Privacy Policy

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff that need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

We need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health and wellbeing. We also use it for practice audits and business processes (e.g. staff training).

What personal information do we collect and hold?
The information we will collect and hold about you includes:

• Names, date of birth, addresses, contact details
• Carer or next of kin.
• Records of appointments and telephone calls
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors

In the practice we may collect your personal information in several different ways.

• When you make your first appointment our practice staff will collect your personal and demographic information via your registration form.
• When your registration is approved by The BSO we will receive your records from your previous GP.
• During the course of providing medical services, we may collect further personal information.
• We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment
• In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
  • your guardian or responsible person
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services

By law all health and social care organisations are required to share information, this is to support and improve the delivery of patient care. All patients have a unique identifier known as their Health and Care Number (H&C).

• Other healthcare providers including public, private and voluntary sectors
• Independent contractors such as dentists, opticians and pharmacies
• Local authorities such as Education, Housing and Department of Work and Pensions
• When it is required or authorised by law (e.g. court subpoenas)
• When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
• When there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
• Private sectors such as pharmaceutical companies to provide health care services
• Public Health Agency (PHA)
• External companies to process personal information, such as for (Shred-It) for shredding, (Postalsort) for printing and postage of letters. iGPR for processing insurance reports and Subject Access Requests (SAR’s). These companies are bound by contractual agreements to ensure information is kept confidential and secure

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent. We will not share your personal information with anyone outside the Practice (unless under exceptional circumstances that are permitted by law) without your consent.

Your personal information may be stored as paper or electronic records.

Our practice stores all personal information securely. Paper records are stored in a secured environment. Electronic records can only be accessed by Practice staff and are password protected.

All employed staff have signed confidentiality agreements in their contract of employment. Hospitals and Out of hours providers can access a summary of main diagnosis and current medication to aid your attendance at A&E and OOH.

You have the right under GDPR to request access to, and correction of, your personal information.

You can make a Subject Access Request (SAR) in person or in writing. Your consent will be obtained for this and we will deal with the request within 30 days.

As a practice we will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to practice manager

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to the Practice Manager. We will then attempt to resolve it in accordance with our Practice Complaints procedure. You may also contact the ICO. For more information, visit ico.org.uk and select ‘Raising a concern’.

We regularly review our privacy policy and any updates will be published on our website. Posters will also be updated to reflect the changes