Fair processing notice
How and why we keep information about you and how you can choose who sees it
Why do we collect information about you?
In order to support your care, health professionals maintain records about you. We take great care to ensure your information is kept securely, that it is up to date, it is accurate and used appropriately. All of our Practice staff are fully trained to understand their legal and professional obligations to protect your information and will only look at your information if they need to. They will only look at what they need to in order to do things like book you an appointment, give general health advice, provide you with care and if necessary refer you on to other services.
What information do we hold about you?
Your age, contact details and next of kin
Details of your appointments, clinic visits etc.
Records about your health, illness, treatment and care
Results of investigations, like laboratory tests, x-rays, etc.
Information from other health professionals
When is your information shared?
We will only use or pass on information about you to other health professionals to support your care. If we feel that it is in your best interests to share your information with someone else e.g. Social Care or a Voluntary Organisation that could support you we will ask your permission to do so. Everyone who has access to your information is required by Law to keep it confidential. We will not disclose your information to anyone else without your permission unless in exceptional circumstances e.g. a life or death situation. We are also required by law to share certain information such as the birth of a new baby, infectious diseases that may put you or others at risk or where a Court has decided we must.
You have the choice to share or not to share
You can ask for all or some of your information not to be shared outside of the practice. If you decide not to share at all this will not affect your entitlement to care. However, it may result in the delivery of your care being less efficient as other health professionals will not see your full medical history. If you have any concerns about how your information is shared or held, please contact the Office Manager.
How your records are stored
Our practice uses an electronic clinical records programme called SystmOne which is where all of your information will be stored unless we hold paper records about you which will remain on paper.
Access to your health information
You have a right to access or view information the practice holds about you, and to have it amended or removed should it be inaccurate. You can make what is called a ‘Subject Access Request’ and we will:
describe the information we hold about you
tell you why we are holding that information
tell you who it might be shared with
at your request, provide a copy of the information in an easy to read form
If you would like to make a ‘Subject Access Request’, please contact the Reception
Can my information be used for any other reason?
The NHS currently uses your information in an anonymous and safe way to:
protect the health of the public
help us anticipate, plan and provide care
audit and monitor the quality of services provided
Information used for these purposes will not identify you but if you would like further details about this, or if you do not want us to use your information in this way, please contact the Office Manager.
Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided and design new services that fit our local patients health needs.
Privacy / Transparency Notice
Ivel Medical Centre takes your privacy very seriously. We are registered with the Information Commissioner’s Office as a Data Controller and our registration number is Z5019038
If you have any questions or wish to make a request in relation to your information, please contact us at;
Ivel Medical Centre, Chestnut Avenue, Biggleswade, Beds SG18 0RA
Ivel Medical Centre aims to provide you with the highest quality health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
Your doctor and other health professionals caring for you, such as nurses or physiotherapists, keep records about your health and treatment so that they are able to provide you with the best possible care.
These records are called your ‘health care record’ and may be stored in paper form or on computer and electronic systems and may include Personal Data;
- basic details about you, such as address, date of birth, NHS number, and next of kin
as well as Sensitive Personal Data;
- contact we have had with you, such as clinical visits
- notes and reports about your health
- details and records about your treatment and care
- results of x-rays, laboratory tests etc.
Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.
What do we do with your information?
- Refer you to other healthcare providers when you need other service or tests
- Share samples with laboratories for testing (like blood samples)
- Share test results with hospitals or community services (like blood test results)
- Patients are texted in relation to healthcare service
- Samples are provided to the courier for delivery to pathology
- Share reports with the coroner
- Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital
What else do we do with your information?
Along with these activities that allow us to provide health care to you, we use information in other ways which allow us to ensure that care is safe and to provide data for the improvement and planning of services.
- Quality / payment / performance reports are provided to service commissioners
- As part of clinical research – information that identifies you will be removed, unless you have consented to being identified
- Undertaking clinical audits within the Centre
- Supporting staff training
Sharing when Required by Law
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults or where required by court order.
Information Access and Rights
Data protection law provides you with a number of rights that the practice must support you with.
Right to Access
You have the right to obtain:
confirmation that your information is being used, stored or shared by the practice
a copy of information held about you
Ivel Medical Centre will impose a charge of £50 to cover the administration as an entire health record can be very large. If you only require a particular part of your record, tell us and we will amend the charge accordingly.
We will respond to your request within one month of receipt or will tell you when it might take longer.
We are required to validate your identity including the identity of someone making a request on your behalf
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it
There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time
We will respond to your request within one month of receipt or will tell you when it might take longer.
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Sometimes your information will be used to identify whether you need particular support from us. Those involved in your care might look at particular indicators and contact you or take action for healthcare purposes such as preventing you from having to visit accident and emergency by supporting you in your own home or in the community.
We will use automated technology to help us to identify people that might require support but ultimately, the decision about how to support you is made by those involved in your care.
Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.
The practice will use third parties to provide services that involve your information such as;
- Removal and destruction of confidential waste
- Provision of clinical systems
- Provision of connectively and servers
Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery)
Providers are required to maintain good standards of security to ensure your confidentiality.
How do we Protect your Information?
We are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;
Staff receive annual training about protecting and using personal data
Policies are in place for staff to follow and are regularly reviewed
We check that only the minimum amount of data is shared or accessed
We use ‘smartcards’ to access systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
We report and manage incidents to make sure we learn from them and improve
We put in place contracts that require providers and suppliers to protect your data as well
We do not send your data outside of the EEA
What information must be supplied?
Data obtained directly from data subject
Data obtained from a third party or sharing partner
Identity and contact details of the controller (and where applicable, the controller’s representative) and the data protection officer
|YES|| YES |
Purpose of the processing and the lawful basis for the processing
The legitimate interests of the controller or third party, where applicable
Categories of personal data
Any recipient or categories of recipients of the personal data
Details of transfers to third country and safeguards
Retention period or criteria used to determine the retention period
The existence of each of data subject’s rights
The right to withdraw consent at any time, where relevant
The right to lodge a complaint with a supervisory authority
The source the personal data originates from and whether it came from publicly accessible sources
Whether the provision of personal data part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data
The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.