Providing NHS services header ribbon image
rainbow header 700x200
  • Home
  • >
  • Privacy Policy

Privacy Policy

Prioritising Your Privacy

At our core, we deeply value the trust you place in us to safeguard your personal information. Protecting your privacy is a paramount responsibility that we embrace wholeheartedly. We have implemented robust measures to ensure your data is handled with the utmost care and security, undergoing regular reviews to maintain the highest standards.

Please read this privacy policy (‘Privacy Policy’) carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.

1. Transparent Communication: Your Privacy Matters

We are committed to providing you with this Privacy Notice in accordance with legal requirements. Its purpose is to clearly outline how we collect, utilise, and safeguard your personal and healthcare information. Transparency is paramount, and we want you to have a comprehensive understanding of our practices. This notice addresses the following key aspects:

  1. Why We Collect Information: We will explain the reasons behind gathering your personal and healthcare data, ensuring you understand the purpose and necessity of this process.
  2. How We Use Your Information: We will detail the specific ways in which we utilize the personal and healthcare information entrusted to us, ensuring you are fully aware of the intended uses.
  3. Data Handling Procedures: We will outline the measures we take to protect and manage your information, including any instances where it may be shared or disclosed to third parties, and the rationale behind such actions.
  4. Retention Policies: We will inform you about the duration for which we retain your personal and healthcare information, adhering to legal and operational requirements.

If you have any questions, concerns, or require further clarification regarding this Privacy Policy or any aspect of your data privacy, please feel free to reach out to Louise Halahmy at the practice. We are here to address your inquiries and provide you with the assurance you deserve.

2. The Data Protection Officer

The designated Data Protection Officer (DPO) for our practice is:

Tania Palmariellodiviney
Hertfordshire & West Essex ICB
Charter House,
Welwyn Garden City

You can reach out to the DPO team through Manor View Practice at as your primary point of contact for any of the following concerns or inquiries:

  • Questions about how your personal and healthcare information is being handled and safeguarded.
  • Requests to access, review, or modify your information.
  • Filing a complaint or grievance related to the management of your personal and healthcare data.
  • Any other queries or clarifications regarding this Privacy Policy and your rights as a patient.

3. About Us

We, at Manor View Practice, are dedicated to providing exceptional healthcare services to our patients. Our practice locations are conveniently situated at:

  • 121 Theobald Street, Borehamwood, WD6 4PT
  • Bushey Medical Centre, London Road, WD23 2NN
  • South West Herts Health Centre, Oxhey Drive, South Oxhey WD19 7SF
  • 141a Leavesden Road, Watford, WD24 5DG

As your trusted healthcare provider, we are responsible for collecting, storing, and handling your personal and healthcare information when you register with us as a patient.

There may be times when we also process your information. That means we use it for a particular purpose. The purposes for which we use your information are set out in this Privacy Policy.

4. Information We Collect From You

We collect the following types of information from you:

Personal Details

  • Your contact details (name, date of birth, NHS number, gender, phone numbers, email address, place of work, and work contact details)
  • Other personal details (marital status, religion, ethnicity, sexual orientation)
  • Details and contact numbers of your next of kin

Medical Information

  • Details related to your medical history
  • Reason for your visit to the Practice
  • Medical notes, including diagnosis details and consultations with our clinicians and other healthcare professionals involved in your direct care

Feedback Surveys and Forms

  • Responses to patient feedback surveys, such as the Friends and Family Test (FFT). Further information can be found here.

5. Information About You We Collect From Others

In addition to the information you provide directly, we may collect personal and healthcare information about you from the following external sources:

Healthcare Providers

  • Hospitals
  • Consultants
  • Other medical or healthcare professionals involved in your care


  • Relevant information from relatives or those who care for you

Legal and Government Entities

  • Court Orders
  • Police
  • Home Office
  • Solicitors

Insurance Companies

  • Information provided by insurance companies related to your coverage or claims

6. Identifying Risk and Enabling Preventative Care

The NHS is increasingly collecting patient medical details to help identify potential risks of developing particular conditions. This proactive approach aims to avoid emergency hospital admissions and provide timely preventative measures. Information about you is collected from various sources, including NHS Trusts and our GP Practice.

Risk Stratification Process

  1. Your anonymous medical data is analysed through specialised software.
  2. The results are sent back to your GP, who is the only one able to identify you.

This procedure, known as “Risk Stratification,” enables your GP to focus on preventing ill health, rather than solely treating sickness. If necessary, your GP may offer you additional services tailored to your identified risks. Please note that you have the right to opt out of having your data used in this way.

Population Health Management And Risk Stratification

The Hertfordshire and West Essex Integrated Care Board (ICB) carries out population health management and risk stratification using the information we provide through our computer systems. This information is pseudo-anonymised, meaning it cannot directly identify you to the ICB. Only our practice can identify you through a code. The ICB may require this pseudo-anonymised information for the following reasons:

  1. Analysing current health services and proposals for developing future services.
  2. Developing risk stratification models to help GPs identify and support patients with long-term conditions, prevent unplanned hospital admissions, and reduce the risk of certain diseases like diabetes.
  3. Understanding the health needs of the local population to plan and commission appropriate services.

Oracle Health is commissioned by the ICB to carry out this process.

The NHS Arden and Greater East Midlands Commissioning Support Unit (AGEM) is commissioned by the ICB to carry out this process, using the Gemima risk stratification tool.

Opting Out

If you do not wish for your data to be included in this process, even in a format that does not directly identify you, you can choose to opt out. Please inform the Practice, who will apply an opt-out code to your record to ensure your information is not included.

7. Your Summary Care Record

Your Summary Care Record is an electronic record that captures your healthcare history and other relevant personal information. This record is held on a national healthcare records database provided and facilitated by NHS England, ensuring seamless access to your medical information when needed.

Sharing Your Information For Better Care

This record may be shared with other healthcare professionals involved in your direct care. Additionally, relevant healthcare professionals and organisations may contribute to this record, ensuring it remains up-to-date and comprehensive.

Your Right To Privacy

You have the right to demand that your Summary Care Record is not shared with anyone who is not directly involved in your healthcare provision. If you wish to inquire further about your rights regarding the non-sharing of information on this record, please contact Louise Halahmy at the practice.

Wider Use Of Confidential Information

To learn more about the broader use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, please visit Please note that even if you choose to opt out, you can still consent to your data being used for specific purposes. If you are comfortable with this use of information, no action is required. However, you have the flexibility to change your choice at any time.

8. Who We May Share Your Personal Information With, And Why

When you utilise health or care services, such as attending an Accident & Emergency department or using Community Care Services, important information about you is collected to ensure you receive the best possible care and treatment. This information may be shared with other approved organisations where there is a legal basis, to assist in planning services, improving care, conducting research into developing new treatments, and preventing illness. All these efforts contribute to providing better care for you, your family, and future generations. However, as outlined in this privacy policy, confidential information about your health and care is only used in this manner when permitted by law and would never be used for any other purpose without your clear and explicit consent.

Direct Healthcare Providers

We may share your personal information with the following individuals or organizations to assist in the provision of your direct healthcare needs:

  1. Hospital professionals (doctors, consultants, nurses, etc.)
  2. Other GPs/Doctors
  3. Pharmacists
  4. Nurses and other healthcare professionals
  5. Dentists
  6. Any other person involved in providing services related to your general healthcare, including mental health professionals.

Other Recipients Of Your Information

Additionally, we may provide your information to the following entities:

  1. Commissioners
  2. Clinical Commissioning Groups or Integrated Care Boards
  3. Local authorities
  4. Community health services
  5. Entities for the purposes of complying with the law (e.g., Police, Solicitors, Insurance Companies)
  6. Anyone you have given your consent to view or receive your record, or part of your record. Please note that if you provide consent for another person or organization to access your record, we will need to contact you to verify your consent before releasing that record. It is important that you clearly understand which details you are consenting to be disclosed.

Data Extraction by the Hertfordshire and West Essex ICB

The Hertfordshire and West Essex ICB at times extracts medical information about you, but the information we pass to them via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify. This therefore protects you from anyone who may have access to this information at the Hertfordshire and West Essex ICB from ever identifying you as a result of seeing the medical information and we will never give them the information that would enable them to do this.

There are good reasons why the Hertfordshire and West Essex ICB may require this information, these are as follows:

  • To ensure practices are adhering to local and national guidelines;
  • To promote good medical care.

9. Who Are Our Partner Software Suppliers?

Below are a list of the software suppliers who we partner with in order to deliver healthcare services to our patients. If you would like more information about the way they manage data, please visit their website and read their respective privacy policy. 

NameDescriptionPrivacy Link
Emis WebEMIS Web is a clinical software system that allows GP practices to securely store, access, and manage patient medical records and information, enabling efficient delivery of healthcare services and continuity of care. Records are stored in a safe and secure manner in data centres owned and operated by Amazon Web Services which has been approved by NHS Digital.
Accurx (Patient Triage)AccuRx Patient Triage is a secure messaging platform that allows GP practices to safely communicate with patients, triage symptoms, and manage medical queries. It stores patient information in an encrypted format on secure servers, ensuring data privacy and compliance with healthcare regulations while facilitating efficient access to care.
Surgery Connect Surgery Connect telephone system enables GP practices to securely store and access patient information through its cloud-based platform. It facilitates efficient communication between healthcare providers while ensuring patient data privacy by employing robust encryption and access controls for storing sensitive medical records in compliance with data protection regulations.
iGPRiGPR is an electronic patient record system used by GP practices to securely store and manage patient medical information digitally. It allows authorised healthcare professionals to access and update patient records while ensuring data privacy and compliance through robust access controls and encryption of sensitive health data.
DocmanDocMan is a document management system used by GP practices to securely store and manage patient medical records and correspondence digitally. It allows authorised healthcare staff to access, share, and update patient documents while ensuring data privacy through encryption and access controls compliant with healthcare regulations.
DocmailDocMail is provided by CFH Total Document Management Ltd a secure print and mailing company which provides print and mailing services for Local Government, GPs, Dentists, Medical Practices, Schools, Exam Boards and Banks etc.
ITS DigitalITS Digital is the practice’s primary general IT support provider.
Their support staff are able to remotely dial in with the consent of our staff for technical problem solving.
NumedNumed provides software and remote support for our spirometer and blood pressure monitoring devices. With staff consent, their personnel can remotely access these systems for troubleshooting while we maintain strict security protocols to safeguard patient data privacy and confidentiality.
DXS SystemsDXS provides a clinical knowledge platform that integrates evidence-based guidance, treatment pathways, and patient information into GP workflows, enabling efficient access to up-to-date medical knowledge to improve patient care and outcomes.
JoyJoy is a preventative care platform that enables health and social care professionals to connect clients with local services, track outcomes, and facilitate preventative healthcare initiatives at scale while ensuring secure handling of client information.
Microsoft SuiteIn GP surgeries, Microsoft Suite is essential: Word is used for documentation and patient letters, Excel for data analysis and tracking, Outlook for secure communication, and Teams for virtual meetings and collaboration. It's a key provider to the NHS, streamlining operations and enhancing patient care efficiency.
Patient AccessThe Patient Access app enables GP practices to provide patients with remote access to book appointments, order repeat prescriptions, and message the practice directly, facilitating convenient digital healthcare services while ensuring secure access through NHS login authentication.
NHS AppThe NHS App allows GP practices to securely share medical records and enable patients to access health services like booking appointments, ordering prescriptions, and viewing their GP health data, facilitating efficient digital healthcare delivery while ensuring proper access controls over sensitive patient information.

10. Anonymised Data Management Procedures

We may sometimes provide information about you in an anonymised form, where none of the details can identify you as an individual or be traced back to you. This preserves your privacy and confidentiality while still allowing the responsible use of data for legitimate purposes like research or service improvement. The anonymisation process involves removing or obfuscating any personally identifiable information (PII) or sensitive details that could link the data back to you. We employ robust techniques like data masking, pseudonymisation, and aggregation to ensure the anonymised information cannot reveal your identity. Your privacy is safeguarded throughout this process.

11. Your Rights As A Patient

The law grants you certain rights regarding your personal and healthcare information that we hold. These rights are outlined below:

A. Access and Subject Access Requests

You have the right to access and obtain a copy of the information we hold about you. If you would like to request a copy, please contact 01923247446. We will provide this information free of charge; however, in limited and exceptional circumstances, we may charge an administrative fee for excessive, complex, or repetitive requests. We have one month to respond to your request and provide the required information. We kindly ask that any requests be made in writing, clearly specifying the information you require.

B. Online Access

You may request online access to your medical record. However, we must follow certain protocols, including obtaining your written consent and verifying your identity through a verification process. Please note that when granted online access, the responsibility lies with you to ensure the safekeeping and security of your information if you do not wish for any third party to gain access.

C. Correction

We strive to ensure that your personal information is accurate and up to date. You may request corrections to any information you believe to be inaccurate. It is crucial that you inform us if your contact details, including your mobile phone number, have changed.

D. Removal

You have the right to request the removal of your information. However, if we require this information to assist in providing you with appropriate medical services and diagnosis for your healthcare, removal may not be possible.

E. Objection

We cannot share your information with anyone else for purposes unrelated to your health, such as medical research or educational purposes, without your consent. You have the right to request that your personal and healthcare information is not shared by the Surgery in this manner. Please refer to the Anonymised Information section in this Privacy Policy.

F. Transfer

You have the right to request that your personal and/or healthcare information be transferred, in an electronic form (or other form), to another organisation. However, we will require your clear consent to do so.

12. Safeguarding Third-Party Information Mentioned On Your Medical Records

During consultations, you may mention third parties, such as spouses, partners, or other family members. We have an obligation to protect the rights and confidentiality of these individuals. Before sharing any information with other parties, including yourself, we ensure that references to third parties that could potentially breach their confidentiality are removed.

We take great care to uphold the privacy rights of all individuals mentioned in your medical records. Any information pertaining to third parties undergoes a thorough review process to redact or anonymize details that could compromise their confidentiality. This measure is in place to maintain the highest standards of privacy and data protection for everyone involved.

You can rest assured that we handle all personal and sensitive information with the utmost care and discretion, adhering to strict confidentiality protocols. Our commitment to safeguarding the privacy of third parties mentioned in your records is unwavering.

13. How We Use The Information About You

We utilise your personal and healthcare information for the following purposes:

A. Facilitating Coordinated Care

We may share your information with other healthcare professionals, such as doctors, consultants, nurses, or medical organisations, during your diagnosis, treatment, or ongoing healthcare management. This collaboration ensures you receive seamless and well-coordinated care from all parties involved.

B. Legal and Regulatory Compliance

In certain circumstances, we are legally obligated to disclose your information to authorised entities, such as law enforcement agencies, courts, solicitors, or immigration enforcement authorities. These disclosures are made strictly in compliance with applicable laws and regulations.

C. Consent-Based Sharing

We will never pass on your personal information to any third party who does not have a legitimate need or legal right to access it unless we have obtained your explicit consent to do so. Your privacy and the confidentiality of your information are of utmost importance to us.

14. Legal Justification For Collecting And Using Your Information

The law requires us to have a legal basis for handling your personal and healthcare information. We rely on the following legal justifications:

A. Contractual Obligation

We have a contract with NHS England to deliver healthcare services to you. This contract legally obligates us to ensure that we provide medical and healthcare services to the public.

B. Consent

In some instances, we rely on your consent to use your personal and healthcare information to take care of your healthcare needs. Please note that you have the right to withdraw your consent at any time if you no longer wish to receive services from us.

C. Necessary Care

We may collect and use your information to provide you with appropriate healthcare when necessary. The law refers to this as ‘protecting your vital interests’ in situations where you may be unable to provide consent.

D. Legal Obligation

Sometimes the law requires us to provide your information to certain organizations (as mentioned in the previous sections).

15. Special Categorisation: Handling Sensitive Health Information

The law recognises that personal information about your health falls into a special category due to its sensitive nature. We may be entitled to use and process your information under the following circumstances:

A. Public Interest

In situations where handling your personal information is considered to be in the public interest, such as during an outbreak of a specific disease, we may need to contact you for treatment or pass your information to relevant organizations to ensure you receive appropriate advice and/or treatment.

B. Consent

We may use and process your information when you have provided explicit consent for us to do so.

C. Vital Interest

If you are incapable of giving consent and we need to use your information to protect your vital interests, such as in the event of an accident requiring emergency treatment, we may process your data accordingly.

D. Defending a Claim

In the event of a legal claim against us by you or another party, we may need to use your information to defend ourselves.

E. Providing Medical Care

We may process your information when it is necessary to provide you with medical and healthcare services.

16. How Long We Keep Your Personal Information

At Manor View Practice, we carefully evaluate the personal information we store about you to ensure compliance with data protection principles and NHS guidelines. We will not retain your personal or healthcare data for longer than necessary to fulfil the purposes outlined in this Privacy Policy.

In determining appropriate data retention periods, we consider several factors:

  • Clinical and legal requirements for maintaining accurate medical records over a certain timeframe.
  • Operational needs for providing continuity of care and access to historical health data when required.
  • Statutory obligations outlined by the NHS Records Management Code of Practice and other relevant regulations.

For example, GP patient records must be kept until 10 years after the patient’s death or after the patient has permanently left the country, unless they remain in the European Union. Electronic patient records are typically retained for the lifetime of the patient plus additional contingency periods.

We regularly review our data retention schedules to ensure alignment with evolving best practices and legal frameworks. Strict protocols are in place for the secure disposal of personal information that has reached the end of its retention period.

Your information will only be retained for as long as absolutely necessary to support your healthcare needs and our professional obligations as your trusted medical provider.

17. Patient Participation Group (PPG)

The Patient Participation Group (PPG) is a voluntary group of patients who work collaboratively with the practice to provide feedback and suggestions on how to improve services and promote better health for the local community.

Information Collected by the PPG

When you express interest in joining the PPG, you will be asked to provide the following information:

  • Title
  • Full name
  • Gender
  • Date of birth
  • Telephone numbers
  • Email address
  • Ethnic group
  • Frequency of visits to the practice

This information is collected solely for the purposes of the PPG and will be held securely by the group. It will not be shared with any third parties or used for any other purposes without your explicit consent.

Managing Your Information

If at any point you wish to have your details removed from the PPG’s records, please contact the practice by email at, and your request will be processed promptly.

18. Complaints

If you have any concerns about how we handle your personal data or a complaint regarding our practices, processing, or use of your personal and/or healthcare information, please contact Louise Halahmy, at 01923247446.  Alternatively, you can submit your complaint through the dedicated Complaint Form on our website.

It is important to note that you have the right to raise any concern or complaint with the UK’s information regulator, the Information Commissioner’s Office (ICO).

We take all complaints and concerns seriously and will make every effort to address them promptly and transparently. Your privacy and the protection of your personal data are of utmost importance to us, and we are committed to upholding the highest standards of data privacy and security.

19. Our Website

This Privacy Policy applies solely to the Manor View Practice website (  If you use a link from our website to access any other website, you will need to review the respective privacy policy of that website, as it will govern the handling of your information on that site.

We take no responsibility, legal or otherwise, for the content or privacy practices of other websites that you may access from links on our website. The protections and guidelines outlined in this Privacy Policy extend only to the information collected and processed through

When visiting our website, we recommend exercising caution and reviewing the privacy policies of any third-party websites you visit to understand how your personal information may be collected, used, and disclosed by those entities.

20. Cookies

Manor View Practice’s website,, utilises cookies to enhance your browsing experience and provide certain functionalities. Cookies are small data files that are placed on your device when you visit our website. To learn more about the specific cookies we use, their purposes, and how they are managed, please refer to our dedicated Cookie Policy

21. Website Security And Third Party Links

This Privacy Policy applies solely to the Manor View Practice website ( If you access any other website through links provided on our site, you will need to review the respective privacy notices of those websites, as they will govern the handling of your information on those platforms.

We do not assume any responsibility, legal or otherwise, for the content, privacy practices, or security measures implemented by third-party websites that you may access from links on our website. The protections and guidelines outlined in this Privacy Policy extend only to the information collected and processed through this website.

When visiting external websites, we recommend exercising caution and reviewing their privacy policies to understand how your personal information may be collected, used, and disclosed by those entities. We cannot guarantee the security or privacy practices of websites that fall outside our direct control.

At Manor View Practice, we prioritise the security and protection of your personal information. We implement industry-standard security measures to safeguard the data collected through our website from unauthorised access, disclosure, alteration, or destruction. However, please note that no method of data transmission over the internet or electronic storage is entirely secure, and we cannot provide absolute assurance of the security of any information transmitted to or from our website.

If you have any concerns or questions regarding the security of our website or the handling of your personal information, please do not hesitate to contact us. We are committed to maintaining transparency and addressing any issues that may arise.

22. Keeping Your Contact Details Updated

At Manor View Practice, we are committed to protecting the confidential information we hold about you. To uphold this commitment, it is crucial that you promptly notify us if you change any of your contact details.

Importance Of Accurate Contact Information

We may need to contact you via SMS text messaging to your mobile phone regarding appointments, services related to your direct care, or other important updates. By ensuring that we have your most current contact information, we can guarantee that we are communicating directly with you and not inadvertently sharing confidential details with others.

Your Responsibility

It is your responsibility to inform us immediately if you change your contact details, such as your mobile phone number or email address. Keeping your information up to date enables us to maintain secure and reliable communication channels, safeguarding the confidentiality of your personal and healthcare information.

23. Accessing Our Privacy Policy

You can access a copy of our Privacy Policy through the following channels:

  • On our website:
  • By requesting a copy from our staff

We encourage you to familiarise yourself with our Privacy Policy to understand how we collect, use, and protect your personal and healthcare information.

Under 16s

There is a separate privacy notice for patients under the age of 16.  Click here to read out Privacy Policy For Children.

24. Keeping Our Privacy Policy Up To Date

We regularly review and update our Privacy Policy to ensure it remains current and compliant. This Privacy Policy was last reviewed and updated in May 2024.