Privacy

Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.

Data protection

Please note that by sending any information online you will be transmitting your personal information across the internet and although every effort is made to keep this information secure, there is no guarantee offered in the respect.

Why we collect information

Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive from the National Health Service. These help ensure that you receive the best possible care from us. They may be written down (manual records), or held on a computer. The records may include:

  • basic details about you, such as address and next of kin
  • contacts we have had with you, such as clinic visits
  • notes and reports about your health and any treatment and care you have received
  • details and records about the treatment and care you receive
  • results of investigations, such as X-rays and laboratory tests
  • relevant information from other health professionals, or those who care for you and know you well
  • mobile telephone numbers on which we may ring or text you. If you would prefer us not to contact you in this way, please let us know.
  • please make sure we have up to date information when you change address or telephone number.

How we use records

Your information may also be used to help us:

  • Assess the needs of the general population
  • Make sure our services can meet patient needs in the future
  • Review the care we provide to ensure it is of the highest standard
  • Teach and train healthcare professionals
  • Conduct health research and development
  • Audit NHS accounts and services
  • Prepare statistics on NHS performance
  • Investigate complaints, legal claims or untoward incidents

Some of this information will be held centrally, but where this is used for statistical purposes stringent measures are taken to ensure that individual patients cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units and research institutions.

Where it is not possible to use anonymous information, personally identifiable information may be used for essential NHS purposes. These may include research and auditing services. This will only be done with your consent, unless the law requires information to be passed on to improve public health.

Further information

If you would like to know more about how we use your information or if, for any reason, you do not wish to have your information used in any of the ways described, please speak to the health professionals concerned with your care. You can also contact the reception staff of the practice or the NHS organisation e.g hospital or clinic, where you are being treated

Confidentiality

Everyone working for the NHS has a legal duty to keep information about you confidential.

You may be receiving care from other organisations as ell as the NHS (like Social Services). We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it.

We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires information to be passed on.

Anyone who receives information from us is also under a legal duty to keep it confidential.

We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional.

Occasions when we must pass on information include:

  • Notification of new births
  • Where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
  • Where a formal court order has been issued

Our guiding principle is that we are holding your records in strict confidence.

Freedom of information

The Freedom of Information (FOI) Act was passed on 30 November 2000. It gives a general right of access to all types of recorded information held by public authorities, with full access granted in January 2005. The Act sets out exemptions to that right and places certain obligations on public authorities.

FOI replaced the Open Government Code of Practice, which has been in operation since 1994.

Data Protection and FOI – how do the two interact?

The Data Protection Act 1998 came into force on 1 March 2000. It provides living individuals with a right of access to personal information held about them. The right applies to all information held in computerised form and also to non-computerised information held in filing systems structured so that specific information about particular individuals can retrieved readily.

Individuals already have the right to access information about themselves (personal data), which is held on computer and in some paper files under the Data Protection Act 1998.

The right also applies to those archives that meet these criteria. However, the right is subject to exemptions, which will affect whether information is provided. Requests will be dealt with on a case by case basis.

The Freedom of Information Act and the Data Protection Act are the responsibility of the Lord Chancellor’s Department. A few of its strategic objectives being:

  • To improve people’s knowledge and understanding of their rights and responsibilities
  • Seeking to encourage an increase in openness in the public sector
  • Monitoring the Code of Practice on Access to Government Information
  • Developing a data protection policy which properly balances personal information privacy with the need for public and private organisations to process personal information

The Data Protection Act does not give third parties rights of access to personal information for research purposes.

The FOI Act does not give individuals access to their personal information, though if a request is made, the Data Protection Act gives the individual this right. If the individual chooses to make this information public it could be used alongside non-personal information gained by the public under the terms of the FOI Act

Access to your records

The Data Protection Act 1998, which came into force on 1st March 2000, allows you to find out what information about you is held on computer and in certain manual records. This is known as “right of subject access”. It applies to your health records.

If you want to see them you should make a written request to the NHS organisations where you are being, or have been, treated. You are entitled to receive a copy but should note that a charge will usually be made. You should also be aware that in certain circumstances your right to see some details in your health records may be limited in your own interest or for other reasons.

Our partner organisations

The principal partner organisations, with whom information may be shared:

  • Primary Care Trusts
  • NHS Hospital Trusts
  • Other General Practitioners (GPs)
  • Ambulance Services

Your information may also, subject to strict agreements describing how it will be used, be shared with NHS Common Services Agencies such as:

  • Primary Care Agencies
  • Social Services
  • Education Services
  • Local Authorities
  • Voluntary Sector Providers
  • Private Sector Providers

Our Data Protection Officer is Mr Steve Durbin. Contact email: dpo.ncl@nhs.net

Date published: 20th September, 2023
Date last updated: 9th January, 2025