Medical records, computers and data
We have used a computer for every consultation since 1987 and for many years have relied only on the computer and not paper for recording your medical information. We do retain your old paper records for historical reference.
Your computer record and confidentiality
We are registered under the Data Protection Act 2018 and are GDPR Compliant. Your medical records are held on EMIS Web, probably the most widely used GP system, which is a hosted on the secure NHS N3 network and protected to the highest standards. All incoming paper correspondence is scanned into your record and the original shredded and increasingly much is coming electronically directly into your record, particularly all pathology test results, discharge summaries and outpatient letters from hospitals and out of hours contact information and we are linked electronically to NHS England for administrative purposes. GP practices are also connected to the National Data Spine where your registration details are held and the parts of your record uploaded to form a Summary Care Record (unless you opted out) - see below.
Nobody outside the practice has access to any of your identifiable data without your consent and within the practice all our staff are trained to respect the rules of confidentiality. Nobody has the right to view your record except on a 'need to know' basis, for instance if inputting data or answering a query from the patient. Any breach of our strict data rules would result in dismissal and possibly further action. Any computer engineers or outside health professionals requiring access to the records sign a security agreement before they are allowed access.
Everyone looking at your record, whether on paper or computer, must keep the information confidential. We will aim to share only as much information as people need to know to play their part in your healthcare. When we provide health care, we will share your record with the people providing and supporting your care or checking its quality (unless you have asked that we limit how we share your record).
We will not share health information that identifies you for any reason other than providing your direct care, unless:
•You ask us to do so;
•We ask and you give us specific permission;
•We have to do so by law;
•We have special permission for health or research purposes;
•We have special permission because the public good is thought to be of greater importance than your confidentiality.
Dr Selwyn acts as the GP responsible for ensuring data security and probity at this practice (Caldicott Lead) and Ms Amanda Ure, the Practice Manager is Senior Information Risk Owner (SIRO), ensuring all our systems and procedures are data-safe.
Your personal data and the NHS
Your confidential patient information is used in two different ways in the NHS:
•Your individual care
Health and care professionals may use your confidential patient information to help with your treatment and care. For example, when you visit your GP, they may access your records for important information about your health.
•Research and planning
Confidential patient information is also used to: plan and improve health and care services, research and develop cures for serious illnesses
If you don’t want your confidential patient information to be used for research and planning, you can opt out of this (see below). Your confidential patient information will still be used to support your individual care. Any choice you set using this service will not change this.
Click here for full details on health records in the NHS.
We provide data in an anonymised form to the Clinical Practice Research Database, part of the Medicines & Healthcare products Regulatory Agency (MHRA) at the Department of Health. The CPRD is a highly respected and ethically approved organisation has provided data for a great many important published medical studies in this and other countries over the past few years - you may well have heard some of the results in the national press. None of this data can be identified in any way with any individual and we have strict controls to check this.
Similarly we provide non-identifiable data to QResearch, a medical research organisation now based at the University of Oxford, which has produced invaluable research about risk and provided many useful clinical risk assessment tools for GPs based on the evidence analysed from 30 million patients' records in general practice.
Your care may have been improved though knowledge obtained from these two bodies.
Access to Medical Records (Subject Access Requests)
We receive many requests for releasing specific parts or all of your medical records or preparing reports for insurance companies, solicitors or other outside agencies. We can only ever release such information with your written consent and we have strict procedures. You may be asked to sign additional practice consent if we are unsure about whether you have been fully informed before giving your content.
You - or a nominated representative - have the right to view or receive copies your medical records, in most cases without a fee (though if the request is excessive we may inform you of a charge). This is called a Subject Access Request (SAR). Though we have up to one month to provide the information, we try to do it more quickly, normally within 21 days. You may request this verbally though we prefer in writing or by email. We have a request form which, though not a requirement, helps us to understand what information you are looking for. Often it does not require the time-consuming copying and printing of all of your records. Also don't forget you may view your more recent medical records online using Patient Access.
A more detailed copy is available here for viewing and printing.
We also have a basic version written for younger people (which is also easier to understand for everyone!).
How we use your information
A Privacy Notice explains why the GP Practice collects information about you, what his collected and how that information may be used.
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which this GP Practice may hold about you may include the following information:
• Details about you, such as address, contact details and next of kin
• Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, phone calls, correspondence by any media etc.
• Notes and reports about your health
• Details about your treatment and care
• Results of investigations, such as laboratory tests, x-rays, etc.
• Relevant information from other health professionals, relatives or those who care for you
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – the surgery will always endeavour to gain your consent before releasing the information (unless it is de-indentified).
Patient Segmentation and Risk stratification tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information using software managed by the Brent CCG as the data processor and is only provided back to your GP or member of your care team as data controller in an identifiable form. Patient Segmentation and Risk stratification enables your GP to focus on the preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services.
Please note that you have the right to opt out.
Should you have any concerns about how your information is managed at the surgery please contact the Practice Manager to discuss how the disclosure of your personal information can be limited.
Further information on Fair Processing of data within the NHS can be obtained here
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 2018 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation has a legal duty to keep it confidential.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
• NHS Trusts (hospitals, clinics, community services)
• Specialist Trusts
• Independent Contractors such as dentists, opticians, pharmacists
• Private Sector Providers
• Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups
• Social Care Services
• Local Authorities
• Education Services
• Fire and Rescue Services
• Other ‘data processors’
Access to personal information ('Subject Access Request')
You have a right under the Data Protection Act 2018 to access/view what information the surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:
• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.
If you would like to make a ‘subject access request’ please request from a staff member. We have a request form to help decide what you need (though it is not a requirement)
If you would like further information about how we use your information, or if you do not want us to use your information in this way, please contact the Practice Manager.
Your right to withdraw consent
At any time you have the right to refuse/ withdraw consent to information sharing. There are various levels of consent/ dissent.
The possible consequences will be fully explained to you and could include delays in receiving care.
If you have any questions or concerns regarding the information we hold on you or the use of your information, please contact us at the practice.
For independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Phone: 08456 30 60 60 or 01625 54 57 45 Fax: 01625 524 510 Website: www.ico.gov.uk
National Summary Care Record
Everyone registered with a GP in England has a Summary Care Record - an electronic record uploaded to the secure National Data Spine which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had. Having this information stored in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed. Only those with the required security level can access your record and even then, only when it is absolutely necessary. Security and confidentiality is treated very seriously.
There is also the ability, with your expressed consent, to 'enrich' the Summary Care Record with additional information to contain significant medical history (past and present), reason for medication, anticipatory care information (such as information about the management of long term conditions) , end of life care information (from the SCCI1580 national dataset) and immunisations. This might be especially useful for frail people who may need special care from many people, end of life care, patients with long term conditions, those with special needs, people with dementia and so on.
Under NHS protocols, you have consented to upload your basic Summary Care Record but you can withdraw your consent at any time by letting us know in person or in writing and at registration all new patients are given that option. See below.
NHS Data Opt-out
The NHS Opt-out programme explains that unless you have chosen to opt out, your confidential patient information can be used for research and planning. This online service allows you to make or change your decision at any time. You can also download a form to manage a choice on behalf of another individual by proxy. For example, if you are a parent or guardian of a child under the age of 13.
If you choose to opt out, your data may still be used during some specific situations, for example, during an epidemic where there might be a risk to other people’s health. Other situations are detailed here.
You can manage your options online .