We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way and we review this regularly.
Please read this privacy notice (‘Privacy Notice’) carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.
1. Why We Are Providing This Privacy Notice
We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store and hold about you. If you are unclear about how we do this, if you have any questions about this Privacy Notice or if you have any other issue regarding your personal and healthcare information, please contact Ms Liz Webb.
The Law says:
A. We must let you know why we collect personal and healthcare information about you.
B. We must let you know how we use any personal and/or healthcare information we hold on you.
C. We need to inform you about what we do with it.
D. We need to tell you about who we share it with or pass it on to and why.
E. We need to let you know how long we can keep it for.
2. The Data Protection Officer
The Data Protection Officer for the Surgery is:
Herts Valleys CCG
01442 898 888
• You have any questions about how your information is being held.
• If you require access to your information or if you wish to make a change to your information.
• If you wish to make a complaint about anything to do with the personal and healthcare information we hold about you.
• If you have any other query relating to this Policy and your rights as a patient.
3. About Us
We, at Manor View Practice (‘The Practice’) situated at Bushey Medical Centre, London Road, WD23 2NN, & Manor View at Callowland Surgery, WD24 5DG, are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient.
There may be times when we also process your information. That means we use it for a particular purpose. The purposes for which we use your information are set out in this Privacy Notice.
4. Information We Collect From You
The information we collect from you will include:
A. Your contact details (such as your name and email address, including place of work and work contact details).
B. Details and contact numbers of your next of kin.
C. Your age range, gender, ethnicity.
D. Details in relation to your medical history.
E. The reason for your visit to The Practice.
F. Medical notes which include details of diagnosis and consultations with our GPs and other health professionals within the Surgery involved in your direct healthcare.
G. Patient feedback surveys, for example, The Friends and Family Test (FFT). Further information can be found here.
5. Information About You We Collect From Others
We also collect personal information about you when it is sent to us from the following:
A. A hospital, a consultant or any other medical or healthcare professional, or any other person involved with your general healthcare.
B. Relevant information from relatives or those who care for you.
C. The police.
D. The home office.
F. Insurance companies.
6. Identifying Risk Of Suffering A Particular Condition
The NHS is increasingly collecting patient’s medical details to help identify your risk of suffering a particular condition, to help avoid emergency hospital admissions or when to provide preventative measures. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. That information – in an anonymous form – is checked through specialist software which sends the results back to your GP (who alone will be able to identify you). This procedure known as “Risk stratification” enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services. Please note that you have the right to opt out of your data being used in this way.
Population health management and Risk Stratification carried out by the Clinical Commissioning Group Herts Valleys CCG (HVCCG)
What this means for you: informing patients – Practice obligations
The Practice is required under data protection law to ensure that patients are aware of how their data is used. This Programme involves new processing of data and Practices are advised to update their Privacy Notice materials and use whatever other means you have to inform patients about it e.g. through patient participation groups, newsletters etc.
The Programme offers patients the opportunity to opt-out of their data being included in the Programme, even though the analysis is done using de-identified data. It is important that patients are made aware of this too.
HVCCG extracts medical information about you for population health management and risk stratification purposes, the information we pass to them via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify (it is pseudo- anonymised). This therefore protects you from anyone who may have access to this information at the Clinical Commissioning Group from ever identifying you as a result of seeing the medical information and we will never give them the information that would enable them to do this.
There are good reasons why the Clinical Commissioning Group may require this pseudo-anonymised information, these are as follows:
• To assist in analysing current health services and proposals for developing future services.
• To develop risk stratification models to help GP’s to identify and support patients with long term conditions and to help to prevent un-planned hospital admissions or reduce the risk of certain diseases developing, such as diabetes.
• Using risk stratification to help the CCG to understand the health needs of the local population in order to plan and commission the right services.
NHS Arden and Greater East Midlands Commissioning Support Unit (AGEM) are commissioned by the CCG to carry out this process. The risk stratification tool that AGEM use for this process is called Gemima.
What if I do not want information about me to be included (opt out)?
If you do not wish your data to be included in this process (even though it is in a format which does not directly identify you) you can choose to opt-out. In this case, please inform the Receptionist who will apply an opt-out code to your record to ensure that your information is not included.
7. Medicine Management
The Practice may conduct Medicines Management Reviews of patients’ prescription medications to ensure patients receive the most appropriate, up to date and cost effective treatments. This service may be provided by Pharmacists and Technicians employed by Herts Valleys CCG (http://hertsvalleysccg.nhs.uk/about-us), or by outside providers contracted by The Practice (for example via Interface Clinical Services (www.interface-cs.co.uk/). They are bound by the same confidentiality rules as our staff are.
8. Your Summary Care Record
Your summary care record is an electronic record of your healthcare history (and other relevant personal information) held on a national healthcare records database provided and facilitated by NHS England.
This record may be shared with other healthcare professionals and additions to this record may also be made by relevant healthcare professionals and organisations involved in your direct healthcare.
You may have the right to demand that this record is not shared with anyone who is not involved in the provision of your direct healthcare. If you wish to enquire further as to your rights in respect of not sharing information on this record then please contact Liz Webb or Daniel Saull.
To find out more about the wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, please visit www.nhs.uk/my- data-choice.
Note, if you do choose to opt out you can still consent to your data being used for specific purposes. If you are happy with this use of information you do not need to do anything. You may however change your choice at any time.
Please see Supplementary privacy note on Covid-19 for Patients/Service Users
9. Who We May Provide Your Personal Information To, And Why
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected to help ensure you get the best possible care and treatment. This information may be passed to other approved organisations where there is a legal basis, to help with planning services, improving care, research into developing new treatments and preventing illness. All of this helps in proving better care to you and your family and future generations. However, as explained in this privacy notice, confidential information about your health and care is only used in this way where allowed by law and would never be used for any other purpose without your clear and explicit consent.
We may pass your personal information on to the following people or organisations, because these organisations may require these details to assist them in the provision of your direct healthcare needs.
These would include:
A. Hospital professionals (such as doctors, consultants, nurses, etc).
B. Other GPs/Doctors.
D. Nurses and other healthcare professionals.
F. Any other person that is involved in providing services related to your general healthcare, including mental health professionals.
10. Other People To Whom We Provide Your Information
B. Clinical Commissioning Groups.
C. Local authorities.
D. Community health services.
E. For the purposes of complying with the law e.g. Police, Solicitors, Insurance Companies.
F. Anyone you have given your consent to, to view or receive your record, or part of your record. Please note, however, if you give another person or organisation consent to access your record we will need to contact you to verify your consent before we release that record. It is important that you are clear and understand which details you are consenting to be disclosed.
Primary Care Network
We are a member of Manor View Practice Pathfinder Primary Care Network (PCN). This means we will be working closely with a number of other Practices and health and care organisations to provide healthcare services to you.
Extended Access – we provide extended access services to our patients which means you can access medical services outside of our normal working hours. In order to provide you with this service, we have formal arrangements in place with the Clinical Commissioning Group and with other practices whereby certain key “hub” practices offer appointments on our behalf. This means, those key “hub” practices will have to have access to your medical record (if an appointment is booked at a hub practice). Please note to ensure that those practices comply with the law and to protect the use of your information, we have very robust data sharing agreements and other clear arrangements in place so your data is always protected and used for those purposes only.
The key Hub practices are as follows:
Baldwins Lane, The Elms, Holywell
Suthergrey, Upton, Callowland, Cassio, Health Inclusion Matters Garston, Tudor, Vine House, Sheepcot, Abbotswood
South Oxhey, Consulting Rooms, Attenborough Chorleywood, New Road, Gade
Data Extraction by the Clinical Commissioning Group (CCG)
The Clinical Commissioning Group at times extracts medical information about you, but the information we pass to them via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify. This therefore protects you from anyone who may have access to this information at the Clinical Commissioning Group from ever identifying you as a result of seeing the medical information and we will never give them the information that would enable them to do this.
There are good reasons why the Clinical commissioning Group may require this information, these are as follows:
• To ensure practices are adhering to local and national guidelines;
• To promote good medical care.
General Practice Transparency Notice for GPES Data for Pandemic Planning and Research (COVID-19)
This practice is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital.
The health and social care system is facing significant pressures due to the coronavirus (COVID-19) outbreak. Health and care information is essential to deliver care to individuals, to support health, social care and other public services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the coronavirus outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations. This practice is supporting vital coronavirus planning and research by sharing your data with NHS Digital, the national safe haven for health and social care data in England.
Our legal basis for sharing data with NHS Digital
NHS Digital has been legally directed to collect and analyse patient data from all GP practices in England to support the coronavirus response for the duration of the outbreak. NHS Digital will become the controller under the General Data Protection Regulation 2016 (GDPR) of the personal data collected and analysed jointly with the Secretary of State for Health and Social Care, who has directed NHS Digital to collect and analyse this data under the COVID-19 Public Health Directions 2020 (COVID-19 Direction).
All GP practices in England are legally required to share data with NHS Digital for this purpose under the Health and Social Care Act 2012 (2012 Act). More information about this requirement is contained in the data provision notice issued by NHS Digital to GP practices.
Under GDPR our legal basis for sharing this personal data with NHS Digital is Article 6(1)(c) – legal obligation. Our legal basis for sharing personal data relating to health, is Article 9(2)(g) – substantial public interest, for the purposes of NHS Digital exercising its statutory functions under the COVID-19 Direction.
The type of personal data we are sharing with NHS Digital
The data being shared with NHS Digital will include information about patients who are currently registered with a GP practice or who have a date of death on or after 1 November 2019 whose record contains coded information relevant to coronavirus planning and research. The data contains NHS Number, postcode, address, surname, forename, sex, ethnicity, date of birth and date of death for those patients. It will also include coded health data which is held in your GP record such as details of:
- diagnoses and findings
- medications and other prescribed items
- investigations, tests and results
- treatments and outcomes
- vaccinations and immunisations
How NHS Digital will use and share your data
NHS Digital will analyse the data they collect and securely and lawfully share data with other appropriate organisations, including health and care organisations, bodies engaged in disease surveillance and research organisations for coronavirus response purposes only. These purposes include protecting public health, planning and providing health, social care and public services, identifying coronavirus trends and risks to public health, monitoring and managing the outbreak and carrying out of vital coronavirus research and clinical trials. The British Medical Association, the Royal College of General Practitioners and the National Data Guardian are all supportive of this initiative.
NHS Digital has various legal powers to share data for purposes relating to the coronavirus response. It is also required to share data in certain circumstances set out in the COVID-19 Direction and to share confidential patient information to support the response under a legal notice issued to it by the Secretary of State under the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations).
Legal notices under the COPI Regulations have also been issued to other health and social care organisations requiring those organisations to process and share confidential patient information to respond to the coronavirus outbreak. Any information used or shared during the outbreak under these legal notices or the COPI Regulations will be limited to the period of the outbreak unless there is another legal basis for organisations to continue to use the information.
Data which is shared by NHS Digital will be subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of data necessary to achieve the coronavirus purpose will be shared. Organisations using your data will also need to have a clear legal basis to do so and will enter into a data sharing agreement with NHS Digital. Information about the data that NHS Digital shares, including who with and for what purpose will be published in the NHS Digital data release register.
For more information about how NHS Digital will use your data please see the NHS Digital Transparency Notice for GP Data for Pandemic Planning and Research (COVID-19).
National Data Opt-Out
The application of the National Data Opt-Out to information shared by NHS Digital will be considered on a case by case basis and may or may not apply depending on the specific purposes for which the data is to be used. This is because during this period of emergency, the National Data Opt-Out will not generally apply where data is used to support the coronavirus outbreak, due to the public interest and legal requirements to share information.
Your rights over your personal data
To read more about the health and care information NHS Digital collects, its legal basis for collecting this information and what choices and rights you have in relation to the processing by NHS Digital of your personal data, see:
11. Who Are Our Partner Software Suppliers/Businesses?
Can employees of the organisation access patient information?
Clinical system holds patient demographic and medical information – remote server
The practice keeps your health record in an electronic patient record called EMIS Health which links to your summary care record, this record is stored in a safe and secure manner in a third parties data centre which acts on the instructions of EMIS. The data centre is owned and operated by Amazon Web Services which has been approved by NHS Digital.
https://supportcentre.emishealth.com/emis-group-and-the-gdpr-general-data-protection-regulation/ (only accessible with a log in so information can be requested from the practice)
Telephone system – call recording onto a server located within the practice
Horizon is cloud-based. All the recordings are downloaded weekly to the practice server. Support staff from Chiltern are able to dial in remotely with the consent of our staff for problem solving.
SMS and smart messaging system between the practice and patients.
Patient’s emis (clinical system) numbers are uploaded to MJog website. The website has an encrypted link to the patient database which is interrogated for the patient’s name and mobile number.
MJog employees would only have access to this identifiable information when troubleshooting – they will sometimes dial in to an HEMC staff member’s PC with the consent of the member of staff to fix a problem.
iGPR is a software tool that assists us with creating insurance reports.
iGPR staff have no access to patient information as it is fully encrypted whilst being transmitted to the insurer.
Clinical software which holds patient letters and documents.
Docman support staff can remotely dial in with the consent of our staff for problem solving.
Docmail is an external printing and mailing agency which we use to send larges batches of letters.
Docmail staff can dial in remotely with the consent of our staff for problem solving.
The practice’s primary general IT support provider.
Healthcare Computing support staff are able to remotely dial in with the consent of our staff for problem solving.
Dictation software which clinical staff use to dictate letters for the secretaries to type.
Lexacom support staff are able to dial in remotely with the consent of our staff for problem solving.
MDU / MPS / MDDUS
We may send by email or discuss by phone identifiable information if the organisation is supporting a GP in a patient complaint or litigation. Information will be redacted where possible.
Numed provides software and support for our Spirometer, 12hr BP machine.
Numed support staff can remotely dial in with the consent of our staff for problem solving.
(Diabetic eye screening program me)
Manage recall and screening of diabetic patients for diabetic retinopathy
The Diabetic Eye Screening Programme is commissioned by NHS England. West Herts Diabetic Eye Screening Programme support invitation for eye screening and ongoing care. This data may be shared with any Hospital Eye Services a patient is under the care of to support further treatment and with other healthcare professionals involved in patient care.
12. Anonymised Information
Sometimes we may provide information about you in an anonymised form. If we do so, then none of the information we provide to any other party will identify you as an individual and cannot be traced back to you.
13. Your Rights As A Patient
The Law gives you certain rights to your personal and healthcare information that we hold, as set out below:
A. Access and Subject Access Requests
You have the right to see what information we hold about you and to request a copy of this information.
If you would like a copy of the information we hold about you please contact (01923) 247446. We will provide this information free of charge however, we may in some limited and exceptional circumstances have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive.
We have one month to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing and it is made clear to us what and how much information you require.
B. Online Access
You may ask us if you wish to have online access to your medical record. However, there will be certain protocols that we have to follow in order to give you online access, including written consent and verification process to prove your identity.
Please note that when we give you online access, the responsibility is yours to make sure that you keep your information safe and secure if you do not wish any third party to gain access.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct any information you think is inaccurate. It is very important that you make sure you tell us if
your contact details including your mobile phone number has changed.
You have the right to ask for your information to be removed however, if we require this information to assist us in providing you with appropriate medical services and diagnosis for your healthcare, then removal may not be possible.
We cannot share your information with anyone else for a purpose that is not directly related to your health, e.g. medical research, educational purposes, etc. We would ask you for your consent in order to do this however, you have the right to request that your personal and healthcare information is not shared by the Surgery in this way. Please note the Anonymised Information section in this Privacy Notice.
You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form), to another organisation, but we will require your clear consent to be able to do this.
14. Third Parties Mentioned On Your Medical Record
Sometimes we record information about third parties mentioned by you to us during any consultation. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including yourself. Third parties can include: spouses, partners, and other family members.
15. How We Use The Information About You
We use your personal and healthcare information in the following ways:
- when we need to speak to, or contact other doctors, consultants, nurses or any other medical/healthcare professional or organisation during the course of your diagnosis or treatment or on going healthcare.
- when we are required by Law to hand over your information to any other organisation, such as the police, by court order, solicitors, or immigration enforcement. We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:
- where there is a serious risk of harm or abuse to you or other people.
- where a serious crime, such as assault, is being investigated or where it could be prevented.
- notification of new births.
- where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS).
- where a formal court order has been issued.
- where there is a legal requirement, for example if you had committed a Road Traffic Offence.
16. Legal Justification For Collecting And Using Your Information
The Law says we need a legal basis to handle your personal and healthcare information.
CONTRACT: We have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public.
CONSENT: Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs.
Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us.
NECESSARY CARE: Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent.
LAW: Sometimes the Law obliges us to provide your information to an organisation (see above).
17. Special Categories
The Law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows:
PUBLIC INTEREST: Where we may need to handle your personal information when it is considered to be in the public interest. For example, when there is an outbreak of a specific disease and we need to contact you for treatment, or we need to pass your information to relevant organisations to ensure you receive advice and/or treatment.
CONSENT: When you have given us consent.
VITAL INTEREST: If you are incapable of giving consent and we have to use your information to protect your vital interests (e.g. if you have had an accident and you need emergency treatment).
DEFENDING A CLAIM: If we need your information to defend a legal claim against us by you, or by another party.
PROVIDING YOU WITH MEDICAL CARE: Where we need your information to provide you with medical and healthcare services
18. How Long We Keep Your Personal Information
We carefully consider any personal information that we store about you, and we will not keep your information for longer than is necessary for the purposes as set out in this Privacy Notice.
19. Under 16s
There is a separate privacy notice for patients under the age of 16, a copy of which may be obtained on request.
20. Patient Participation Group (PPG)
Contact information that you have provided to the PPG is held by them. This will only be used for PPG purposes. If you want your details removed, please contact them directly on firstname.lastname@example.org
21. If English Is Not Your First Language
If English is not your first language you can request a translation of this Privacy Notice. Please contact Ms Liz Webb on (01923) 247446.
Alternatively please use the translation tool at the top right corner of the web page.
If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal and/or healthcare information, then please contact Ms Liz Webb, or Mr Daniel Saull Operations Manager on (01923) 247446.
You can also use the complaints form on our website.
However, you have a right to raise any concern or complaint with the UK information regulator, at the Information Commissioner’s Office: https://ico.org.uk/.
23. Our Website
The only website this Privacy Notice applies to is the Surgery’s website. If you use a link to any other website from the Surgery’s website then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.
If you also have requested and access to online services, please see the cookies policy for the service provider you utilise:
Patient Access (patient.emisaccess.co.uk/content/cookies)
Evergreen Life (https://www.evergreen-life.co.uk/cookie-policy)
Online Consult (https://www.egton.net/privacy-policy/)
The only website this Privacy Notice applies to is the Surgery’s website. If you use a link to any other website from the Surgery’s website then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.
26. Text Messaging And Contacting You
Because we are obliged to protect any confidential information we hold about you and we take this very seriously, it is imperative that you let us know immediately if you change any of your contact details.
We may contact you using SMS texting to your mobile phone in the event that we need to notify you about appointments and other services that we provide to you involving your direct care, therefore you must ensure that we have your up to date details. This is to ensure we are sure we are actually contacting you and not another person.
27. Where To Find Our Privacy Notice
You may find a copy of this Privacy Notice in the Surgery’s reception, on our website, or a copy may be provided on request.
28. Changes To Our Privacy Notice
We regularly review and update our Privacy Notice. This Privacy Notice was last updated in January 2020
Supplementary privacy note on Covid-19 for Patients/Service Users
Covid-19 and your information – Updated on 8th April 2020
This notice describes how we may use your information to protect you and others during the Covid19 outbreak. It supplements our main Privacy Notice which is available on our Practice Website https://manorviewpractice.co.uk/ or a copy can be made available by asking at reception.
The health and social care system is facing significant pressures due to the Covid-19 outbreak.
Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected.
Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency we may offer you a consultation via telephone or videoconferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.
CORONAVIRUS (COVID-19) PANDEMIC AND YOUR INFORMATION Updated 09/10/20
Coronavirus (COVID-19) pandemic and your information
The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the COVID-19 pandemic.
The ICO also recognise that ‘Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.’
The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a notice under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 requiring organisations such as GP Practices to use your information to help GP Practices and other healthcare organisations to respond to and deal with the COVID-19 pandemic.
Please note that this notice has now been revised and extended by a further notice from 29th July 2020 until 31st March 2021.
In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the COVID-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease. Additionally, the use of your information is now required to support NHS Test and Trace.
Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs.
The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 31st March 2021 unless a further extension is required. Any further extension will be will be provided in writing and we will communicate the same to you.
Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.
It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice.