Medical records, computers and data
We have used a computer for every consultation since 1987 and for many years have relied only on the computer and not paper for recording your medical information. We do retain your old paper records for historical reference.
Your computer record and confidentiality
We are registered under the Data Protection Act 2018 and are GDPR Compliant. Your medical records are held on EMIS Web, probably the most widely used GP system, which is a hosted on the secure NHS N3 network and protected to the highest standards. All incoming correspondence is scanned into your record and the paper shredded and increasingly much is coming electronically directly into your record, particularly all pathology test results, discharge summaries and some outpatient letters from the local hospital and out of hours contact information and we are linked electronically to NHS England for administrative purposes. GP practices are also connected to the National Data Spine where your registration details are held and the parts of your record uploaded to form a Summary Care Record (unless you opted out) - see below.
Nobody outside the practice has access to any of your identifiable data without your consent and within the practice all our staff are trained to respect the rules of confidentiality. Nobody has the right to view your record except on a 'need to know' basis, for instance if inputting data or answering a query from the patient. Any breach of our strict data rules would result in dismissal and possibly further action. Any computer engineers or outside health professionals requiring access to the records sign a security agreement before they are allowed access.
Everyone looking at your record, whether on paper or computer, must keep the information confidential. We will aim to share only as much information as people need to know to play their part in your healthcare. When we provide health care, we will share your record with the people providing and supporting your care or checking its quality (unless you have asked that we limit how we share your record).
We will not share health information that identifies you for any reason other than providing your direct care, unless:
•You ask us to do so;
•We ask and you give us specific permission;
•We have to do so by law;
•We have special permission for health or research purposes;
•We have special permission because the public good is thought to be of greater importance than your confidentiality.
Dr Selwyn acts as the GP responsible for ensuring data security and probity at this practice (Caldicott Guardian).
We do provide data in a completely anonymised form to the Clinical Practice Research Database, part of the Medicines & Healthcare products Regulatory Agency (MHRA) at the Department of Health. The CPRD is a highly respected and ethically approved organisation has provided data for a great many important published medical studies in this and other countries over the past few years - you may well have heard some of the results in the national press. None of this data can be identified in any way with any individual and we have strict controls to check this.
Access to Medical Records
We receive many requests for releasing specific parts or all of your medical records or preparing reports for insurance companies, solicitors or other outside agencies. We can only ever release such information with your written consent and we have strict procedures. You may be asked to sign additional practice consent if we are unsure about whether you have been fully informed before giving your content.
You - or a nominated representative- have the right to view or receive copies your medical records, in most cases without a fee (though if the request is excessive we may inform you of a charge). Though we have up to one month to provide the information, we usually try to do it much quicker, normally within 21 days. You may request this verbally though we prefer in writing or by email.
A copy is available here for viewing and printing
Fair Processing Notice
How we use your information
This privacy notice explains why the GP Practice collects information about you, and how that information may be used.
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which this GP Practice may hold about you may include the following information;
• Details about you, such as address and next of kin
• Any contact the surgery has had with you, such as appointments, clinic visits,emergency appointments, etc.
• Notes and reports about your health
• Details about your treatment and care
• Results of investigations, such as laboratory tests, x-rays, etc.
• Relevant information from other health professionals, relatives or those who care for you
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – the surgery will always endeavour to gain your consent before releasing the information.
Patient Segmentation and Risk stratification tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information using software managed by the Brent CCG as the data processor and is only provided back to your GP or member of your care team as data controller in an identifiable form. Patient Segmentation and Risk stratification enables your GP to focus on the preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services.
Please note that you have the right to opt out.
Should you have any concerns about how your information is managed at the surgery please contact the Practice Manager to discuss how the disclosure of your personal information can be limited.
Further information on Fair Processing of data within the NHS can be obtained here
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation has a legal duty to keep it confidential.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
• NHS Trusts
• Specialist Trusts
• Independent Contractors such as dentists, opticians, pharmacists
• Private Sector Providers
• Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups
• Social Care Services
• Local Authorities
• Education Services
• Fire and Rescue Services
• Other ‘data processors’
Access to personal information
You have a right under the Data Protection Act 1998 to access/view what information the surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:
• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.
If you would like to make a ‘subject access request’. Please contact the practice manager in writing.
If you would like further information about how we use your information, or if you do not want us to use your information in this way, please contact the Practice Manager.
Your right to withdraw consent
At any time you have the right to refuse/ withdraw consent to information sharing. The possible consequences will be fully explained to you and could include delays in receiving care.
If you have any questions or concerns regarding the information we hold on you or the use of your information, please contact us at the practice.
For independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Phone: 08456 30 60 60 or 01625 54 57 45 Fax: 01625 524 510 Website: www.ico.gov.uk
National Summary Care Record
A Summary Care Record is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had. Having this information stored in one place - on the secure NHS Data Spine - makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed. Only those with the required security level can access your record and even then, only when it is absolutely necessary. Security naiad confidentiality is treated very seriously.
Currently the only information it contains relates to your registration details, current regular medications and allergies, though the intention is to expand this to include the whole of your medical record. For more information here is a Patient Leaflet . There is a dedicated website to explain things in greater detail.
You are presumed, under NHS protocols, to have consented to upload your details but you can at any time withdraw your consent by letting us know in person or in writing and at registration all new patients are given that option.
NHS Care.data [Currently on hold]
This introduces a system to extract all your data held in our records to the HSCIC (Health & Social Care Information Centre). It will hold the data securely and link it to other data-sets such as from hospitals and it will release data to other authorised organisations in either anonymised or psuedonymised forms for research or other purposes.
It has the potential to provide a great deal of rich information to further medical research and assist in healthcare planning. But there are concerns about the handling and uses of such data when it might be traceable back to individuals.
The start of this scheme has been delayed until [uncertain]. See our blog for more details on this complex and controversial programme.
An opt-out form is available for download here