We are a GP practice working within the area of the Betsi Cadwaladr Health Board. We serve a practice population of 4,712 patients and employ a number staff which include GPs, nurses, healthcare assistants and administrative staff. Caerffynnon Surgery aims to ensure the highest standard of medical care for our patients. To do this we keep records about you, your health and the care we have provided or plan to provide to you.
Why issue a privacy notice?
Caerffynnon Surgery recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to our values and being transparent and open.
This notice also explains what rights you have to control how we use your information.
What are we governed by?
The key pieces of legislation/guidance are:
- General Data Protection Regulations
- Human Rights Act 1998 (Article 8)
- Access to Health Records Act 1990
- Freedom of Information Act 2000
- Health & Social Care Act 2012, 2015
- Public Records Act 1958
- Copyright Design and Patents Act 1988
- The Re-use of Public Sector Information Regulations 2015
- The Environmental Information Regulations 2004
- Computer Misuse Act 1990
- The Common Law Duty of Confidentiality
- Information Security Management – NHS Code of Practice
Who are we governed by?
- Department of Health
- Information Commissioners Office
- Health Inspectorate Wales
- NHS Wales
- General Medical Council (GMC)
Why and how we collect information
Information which can be accessed, where there is a need, includes:
- personal information, such as name, date of birth, gender;
- hospital admission, attendances and referral dates;
- vaccinations and immunisations;
- test results, including measurements such as blood pressure;
- diagnoses (current and previous problems);
- treatment and medical procedures.
How we use information
- To help inform decisions that we make about your care
- To ensure your treatment is safe and effective
- To work effectively with other organisations who may be involved in your care
- To support the health of the general public
- To ensure our services can meet future needs
- To review care provided to ensure it is of the highest standard possible
- To train healthcare professionals
- For research and audit
- To prepare statistics on performance
- To monitor how we spend public money
There is a huge potential to use your information to deliver care and improve health and care services across the NHS and social care. The information can be used to help:
- Improve individual care
- Understand more about disease risks and causes
- Improve diagnosis
- Develop new services
- Improve patient safety
- Evaluation of policy/procedures/pathways
It helps because
- Accurate and up to date information assists us in providing you with the best possible care
- If you see another healthcare professional, specialist from another part of the NHS, they can readily access the information they need to provide you with the best care possible.
- Where possible, when using information to inform future services and provision, non-identifiable information will be used.
Disclosure of Information to Other Health and Social Professionals
We work with a number of other NHS and partner agencies to provide healthcare services to you, for example:
- Other NHS hospitals
- Relevant GP Practices
- Dentists, Opticians and Pharmacies
- Private Sector Providers (private hospitals, care homes, hospices, contractors providing
- services to the NHS)
- Voluntary Sector Providers who are directly involved in your care
- Ambulance Service
- Specialist Services
- Associated healthcare and social care staff working within Arfon Cluster
- Out of Hours Medical Service
- NHS Wales
- Test, Trace and Protect Team – processing of personal information in response to COVID19 Pandemic and as a notifiable disease is in the public interest. We would only share information of names, addresses and telephone numbers for contact purposes.
We may also share your information with your consent, and subject to strict sharing protocols, about how it will be used, with other Health and Social Care departments and the Police and Fire Services.
Risk prediction data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive information. Information about you is collected from a number of sources in NHS Wales including this GP Practice.
A risk score is then arrived at through an analysis of your de-identifiable information by the NHS Informatics Service and is only provided back to your GP’s Data Controller in an identifiable form. Risk prediction enables your GP to focus on preventing ill health and not just the treatment of illness. If necessary, your GP may be able to offer you additional services.
My Health Online (MHOL) – Online Registration for Booking Appointments and Ordering Repeat Prescriptions
Registering for My Health Online allows you to book a routine GP appointment 24 hours a day, cancel appointments no longer needed, check your repeat medication, order repeat prescriptions and make changes to your email and mobile contact number where appropriate. Patients aged 16 years and over can register to use this service and can de-register at any time. Please enquire at Reception if you need information.
Mail to Patients
We sometimes use a printing company to send letters to our patients, for example to remind you about flu vaccination campaigns. Data sent is encrypted and the Company puts it in a format to print the letter, despatch via Royal Mail or courier, and then delete the information we send.
Text messages to Patients
If we have your current mobile telephone number, we will send you appointment reminder text notifications, information about flu clinics, health promotion information, cancellation of clinics and changes in service provision. Please ensure that we have your most up to date mobile telephone number for this to continue. (You can opt out of the text notification service at any time by contacting the practice).
Emergency Care Summary (ECS)
Emergency care information such as your name, date of birth, the name of your GP, any medicines which your GP has prescribed, any medicines you are allergic to or react badly to, is shared with Out of Hours as this might be important if you need urgent medical care when the GP surgery is closed.
NHS staff (Doctors, Nurses, Accident and Emergency, Ambulance control and crews) can look at your ECS if they need to treat you when the surgery is closed. They will ask for your consent before they look at your records. In an emergency and if you are unconscious, staff may look at your ECS without your agreement to let them give you the best possible care. Whenever NHS staff looks at your ECS, a record will be kept so we can always check who has looked at your information.
The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost effective treatments. This service is provided by our clinicians and Pharmacists provided by the local Health Board.
This Practice operates a Clinical Computer System on which NHS Staff record information securely. This information can then be shared with other Clinicians so that everyone caring for you is fully informed about your relevant medical history. Please see further information below.
How We Keep Your Information Confidential and Secure
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998, Article 8 of the Human Rights Act, the Common Law of Confidentiality, The General Data Protection Regulation and the NHS Codes of Confidentiality and Security. Everyone working in or for the NHS must use personal information in a secure and confidential way.
Please be aware that your information will be accessed by non-clinical Practice staff in order to perform tasks enabling the functioning of the Practice. These are, but not limited to:
- Typing referral letters to Hospital Consultants or allied Health Professionals
- Opening letters from hospitals and Consultants
- Scanning clinical letters, reports and any other documents not available electronically
- Photocopying or printing documents for referral to Consultants
- Handling, printing, photocopying and postage of medico legal and life assurance reports and other associated documents
- When you register with the Practice we may ask for proof of ID – this is to ensure that no one tries to register you at the Practice using your identity but without your knowledge. Please be assured that any copies of ID that we take at that point are destroyed once we have confirmation of your registration by NHS Wales. This takes 2-3 days maximum.
To protect your confidentiality, we will not normally disclose any medical information about you over the telephone, or by fax, unless we are sure that we are talking to you. This means that we will not disclose information to your family, friends, and colleagues about any medical matters at all, unless we know that we have your consent to do so.
We will only ever use or pass on your information if there is a genuine need to do so. We will not disclose information about you to third parties without your permission unless there are exceptional circumstances, such as when the law requires.
All persons in the Practice (whether employed by the Doctors, or for the Local Health Board) sign a confidentiality agreement that explicitly makes clear, their duties in relation to personal health information and the consequences of breaching that duty.
Right of Access to Your Health Information
The General Data Protection Regulation allows you to find out what information about you is held on computer and in manual records. This is known as “right of subject access” and applies to personal information held about you. If you want to see or receive information that the Practice holds about you:
- You will need to make a request to the practice manager.
- We may ask you to complete a request form to establish exactly what parts of your record you need.
- You will need to give us adequate information for us to be sure that your request is legitimate (eg, date of birth, NHS number etc) plus two forms of identification to enable us to confirm your identity – with a large practice list size
- There may be a charge for excessive requests for information held about you
- We are required to respond to you within one month
Who Else May Ask to Access Your Information
The Court can insist that we disclose medical records to them;
- Solicitors often ask for medical reports. We will require your signed consent for us to
- disclose information. We will not normally release details about other people that are contained in your records (e.g. wife, children parents etc.) unless we also have their consent;
- Social Services – The Benefits Agency and others may require medical reports on you from
- time to time. We will need your signed consent to provide information to them.
- Life Assurance Companies/Employers/Occupational Health Doctors frequently ask for
- medical reports on individuals. These are always accompanied by your signed consent form.
We will only disclose the relevant medical information as per your consent. You have the right, should you request it, to see reports prepared for Insurance Companies, employers or occupational Health doctors before they are sent.
Sharing Your Information without Consent
We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:
- Where there is a serious risk of harm or abuse to you or other people
- Where a serious crime, such as assault, is being investigated or where it could be prevented
- Where we encounter infectious diseases that may endanger the safety of others, such as
- meningitis or measles (but not sensitive information such as HIV/AIDS)
- Where a formal Court Order has been issued
- Where there is a legal requirement, e.g. if you had committed a Road Traffic Offence
The practice is committed to ensuring that your privacy is protected
Change of Details
It is important that you tell us if any of your details such as your name, address, home telephone number or mobile telephone number has changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are kept accurate and up to date at all times.
Your NHS Number
Every person registered with the NHS in England and Wales has their own unique NHS number. It is made up of 10 digits – for example 123 456 7890.
Your NHS number is used by healthcare staff to identify you correctly. It is an important step towards improving the safety of your healthcare. To improve safety and accuracy always check your NHS number on correspondence the NHS sends to you.
If you don’t know your NHS number, ask at the Practice. You may be asked for proof of identify for example a passport of other form of identity. This is to protect your privacy.
This Privacy Notice does not provide exhaustive details of all aspect of the collection and use of personal information by Caerffynnon Surgery. However, we are happy to provide any additional information or explanation needed. If you wish to request further information please contact:
Practice Manager, Sarah Tibbetts
Telephone: 01341 422 431
Should you have a complaint about how your information is managed at the practice, please contact the Practice’s Data Protection Officer, Nicola Marsh. If you remain unhappy with the Practice’s response, you can complain to the Information Commissioner Office www.ico.gov.uk
Changes to This Privacy Notice
We keep our Privacy Notice under regular review. This Privacy Notice will next be reviewed in March 2022