GENERAL DATA PROTECTION REGULATIONS (GDPR)
Bay Medical Group aims to ensure the highest standard of medical care for our patients. To do this we keep records about you, your health and the care we provided or plan to provide to you.
This privacy/fair processing notice explains why GP Practice collects information about you and how that information is used. It does not provide exhaustive details of all aspects of the collection and use of personal information by the Bay Medical Group. However, we are happy to provide any additional information or explanation needed. If you wish to request further information please write to Janet Taylor, Administration and IMT Manager, Heysham Primary Care Centre, Middleton Way, Heysham, LA3 2LY).
How We Use Your Information
In order to provide your care, we need to collect and keep information about you and your health on our records. Your records are used to:
Disclosure of Information to Other Health and Social Professionals
We work with a number of other NHS and Partner agencies to provide healthcare services to you. Below is a list of organisations that we may share your information with:
Our partner organisations
We may also share your information, with your consent, and subject to strict sharing protocols about how it will be used, with:
This Practice operates a Clinical Computer System on which NHS staff record information securely. This information can then be shared with other clinicians so that everyone caring for you is fully informed about your medical history, including allergies and medication.
To provide around the clock safe care, unless you have otherwise asked us not to, we will make information available to trusted organisations. Wherever possible, their staff will ask your consent before your information is viewed.
We consider patient consent as being a key factor in dealing with your health information.
Risk Stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re) admission and identifying a need for preventative intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through analysis of your de-identified information using software managed by Lancashire and South Cumbria Clinical Services Support Unit commissioned by Morecambe Bay Clinical Commissioning Group (MB CCG) and is only provided back to your GP as a data controller in an identifiable form. Risk stratification allows your GP to focus on preventing ill health and not just treatment of sickness. If necessary your GP may be able to offer you additional services. Please note that you have the right to opt out of your data being used in this way.
Research and Development
Bay Medical Group contributes to the Clinical Practice Research Datalink (CPRD)
Information in patient records is important for medical research to develop new treatments and test the safety of medicines. This practice supports medical research by sending some of this information from patient records to CPRD.
CPRD is a government organisation that provides anonymised patient data for research to improve patient and public health. You cannot be identified from the information sent to CPRD.
If you do not want anonymised information from your patient record to be used in research you can opt out by speaking to one of our Doctors, Nurses or Patient Advisors and ask them to let our Administration & IM&T Manager know.
For more information about how your data is used please visit: www.cprd.com/public
The Practice may conduct Medicines Management Reviews of medication prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost effective treatments. This service is mainly carried out in the Practice however there are times when it may also be supported by MB CCG.
Shared Care Records
To support your care, and improve the sharing of relevant information to our partner organisations when they are involved in looking after you, we will share information to other systems. The general principle is that information is passed to these systems unless you request this does not happen, but that system users should ask for your consent before viewing your record.
Gathering Patient Feedback/Patient Surveys
As part of the NHS Constitution, the NHS actively encourages feedback from public, patients and staff and welcomes it use to improve services. Bay Medical Group uses the NHS Friends and Family’s Tests (FFT) to collect feedback from patients about their experiences when accessing services so we may review the care provided and inform development of high quality standards. The FFT is managed solely by the Practice. Bay Medical Group also runs surveys from time to time to gather feedback from patients on proposed changes to services and on the introduction of new services, again these are all managed in-house by Bay Medical Group.
Lawful Basis for processing your data
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in Bay Medical Group and in support of direct care elsewhere is supported under the GDPR Special Category of Data concerning health and under the following Articles 6 (lawful basis) and 9 (conditions):
Article 6(1)(c) "processing is necessary for compliance with a legal obligation to which the controller is subject."
Article 6(1)(d) "processing is necessary to protect the vital interests of the data subject or of another natural person"
Article 6(1)(e) …necessary for the performance of a task carried out in the public interest or in the exercise of official authority…
Article 9(2)(b) ‘...is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of ...social protection law in so far as it is authorised by Union or Member State law..’
Article 9(2)(c) "processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent"
Article 9(2)(h) "processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;"
Article 9(20(b)…‘necessary for social protection law
For safeguarding specifically the sharing is a legal requirement to protect vulnerable children or adults, therefore for the purposes of safeguarding children and vulnerable adults, the following Articles 6 (lawful basis) and 9 (conditions) also apply:
For consented processing;
6(1)(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes
For unconsented processing;
6(1)(c) processing is necessary for compliance with a legal obligation to which the controller is subject
We will consider your rights established under UK case law collectively known as the "Common Law Duty of Confidentiality"*
How we keep your information confidential and secure
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the:
Everyone working in, or for, the NHS must use personal information in a secure and confidential way.
We will only ever use or pass on your information if there is a genuine need to do so. We will not disclose information about you to third parties without your permission unless there are exceptional circumstances, such as when the law requires.
To protect your confidentiality, we will not normally disclose any medical information about you over the telephone, or by fax, unless we are sure we are talking to you. This means we will not disclose information to your family, friends, and colleagues about any medical matters at all, unless we know that we have your consent to do so.
Anyone who receives information from us is also under a legal duty to keep it confidential and secure
All persons in the Practice sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
Please be aware that your information will be accessed by non-clinical Practice staff in order to perform tasks enabling the functioning of the Practice. These are, but not limited to:
Rights of Access to your Health Information
Under GDPR you have the right to find out what information about you is held on computer and in manual records. This is known as ‘subject access rights’ (SARs) and applies to;
If you want to see the information held about you that the Practice holds:
Who else may ask to access your information?
You have the right, should you request it, to see reports to insurance companies or employers before they are sent.
Sharing your information without consent
We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:
Bay Medical Group is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Information you supply using any electronic form(s) on this website will only be used for the purpose(s) stated on the from;
Changes of Details
It is important that you tell the person treating you if any of your details such as your name or address or telephone number (including mobile) have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
The Data Protection Act 1998 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
This information is publicly available on the Information Commissioners Office website www.ico.org.uk
The Practice is registered with the Information Commissioners Office (ICO).
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure and confidential is Bay Medical Group.
Who is the Data Protection Officer?
The Data Protection Officer (DPO) for Bay Medical Group is Dr Andy Foster.
Complaints / Concerns
If you have any concerns about how we use or share your information, or you do not wish to share your information, then please contact our Administration & IM&T Manager, Janet Taylor who will be able to assist you.
If you are still unhappy following a review by the Practice you can complain to the Information Commissioners Office (ICO). www.ico.org.uk , email@example.com telephone: 0303 123 1113 (local rate) or 01625 545 745.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice will be reviewed again before the end of November 2018.