The Accessible Information Standard aims to ensure that patients (or their carers) who have a disability or sensory loss receive information they can access and understand, for example in large print, braille or via email, and professional communication support if they need it, for example from a British Sign Language interpreter.

This applies to patients and their carers who have information and / or communication needs relating to a disability, impairment or sensory loss. It also applies to parents and carers of patients/service users who have such information and/or communication needs, where appropriate.

Individuals most likely to be affected by the Standard include people who are blind or deaf, who have some hearing and/or visual loss, people who are deaf, blind and people with a learning disability. However, this list is not exhaustive.

If you feel that this applies to you or someone in your care please send us an e-consult or speak to reception. If you are sending an e-consult, you may want to consider:

• Do you have communication needs?
• Do you need a format other than standard print?
• Do you have any special communication requirements?
• How do you prefer to be contacted?
• What is your preferred method of communication?
• How would you like us to communicate with you?
• Can you explain what support would be helpful?
• What is the best way to send you information?
• What communication support could we provide for you?
• If you have a carer do they need communication assistance?
  • If ‘Yes’ what is your Main Carer’s name?
• Do you consent to the practice contacting your main carer regarding your care?
• What is the best way to contact them?

We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.

To pursue a complaint please contact the practice manager who will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from reception.

Complaints & comments are most welcome and would no doubt help to improve communication and services.

Would you like to have your say about the services provided at the Lyndhurst surgery? The Practice Patient Participation Group would like to hear from you. If you would like to give and receive feedback about your views and experiences, please enquire to join our Patient participation group via reception team.

Our Practice Manager or Dr Johal would be more than glad to try to deal with or resolve any differences/complaints as effectively as possible within 56 days. Complaints can be made in writing, in person or via the complaint box situated in reception.
Complaint Email – Wfccg.prglyndhurst@nhs.net

The practice is committed to strict confidentiality to patient information among the patient, staff & clinicians.

Disclosure to the third party is subject to written consent.

Ascertaining identity may be warranted in certain circumstances.

Due to the number of patients failing to attend for their appointments with appropriate notice, a policy has been developed to try and resolve this.

If you fail to attend appointments without informing us at least two hours prior to your appointment, we will contact you.

Where a third DNA has occurred, a final warning correspondence will be sent and the practice will review the individual case and a decision will be taken with regard to addressing the patient’s future ability to pre-book advanced appointments. The practice will consider whether consistent failure to adhere to our practice policy constitutes a breakdown between the patient and the GP (where the GP practice has given clear instruction on policy and service provision and the patient has chosen to disregard this on several occasions in spite of due warning). With the decision made the patient will be contacted in writing.

You may be removed from the practice list and have to find an alternative GP practice. If there are any specific problems preventing you from attending please let us know. Mistakes do happen and the practice understands that appointments can be forgotten or overlooked. In such cases, the practice will take into account the reason given by patients. The practice regularly advises patients to keep contact details up to date to avoid text message reminders being undelivered.

How to avoid a DNA

If the patient cannot attend or no longer needs an appointment they can contact the surgery at least 2 hours before the appointment either by;

• Calling: 0208 539 1663
• Text messaging: Replying to text message reminders sent automatically by the practice
• Through patient access
• In person at reception

(The practice does not recommend cancellations in writing as delay could occur in receiving).

NHS Data Sharing in East London

In East London we can improve the quality of care you receive by sharing the right information about you between our local NHS and social care organisations who are providing you with your direct care. We call this sharing of information Data Sharing and the people sharing this data your Direct Care Team who will be people you will at some point be involved directly in your care be it your GP, or the A&E team when you visit for an emergency, or the social care team looking after you in your home. The sharing of information has always happened (to a lesser degree) with paper processes but systems are allowing us to share more relevant information about you amongst your Direct Care Team helping them to be more efficient and support theirs and your decision making on your care.

This work is being led by your local clinicians who want to help support you receiving the best quality care possible. They want to be as transparent as possible so that you can feel assured that data is being shared with your best interests at heart and they want you to be involved in this as best you see fit.

All of the people accessing and sharing your information (your Direct Care Team) will have some form of direct interaction with you otherwise they will not be accessing your information (in other words the A&E team would only ever access information if you had an emergency and actually attended A&E). The reason they want to access your information is that this can improve the quality of care that you receive from them. Imagine the information or data that is held about you are pieces of a jigsaw and these pieces are held on different systems by the providers of your care. If one of your Direct Care Team wants to make a decision on the best course of action for you, the more pieces of the jigsaw they have, the more they can know about you and your history of care and therefore they can make the most appropriate decision based on you and your needs.

The set of rules we use locally about sharing your information (or data) form our “Fair Processing” arrangements and this site will give you all the information you need to understand how this all works (or places you can go to find out more information).

Data Sharing and the law

The new General Data Protection Regulation (GDPR) is in application from 25 May 2018, and supersedes the UK Data Protection Act 1998 (DPA). With the onset of GDPR the professionals involved in your individual care (or direct care) will be using implied consent from you to see your shared medical records. In order for the sharing of Personal Data to comply with Article 5 of the General Data Protection Regulation it must be fair and lawful and one of the Article 6 conditions must be met. Article 9 conditions must also be met if Sensitive Personal Data or special category data is being shared. The following articles are the ones that apply for sharing of data for the professionals involved in your care:

• • A) Article 6 condition – The sharing of Personal Data is permitted under Article 6 paragraph (c) (processing for legal obligation); paragraph (d) (processing for vital interests of data subject); and/or paragraph (e) (public interest or in the exercise of official authority).

• • B) Article 9 condition – The sharing of Sensitive Personal Data or Special Category Data is permitted under Article 9 (h) (processing for medical purposes); and/or paragraph (i) (public interest in the area of public health). For the vast majority of sharing we will be relying on article (h) with an implied consent model for direct individual care (more detail below where we talk about the Common Law Duty of Confidentiality). In certain instances, however, we may also rely on paragraph (a) (explicit consent) or paragraph (c) (vital interests) but these will be specified in any sharing agreements or data processing contracts related to those special cases.

Common Law Duty of Confidentiality

Common law is not written out in one document like an Act of Parliament (like the Data Protection Act). It is a form of law based on previous court cases decided by judges; hence, it is also referred to as ‘judge-made’ or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent. This duty of confidence means that professionals should not disclose a patient’s personal information to anyone outside the team providing care for them without the explicit consent of the patient. For those providing care for the patient there is an implied consent in place. There are three circumstances where your information can be shared to someone outside of the team involved in your direct care. These are:

• • where you have consented to have this information shared

• • where disclosure is necessary to safeguard you, or others, or is in the public interest

• • where there is a legal duty to do so, for example a court order

Audit, service evaluation and research

We do also use de-identified data to help us to audit our services, do re-evaluation of their outcomes (to help continually improve your care) and for research purposes. This de-identifying process is also called pseudonomisation whereby your distinct personal details (name, date of birth) are either removed or scrambled in such a way as to stop you being identified. This data mainly falls outside of GDPR and the national opt out, as this only applies for identifiable data for secondary use.

Healthcare cannot stand still and we need to constantly strive to improve the services and care you receive and this can only be done by looking at the totality of data to look at outcomes and any trends in those outcomes.

The Organisations involved in your Direct Care Team

The local organisations involved in your Direct Care Team include:

• • Barts Health NHS Trust

• • Homerton University Hospital

• • Barking, Havering and Redbridge University Hospitals NHS Trust

• • East London Foundation Trust

• • North East London Foundation Trust

• • GP Provider Federations

• • General Practices

• • Community Health Services (on their own or through the organisations they are hosted in)

• • City of London Corporation

• • London Borough of Hackney

• • London Borough of Newham

• • London Borough of Tower Hamlets

• • London Borough of Waltham Forest

• • London Borough of Barking & Dagenham

• • London Borough of Havering

• • London Borough of Redbridge

• • St Joseph’s Hospice

• • City and Hackney Urgent Healthcare Social Enterprise

• • London Ambulance Service

How it works

Data sharing securely connects different medical and care computer systems together. When a patient’s records are requested, it collects the information from the different system and shows the information to the requestor. None of the information it collects is stored and none of it can be changed. Because it collects the information only when it is needed, the information is always accurate and as up to date as possible.

Before any information is collected or displayed to a care professional, they must be involved in your individual or direct care. Not everyone can see your shared data, nor should they. It will only be accessed by the people involved in looking after you directly. The Fair Processing Programme uses the secure NHS network to retrieve the information that has been approved to be shared with that care setting and displays a read only view for the care professional to use to support the delivery of care at that specific point in time.

No information is stored or saved within the or the care setting from where it is accessed so there is no need to worry about what could happen to your information without your knowledge or permission. There are two major ways that Data Sharing is taking place in East London.

1. 1. The Summary Care Record – The Summary Care Record contains information about your allergies, medications and reactions you have to medications, so that in an emergency or when your GP practice is closed this information is available so that you can be cared for. This is a national programme for sharing your information. For more information please go to www.nhscarerecords.nhs.uk
   2. East London Patient Record (eLPR) – This is a local programme which shares more information about you than the Summary Care Record to better support your Direct Care Team and your care. Currently this is sharing between the following organisations:

• • Barts Health NHS Trust

• • Homerton University Hospital

• • East London Foundation Trust

• • All General Practices in City & Hackney CCG, Newham CCG, Tower Hamlets CCG, Waltham Forest CCG, Barking CCG, Havering CCG and Redbridge CCG

• • St Joseph’s Hospice

• • North East London Foundation Trust

• • GP Provider Federations

• • Community Health Services (on their own or through the organisations they are hosted in)

• • London Borough of Hackney

• • London Borough of Newham

• • City and Hackney Urgent Healthcare Social Enterprise

• • London Ambulance Service

The East London Patient Record (eLPR) will be adding more organisations and this site will be update with those details in due course.

What does it mean to you?

Joined up safer care + More time spent on your care + All of your information in one place = Safer and better care for you! The following sites contain some useful information and videos to help you understand data sharing better:

• • https://www.nhs.uk/your-nhs-data-matters

• • https://understandingpatientdata.org.uk/what-you-need-know

Discovery Data Service

The Discovery Data Service is a brand new service in development in east London. Primarily the aim of Discovery is to link up all of the local data held about you to improve direct patient care. The secondary aim to produce a de-identified (or pseudonymised) linked database for service evaluation, audit, and research.

This service will see all of the data come directly from the local providers (GP Practices, Barts and the Homerton and so on) and will mean that those providers are in control of that data and how it should be best used for your care and to improve the way we operate to deliver your care. There will be stringent Information Governance controls around the usage but these will be managed by us locally (including by you the patients who ultimately own the data) and will mean we can better use our data the ways we know will improve healthcare here locally in east London. This service has been shaped with these main aims:

1. • To improve direct care for patients by using the totality of their health record from all the
     local providers in real time

• • To use the data to research and improve the quality of services we supply locally

• • To support east London in other population health research
    This Service is under development so we hope to come back to you and update you when the
    service starts producing its first outputs.

FAQs

Why do you need to share my information?
Data sharing will provide health and social care professionals directly involved in your care access to the most up-to-date information about you. This allows the professionals caring for you to more fully understand your needs. Information is already shared by phone and paper records, data sharing simply allows this to happen more efficiently. It does this by sharing appropriate information from your medical and care records between health and social care services involved in your care.

Can anybody see my records?
Definitely not. Only care professionals directly involved in your care will see your personal care information through data sharing.

How do I know my records are secure?
By law, everyone working in, or for, the NHS and adults’ and children’s social care must respect your privacy and keep your information safe. Your information is stored on secure computer systems connected on a private health and social care network.

Can I access my records?
Yes. Under the GDPR you can request access to all information that organisations hold about you. Please contact the organisations directly to request the information.

Can I object to my records being shared?
You can object to your information being shared by talking to your providers of care. For direct care the people viewing your records are the people directly looking after you and are doing so to give you the best quality care they can. If you do however still want to object please contact the organisation who holds the records you do not want to be shared. It is worth noting that not sharing vital information about you with other organisations involved in your care could affect the quality of care that you receive and there may be circumstances where you objection may not be upheld. For example:

1. • If it is in the public interest for data to still be shared. For example if there is a
     safeguarding issue, or in the case of a mental health patient who might be at risk from harming themselves or a member of the public.

• • If clinical care cannot be provided. For example in referring a patient to hospital and data needs to be shared for the hospital clinician to do their job properly. In this instance obviously the patient can then choose not to have the treatment and therefore not have their data shared.

• • If systems are not well enough developed enough to not share the information. For
    example GP Systems are relatively well developed and can handle objections a lot more easily than other providers but they still may be asked not to share something which the system cannot do. In this instance points 1 and 2 above would apply.

What information will be shared?
Your shared record will contain a summary of your most up-to-date, relevant health information which includes things such as:

• • Your recent diagnosis and test results;

• • What allergies you have;

• • What medications and treatment you currently receive.

• • Any Current or Past (and significant) Illnesses

• • Encounters and Referrals

Can everybody see everything on my medical and care records?
No. We are working very carefully, supported by health and social care professionals, to make sure only relevant information is shared into specific care settings.

Can my records be accessed by health and social care professionals outside of my borough?
Yes they can, but only with other professionals who are caring for you directly. On top of the programmes mentioned above there is also the Summary Care Record is a national programme and as such means that it is available to care organisations outside of these boroughs (but again only for direct care purposes). The Summary Care Record contains important health information such as:

• • Any prescription medication a patient is taking

• • Any allergies a patient may have

• • Any bad reaction to any medication a patient may have previously had

• • More information about the Summary Care Record can be found at www.nhscarerecords.nhs.uk

If you have any queries or want to know more about data sharing or our fair processing please contact your local provider that holds the information you wish to discuss.

NHS England require that the net earnings of Doctors engaged in the Practice is publicised, and the required disclosure is shown below. However it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time Doctors spend working in the Practice, and should not be used to form any judgment about GP earnings, nor to make any comparison with any other Practice.

All GP Practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each Practice. The average pay for GPs working in The Lyndhurst Surgery in the last financial year was £62,374 before tax and national insurance. This is for two full-time GPs and two locums who worked in the Practice for more than 6 month

You may be aware that from April 2015 all practices are required to provide all their patients with a named GP who will have overall responsibility for the care and support that our surgery provides to them.

Patients aged 75 years and over were allocated named GP last year which will remain the same.

Dr P Goel will be the named GP for all female patients under 75 years and Dr H Johal will be the named GP for all male patients under 75 years.

If you wish to change your allocated named GP please contact reception staff.

Having an allocated GP does not prevent you from seeing any GP in the practice

Practice observes a zero tolerance policy to abusive & violent behaviour.
Abusive and violent behaviour towards practice team leads to deregistration of the patient at the practice.

1. To use appointments appropriately
2. Inform surgery of cancellation of appointments well in time at least 2 hours in advance. Please see Did not attend policy.
3. Order repeat prescriptions in good time and order all items together.
4. To cooperate in health promotion & screening programmes:
   Immunisations – For children & adult at risk
   Cervical Smears (screening)
   Breast Screening
   Bowel Cancer Screening
   Medical Reviews

PHM is aimed at improving the physical and mental health outcomes and well-being of local and national populations, making sure that access to services is fair, timely, and equal. PHM is an approach being implemented across the NHS and this Practice.

Population Health Management requires health and social care to work together with communities and partner agencies, so your GP, hospital, other health or care providers, local Councils within NE London and the NHS NEL Integrated Care Board may send the information they hold on their systems to each other. All of these organisations are legally obliged to protect your information and maintain confidentiality in the same way that your GP or hospital provider is.

The information needed for PHM will include your health and social care data, which will be used in a pseudonymised form. This means, anything that can identify you (like your name or NHS Number) will be removed and replaced with a unique code so that the people working with the data will only see the code and cannot see which patient the information relates to.

The information sharing will be subject to robust security arrangements and risk assessments. It will then be used for a number of health and social care related activities such as:

• identifying groups of patients that could benefit from direct interventions
• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

Health Care Providers are permitted by data protection law to use information where it is “necessary for medical purposes”. This includes caring for you directly as well as management of health services more generally. The legal basis for sharing your information is Article 6(1)(e) and Article 9(2)(h) of the UK GDPR – for the performance of a task carried out in the public interest and for the provision of health or social care. Sharing and using your information in this way helps to provide better health and care for you, your family and future generations.

You have the right to opt out of sharing your personal data being used in this way. You can do this in two ways:

1. Opt out of all sharing of your data for other uses outside your GP Practice. This is called a Type 1 opt out and you should request this directly to us, your GP practice. This will be applied not only to this programme but to any others we take part in.
2. By submitting a national Data Opt-out

This privacy notice explains why The Lyndhurst Surgery (henceforth, ”we”, ”us”, or ”our”) collect information about you and how that information may be used. We keep medical records confidential, complying with all Data Protection obligations. The use of data in the UK is mainly governed by:

• UK GDPR 2021
• Data Protection Act 2018,
• Human Rights Act 1998
• Codes of Confidentiality, Information Security, and Records Management

The use of healthcare data specifically is also governed by other laws such as the Access to Health Records Act 1990, the Health and Social Care Act 2012, and more.

The information we hold about you

All patients who receive NHS care are registered on a national database. This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive. The database is held by NHS Digital – a national organisation which has legal responsibilities to collect NHS data. More information can be found at: https://digital.nhs.uk/ or the phone number for general enquires at NHS Digital is 0300 303 5678.

Your care records may exist in several formats including electronic, paper or a mixture of both, and we deploy many approaches to ensure that such information is maintained within a confidential and secure environment. The records which we could hold about you may include the following information:

• Personal details relating to you, including your address and contact details, carer, legal representative and parents’ emergency contact details
• Any contact we have had or intend to have with you such as appointments, clinic or surgery visits, home visits, etc.
• Notes and reports about your health which is deemed to be of a sensitive nature
• Details about your referral, diagnostics procedures, treatment and care
• Results of any additional relevant investigations
• Relevant information from other health professionals, relatives or those who care for you

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service. There are also a number of Digital Tools that are centrally managed by North East London Integrated Care Board which help support your direct care and improve the way care is delivered in the future. To view the fair processing notice for these tools follow this link: www.northeastlondon.icb.nhs.uk/legal-information

How we use your information

We will use your information for direct care purposes and to check and review the quality of the service we provide. This helps us to improve our services to you.

Anonymised information held about you could, on occasions, be used to help protect the health and well-being of the general public and to help us manage our contracts with commissioners. Information could also be used within our Practice for the purposes of clinical audits which in turn will provide monitoring of the quality of the services we provide.

Some of this information will be used for statistical purposes and we will ensure that individuals cannot be identified. For situations where we may contribute to research projects we will always gain your explicit consent before releasing any relevant information.

We may occasionally run automated searches through our database to identify patients at high risk for certain diseases or medical conditions in order to provide them with additional and early support. This process will involve linking information from your GP record with information from other health or social care services you have used. We may use a third-party provider to help us perform the searches, however they will only be provided with pseudonymised data, so data which can directly identify you will only be viewable to the GP Practice.

Legal Basis for Processing

Our legal basis for processing your personal data relies on GDPR Article 6(1)(e), “…necessary for the performance of a task carried out in the public interest…”;

Our legal basis for processing your special category data relies on Article 9(2)(h), “necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” underpinned by the Data Protection Act 2018 Schedule 1 2(2)(d), “provision of healthcare or treatment”.

On occasion, we may also rely on other Article 9 conditions such as explicit consent, vital interests, legal claims, substantial public interests (with a basis in law), public health (with a basis in law), or archiving, research and statistics purposes (with a basis in law).

Maintaining the Confidentiality of Your Records

We will take all possible care to protect your privacy and will only use information collected with the law. Our staff are briefed on data protection principles and understand they have a legal obligation to keep information about you confidential. They also understand that information about you will only be shared with other parties if there is an agreed or legal requirement.

We will only share your data without your permission under exceptional circumstances, subject to the exceptions given by the GDPR and UK Data Protection act, which includes:

• prevention and detection of crime
• substantial public interest
• vital interests (life-threatening emergencies)

This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott Principles.

All personal information that we manage is stored in the UK within a secure environment and we always use suitably protected methods and systems to transfer your personal information.

Who your data is shared with

We will share relevant information from your medical record with other health or social care staff or organizations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.

In general, your data may be shared with:

• healthcare professionals and staff in this surgery;
• local hospitals (e.g., for referrals);
• out-of-hours services (e.g., for staff treating you in an emergency may check if you have allergies. They will use your Summary Care Record. For more information, see: https://digital.nhs.uk/summary-care-records);
• diagnostic and treatment centres; or
• other organisations involved in the provision of direct care to individual patients (e.g. NELFT), or organisations which we have contracted to help us process data (see below for more information on our data processors).

In addition, we are legally required to share data with NHS Digital for purpose under section 259(1)(a) of the Health and Social Care Act 2012 to support vital planning and research for COVID-19 purposes. For further details, please refer to: https://digital.nhs.uk/binaries/content/assets/website-assets/corporate-information/directions-and-data-provision-notices/data-provision-notices/gpesdatapandemicplanningresearchdpnv1.0.pdf

We are also legally required to share your data with OpenSAFELY. OpenSAFELY was developed during the COVID-19 pandemic, and is being expanded this year, under Directions given by the Secretary of State. The lawful basis for these Directions are, and further information about OpenSAFELY is available here: https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/directions-and-data-provision-notices/secretary-of-state-directions/nhs-opensafely-data-analytics-service-pilot-directions-2025/nhs-opensafely-privacy-notice

Your GP will make pseudonymised patient data available to the OpenSAFELY platform. The GP will remain in control of your data, and no identifiable data is moved from GP IT systems. You can opt out of your data being shared for OpenSAFELY entirely by submitting a type 1 opt-opt, or partially by submitting a National Data Opt-out (more on this later).

We may also participate in national clinical audits to monitor and improve healthcare quality. Medical record data helps healthcare professionals assess the standard of care provided. Audit results highlight areas of good practice and identify opportunities for improvement in patient care, so this data is submitted to NHS Digital. Shared data may include identifiers such as your NHS Number and date of birth, along with coded health information (e.g., conditions like diabetes or high blood pressure). Information is only shared when permitted by law.

For further details, visit the Healthcare Quality Improvement Partnership website or call 020 7997 7370.

You have the right to object to your identifiable information being shared for national clinical audits. To do so, please contact us.

Your data will never be transferred internationally.

Population Health Management (PHM)

PHM is aimed at improving the physical and mental health outcomes and well-being of local and national populations, making sure that access to services is fair, timely, and equal. PHM is an approach being implemented across the NHS and this Practice.

Population Health Management requires health and social care to work together with communities and partner agencies, so your GP, hospital, other health or care providers, local Councils within NE London and the NHS NEL Integrated Care Board may send the information they hold on their systems to each other. All of these organisations are legally obliged to protect your information and maintain confidentiality in the same way that your GP or hospital provider is.

The information needed for PHM will include your health and social care data, which will be used in a pseudonymised form. This means, anything that can identify you (like your name or NHS Number) will be removed and replaced with a unique code so that the people working with the data will only see the code and cannot see which patient the information relates to.

The information sharing will be subject to robust security arrangements and risk assessments. It will then be used for a number of health and social care related activities such as:

• identifying groups of patients that could benefit from direct interventions
• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

Health Care Providers are permitted by data protection law to use information where it is “necessary for medical purposes”. This includes caring for you directly as well as management of health services more generally. The legal basis for sharing your information is Article 6(1)(e) and Article 9(2)(h) of the UK GDPR – for the performance of a task carried out in the public interest and for the provision of health or social care. Sharing and using your information in this way helps to provide better health and care for you, your family and future generations.

You have the right to opt out of sharing your personal data being used in this way. You can do this in two ways:

• Opt out of all sharing of your data for other uses outside your GP Practice. This is called a Type 1 opt out and you should request this directly to us, your GP practice. This will be applied not only to this programme but to any others we take part in.
• By submitting a national Data Opt-out (see below)

Processors of personal data

In order to deliver the best possible service, the Practice contracts Processors to process personal data, including patient data on our behalf.

When we use a Processor to process personal data we will always have an appropriate legal agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by a Processor include:

• Companies that provide IT services & support, including our core clinical systems; systems which manage patient-facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services and document management services.
• Delivery services (for example if we were to arrange for delivery of any medicines to you).
• Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

Payment providers (if, for example, you were paying for a prescription or a service such as travel vaccinations).

Use of AI scribe in patient consultations

Our practices are committed to delivering the best possible care to our patients. To enhance the quality and efficiency of our consultations, clinicians (your GP or a member of the multidisciplinary team within your practice) may use an artificial intelligence (AI) enabled scribe software during your appointment. The AI scribe is specifically designed to be used in a clinical setting and will convert your conversation with your clinician into text to generate a comprehensive note from your consultation.

An AI scribe transcribes audio from a patient contact or free-dictation and uses AI to summarise them into structured form for medical notes, including any relevant coding. Clinicians can instantly modify notes and generate other documents, save these notes to the patient record and share documents with patients and other services. Clinicians will always review the generated notes for errors before saving it to your medical records.

Whilst the use of an AI scribe is designed to improve patient care, your privacy is important to us. The AI scribe only processes information discussed during your appointment and operates within strict data protection and security controls. Before using the scribe, your clinician will inform you that they are planning to use this tool. You have the option to decline its use at any time during your appointment, you just need to let your clinician know.

We are currently using Accrux Scribe powered by Tandem. More information about the software can be found on the Accrux website at: Accurx for patients.

Your Rights as a Data Subject

You have a right under the Data Protection Act 2018 to request access to view or to obtain a copy of what information the Practice holds about you and to have it modified should it be inaccurate. The process to access your records is known as a Subject Assess Request (SAR) and the way it works is outlined below:

• You can submit a request for your information either in person, over the phone, or electronically, by yourself or through your proxy (such as a law firm or a relative). You do not need to mention, “Subject Access Request”, “GDPR” or any other legal terms. Our staff are trained to recognise a SAR upon receipt.
• You will need to provide adequate proof of your identity before we can release the requested details, typically a passport or driving license. If you are using a proxy such as a legal firm or a relative to make a request on your behalf, you must provide them with a signed consent form, specifying exactly which information you wish for us to disclose to them.
• The request will be reviewed and completed within a maximum of one calendar month after verifying any necessary ID and other documents, as required by the GDPR, unless the SAR is complicated, in which case we may extend the deadline.
• The latest regulations state that we cannot charge you to have a copy of your information unless the request is manifestly unfounded or excessive.

In addition to the right of access, under the Data Protection Act 2018, you will also have the following rights:

• Rectification – you have the right to have any errors or mistakes in your records corrected. Please speak to a member of staff if you wish to do this.
• Objection – you have the right to object to information being shared between parties for your own, direct care. Please speak to the Practice if you wish to object, however note that this may affect the care you receive. You are not able to object to:
  • your name, address and other demographic information being sent to NHS Digital. This is necessary if you wish to be registered to receive NHS care.
  • You are not able to object when information is legitimately shared for safeguarding reasons (as described earlier) as it is a legal and professional requirement to share information for safeguarding reasons in appropriate circumstances to protect people from harm.
• Withdrawal of consent – If you have provided us with your consent to process your data for the purpose of providing our services, you have the right to withdraw this at any time. In order to do this should contact us by emailing or writing to the Practice.
• Erasure – We are required to follow strict data retention guidelines (see below) and so are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Retention of your data

GP medical records will be kept in line with our retention policy, the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016.

National Data Opt-Out

The National Data Opt-Out gives you the choice to stop your health and care information from being used for purposes beyond individual care, such as for research or planning, where such processing requires Section 251 approval under the NHS Act 2006. This does not affect:

• Your care or treatment,
• The sharing of your information for direct care or other essential services, and
• Data used anonymously for research or planning

In line with NHS policy, our practice complies with the National Data Opt-Out scheme, and you can choose to opt-out at any time.

If you choose to opt out, your confidential patient information will no longer be used for purposes beyond your individual care. Your choice is respected by all organizations within the health and care system in England.

You can view or change your data-sharing preference at any time by visiting the official NHS website at www.nhs.uk/your-nhs-data-matters, by calling the NHS helpline on 0300 303 5678, or by contact our Practice.

For further details about the National Data Opt-Out, please visit the NHS Digital website.

Cookies

This website makes use of cookies to optimise user experience. By using our website, you consent to all cookies in accordance with our Cookie Policy.

Website Privacy

We are committed to protecting your privacy. You can access our website without giving us any information about yourself. But sometimes we do need information to provide services that you request, and this statement of privacy explains data collection and use in those situations.

In general, you can visit our website without telling us who you are and without revealing any information about yourself. However, there may be occasions when you choose to give us personal information, for example, when you choose to contact us or request information from us. We will ask you when we need information that personally identifies you or allows us to contact you.

We collect the personal data that you may volunteer while using our services. We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not collect or use personal data for any purpose other than that indicated below:

• To send you confirmation of requests that you have made to us
• To send you information when you request it

We intend to protect the quality and integrity of your personally identifiable information and we have implemented appropriate technical and organisational measures to do so. We ensure that your personal data will not be disclosed to State institutions and authorities except if required by law or other regulation.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we don’t have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.

Notification

The Data Protection Act 2018 requires organisations that control data to register with the Information Commissioners Office (ICO) website

Our Practice is registered with the ICO as a Data Controller under the Data Protection Act 1998.

Complaints

By law, we are required to appoint an independent Data Protection Office (DPO) to advise us on our data protection practices and obligations, in order to make sure we are complying with the law. Our DPO is:

• Name: Radha Muthuswamy
• Email: muthuswamy@nhs.net

Should you have any concerns about how your information is managed by the Practice, you can raise a complaint according to our complaints procedure.

If you are still unhappy following a review by the Practice you can then complain to the Information Commissioners Office (ICO) website via their website, or in writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

If you are happy for your data to be extracted and used for the purposes described in this Privacy Notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact us.