustainable health and care services and make better use of public resources.

We use historical and current patient level data to understand what factors are driving poor outcomes in different population groups, we then design new proactive models of care which will improve health and wellbeing. This could be by stopping people becoming unwell in the first place, or, where this isn’t possible, improving the way the system works together to support them.

This only uses pseudonymised data i.e. where information that identifies you has been removed and replaced with a pseudonym. This will only ever be reidentified if we discover that you may benefit from a particular health intervention, in which case only the relevant staff within your practice or health/care provider will be able to see your personal information in order to offer this service to you.

In order to carry out this data linkage, your pseudonymised data will be passed to Arden & GEM Commissioning Support Unit, part of NHS England, who will link this to other local and national data sources to be able to carry out appropriate analyses.

PHM is a partnership approach across the NHS and other public services, the outputs of the PHM programme will be shared across these organisations. All have a role to play in addressing the interdependent issues that affect people’s health and wellbeing.

Type of Information Used

Different types of commissioning data are legally allowed to be used by different organisations within, or contracted to, the NHS. Information put into the population health management tools used by the ICB include:

Age
Gender
GP Practice, Community and Hospital attendances and admissions
Medications prescribed
Medical conditions (in code form) and other things that affect your health.

Legal Basis

Statutory requirement for NHS Digital to collect identifiable information.

Section 251 of the National Health Service Act 2006 and its current Regulations, the Health Service (Control of Patient Information) Regulations 2002 allows the Secretary of State for Health to make regulations to set aside the common law duty of confidence for defined medical purposes. In practice, this means the person responsible for the information can disclose confidential patient information without consent to an applicant without being in breach of the common law duty of confidence, if the requirements of the regulations are met. The person responsible for the information must still comply with all other relevant legal obligations such as the Data Protection Act 2018 and the Human Rights Act 1998.

A Section 251 approval (CAG 2-03(a)/2013) from the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority, enables the use of pseudonymised information about patients included in the datasets.

There is no requirement for a legal basis for use of the aggregated information which is available to the ICB as this does not identify individuals.

Data Processing Activities

The practice processes this data internally.

Data is also processed by Arden & GEM Commissioning Support Unit and Mid and South Essex ICB.

Opt-out details

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do not wish your data to be included in the PHM service (even though it is in a format which does not directly identify you) you can choose to opt-out.

In this case, because pseudonymised data is being used, the National Data Opt-Out does not apply.

Instead, please inform the practice who will apply an opt-out code to your record to ensure that your information is not included in the programme.

Sub-licensing

Integrated Care Systems (ICSs) are partnerships that bring together providers and commissioners of NHS services across a geographical area with local authorities and other local partners to collectively plan health and care services to meet the needs of their population. The central aim of the ICS is to integrate care across different organisations and settings, joining up hospital and community-based services, physical and mental health, and health and social care. All parts of England are now covered by one of 42 ICSs.

The new Health and Care act 2022 established 42 Integrated Care Boards (ICBs) across England as statutory bodies and abolished the 106 Clinical Commissioning Groups (CCGs). The ICB will take on the NHS commissioning functions of the former CCGs as well as some of NHS England’s commissioning functions. It will also be accountable for NHS spend and performance within the system. The Board of the ICB will, as a minimum, include a chair, the CEO and representatives from NHS providers, general practice and local authorities.

In order to assure a smooth transition to the new commissioning landscape, the ICB need to be able to share data with providers and local authorities within their ICS so they are fully able to contribute to commissioning decisions.

The ICS Sub-License approach will allow the ICB to share data they receive from NHS Digital via their commissioning agreements with members of their ICS. This will be limited to pseudonymised commissioning data without the provider unique local patient id included.

Re-identification - This is permitted but the ICB will be responsible for determining which users will have this ability. They must be a health or social care professional with a legitimate (direct care) relationship to the patient.

It is important to note that direct care relies on the “implied consent” legal basis. Therefore, the patient must be aware of this relationship through clear communication.

Type of Information Used

Age
Gender
GP Practice, Community and Hospital attendances and admissions
Medications prescribed
Medical conditions (in code form) and other things that affect your health.

Legal Basis

Statutory requirement for NHS Digital to collect identifiable information.

The legal basis for sharing the data with ICS members is:

Article 6 (1) (e) – processing is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller

and Article 9 (2) (h) – processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems

Data Processing Activities

The ICB processes this data internally. Data is also processed by Arden & GEM Commissioning Support Unit.

The ICS Partners currently involved in the Sub-Licensing process are:

Essex County Council
Southend City Council
Thurrock Council
Mid and South Essex NHS Foundation Trust
East of England Ambulance
Essex Partnership University NHS Foundation Trust
North East London NHS Foundation Trust
Provide CiC

The ICS Partners will become Data Controllers in their own right for the data received under the sub-licensing, however certain rules will apply to this:

Onward sharing of the data by ICS members is not permitted.
Data must be segregated from other datasets and additional linkage is not permitted.

Opt-out details

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do not wish your data to be included (even though it is in a format which does not directly identify you) you can choose to opt-out.

In this case, because pseudonymised data is being used, the National Data Opt-Out does not apply.

Instead, please inform your GP practice who will apply an opt-out code to your record to ensure that your information is not included in the programme.

Health Risk Screening / Risk Stratification

Health Risk Screening or Risk stratification is a process GPs use to help them to identify and support patients with long-term conditions and to help prevent un-planned hospital admissions or reduce the risk of certain diseases developing such as type 2 diabetes. This is called risk stratification for case-finding.

The ICB also uses risk stratified data to understand the health needs of the local population to plan and commission the right services. This is called risk stratification for commissioning.

Risk stratification tools use historic information about patients, such as age, gender, diagnoses and patterns of hospital attendance and admission collected by NHS Digital from NHS hospitals and community care services. This is linked to data collected in GP practices and analysed to produce a risk score.

There is currently s251 support in place for the ICB to be able to receive data with the NHS Number as an identifier from both NHS Digital and the GP Practice to enable this work to take place. The Data is sent directly into a risk stratification tool from NHS Digital /GP Practices to enable the data to be linked and processed as described above. Once the data is within the tool ICB staff only have access to anonymised or aggregated data.

GPs can identify individual patients from the risk stratified data when it is necessary discuss the outcome and consider preventative care.

Your GP will use computer-based algorithms or calculations to identify their registered patients who are at most risk, with support from the local Commissioning Support Unit and/or a third-party accredited Risk Stratification provider. The risk stratification contracts are arranged by Mid and South Essex Integrated Care Board in accordance with the current Section 251 Agreement. Neither the CSU nor your local Integrated Cared Board (ICB) will at any time have access to your personal or confidential data. They will only act on behalf of your GP to organise the risk stratification service with appropriate contractual technical and security measures in place.

Your GP will routinely conduct the risk stratification process outside of your GP appointment. This process is conducted electronically and without human intervention. The resulting report is then reviewed by a multidisciplinary team of staff within the Practice. This may result in contact being made with you if alterations to the provision of your care are identified.

Type of Information Used

Age
Gender
GP Practice, Community and Hospital attendances and admissions
Medications prescribed
Medical conditions (in code form) and other things that affect your health.

Legal Basis

Statutory requirement for NHS Digital to collect identifiable information.

Data Processing Activities

The practice processes this data internally. Data is also processed by Arden & GEM Commissioning Support Unit and Prescribing Services Ltd on behalf of the practice.

Opt-out details

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do not wish your data to be included in the risk stratification service (even though it is in a format which does not directly identify you) you can choose to opt-out.

In this case, because pseudonymised data is being used, the National Data Opt-Out does not apply.

Instead, please inform your GP practice who will apply an opt-out code to your record to ensure that your information is not included in the programme.

As mentioned above, you have the right to object to your information being used in this way. However, you should be aware that your objection may have a negative impact on the timely and proactive provision of your direct care. Please contact the Practice Manager to discuss how disclosure of your personal data can be limited.

Sharing of Electronic Patient Records within the NHS

Electronic patient records are kept in most places where you receive healthcare. Our local electronic systems (such as SystmOne, EMIS and Eclipse) enables your record to be shared with organisations involved in your direct care, such as:

GP practices
Community services such as district nurses, rehabilitation services, telehealth and out of hospital services.
Child health services that undertake routine treatment or health screening
Urgent care organisations, minor injury units or out of hours services
Community hospitals
Palliative care hospitals
Care Homes
Mental Health Trusts
Hospitals
Social Care organisations
Pharmacies

In addition, NHS England have implemented the Summary Care Record which contains information including medication you are taking and any bad reactions to medication that you have had in the past.

In most cases, particularly for patients with complex conditions and care arrangements, the shared electronic health record plays a vital role in delivering the best care and a coordinated response, considering all aspects of a person’s physical and mental health. Many patients are understandably not able to provide a full account of their care or may not be able to do so. The shared record means patients do not have to repeat their medical history at every care setting.

Your record will be automatically setup to be shared with the organisations listed above, however you have the right to ask your GP to disable this function or restrict access to specific elements of your record. This will mean that the information recorded by your GP will not be visible at any other care setting.

You can also reinstate your consent at any time by giving your permission to override your previous dissent.

Your Right of Access to Your Records

The Data Protection Act and General Data Protection Regulations allows you to find out what information is held about you including information held within your medical records, either in electronic or physical format. This is known as the “right of subject access”. If you would like to have access to all or part of your records, you can make a request in writing to the organisation that you believe holds your information. This can be your GP, or a provider that is or has delivered your treatment and care. You should however be aware that some details within your health records may be exempt from disclosure, however this will in the interests of your wellbeing or to protect the identity of a third party. If you would like access to your GP record please submit your request in writing to:

The Practice Manager

High Road Family Doctors, highroad.surgery1@nhs.net

Right of Rectification and Erasure

Following a Subject Access Request, or in other circumstances, should you notice anything in your records that you consider to be incorrect, please get in touch with the practice manager (details above) to discuss how this could be reviewed and potentially rectified.

In most circumstances, information would not be able to be removed, as decisions may have been taken with that information in mind, but a note can be added to records to indicate alternative situations.

Data Protection Officer

A Data Protection Officer (DPO) is a role appointed within by public bodies, to ensure that her organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

The practices Data Protection Officer (DPO) is Jane Marley, Head of IG at the ICB.

To contact the DPO, please use the following email address:

MSEGP.DPO@nhs.net

Complaints

In the event that your feel your GP Practice has not complied with the current data protection legislation, either in responding to your request or in our general processing of your personal information, you should raise your concerns in the first instance in writing to the Practice Manager at:

High Road Family Doctors

Highroad.surgery1@nhs.net

01268 753591

Information Commissioners Office

The Information Commissioners Office (ICO) is the national authority overseeing Data Protection and Freedom of Information in the UK.

You are able to raise complaints and concerns directly with them, and information on how to do so is available here:

https://ico.org.uk/make-a-complaint/

Parliamentary Health Service Ombudsman

The Ombudsman is independent of government and the NHS. The service is confidential and free of charge. There are time limits for taking a complaint to the Ombudsman although this can be waived if there is good reason to do so. If you have questions about whether the Ombudsman will be able to help you, or about how to make a complaint, you can contact:

helpline on 0345 015 4033,
email phso.enquiries@ombudsman.org.uk
or fax 0300 061 400.

Further information about the ombudsman is available at http://www.ombudsman.org.uk/

You can write to the Ombudsman at:

The Parliamentary and Health Service Ombudsman,

Millbank Tower, Millbank, London, SW1P 4QP

Privacy Information

What is a privacy notice?

A privacy notice helps your doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your healthcare record.

Why do we need one?

You doctor’s surgery needs a privacy notice to make sure it meets the legal requirements which are written in a new document called the General Data Protection Regulation (Or GDPR for short).

What is GDPR?

GDPR is a document that helps your doctor’s surgery keep the information about you secure. It was introduced on the 25th May 2018, making sure that your doctor, nurse and any other staff at the practice follow the rules and keeps your information safe.

How do you know about our privacy notice?

At your surgery, we have posters in our waiting room and leaflets to give to children and adults and we also have lots of information about privacy on our website, telling you how we use the information we have about you.

What information do we collect about you?

Don’t worry; we only collect the information we need to help us keep you healthy – such as your name, address, information about your parents or guardians, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays and any other information to enable us to care for you.

How do we use your information?

Your information is taken to help us provide your care. But we might need to share this information with other medical teams, such as hospitals, if you need to be seen by a special doctor or sent for an X-ray. Your doctor’s surgery may be asked to help with exciting medical research; but don’t worry, we will ask you, or your parents or adults with parental responsibility, if it’s okay to share your information.

How do we keep your information private?

Well, your doctor’s surgery knows that it is very important to protect the information we have about you. We make sure we follow rules that are written in the GDPR and other important rule books.

What if I’ve got a long-term medical problem?

If you have a long-term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them help you, making sure you get the care you need when you need it!

Don’t want to share?

All of our patients, no matter what their age, can say that they don’t want to share their information. If you are under 16 this is something which your parents or adults with parental responsibility will have to decide. They can get more information from a member of staff at the surgery, who can also explain what this means to you.

How do I access my records?

Remember we told you about the GDPR? Well, if you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). Your parents or adults with parental responsibility will do this on your behalf if you are under 16. But if are over 12, you may be classed as being competent and you may be able to do this yourself. Please write in to the Practice Manager to request this and you will be given further information on how this process works, (or ask your parents or adults with parental responsibility to do so).

What do I do if I have a question?

If you have any questions, ask a member of the surgery team or your parents or adults with parental responsibility. You can:

Contact the practice’s data controller via email at Highroad.surgery1@nhs.net GP Practices are data controllers for the data they hold about their patients.
Write to the data controller at High Road Family Doctors, 119 High Road, Benfleet, Essex. SS7 5LN
Ask to speak to the practice manager Jill Lewis
The Data Protection Officer (DPO) for our practice is Jill Lewis

What to do if you are not happy about how we manage your information

We really want to make sure you are happy, but we understand that sometimes things can go wrong. If you or your parents or adults with parental responsibility are unhappy with any part of our data processing methods, you can complain. For more information, visit ico.org.uk and select ‘Raising a concern’.

We always make sure the information we give you is up to date. Any updates will be published on our website, in our newsletter and leaflets, and on our posters. This policy will be reviewed annually.