How do we keep your information safe?

All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff will receive appropriate training on confidentiality of information and staff who have regular access to personal confidential data will have received additional specialist training.

We take relevant organisational and technical measures to make sure that the information we hold is secure – such as holding information in secure locations, restricting access to information to authorised personnel, protecting personal and confidential information held on equipment such as laptops with encryption and information is transferred safely and securely.

The surgery does not transfer personal confidential information overseas without adequate protection.

Under the Data Protection Act 2018, the surgery is required to register with the Information Commissioner’s Office detailing all purposes for which personal identifiable data is collected, held and processed.

The surgery has a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it.

The surgery will not pass on your details to any third party or other government department unless you consent to this or when it is necessary and or required to by law. The surgery is party to a number of information sharing agreements which are drawn up to ensure information is shared in a way that complies with relevant legislation.

How long do we keep your information for?

There are different retention schedules for different types of information and types of record. In the NHS, all commissioners and providers apply retention schedules in accordance with the Information Governance Alliance’s Records Management Code of Practice for Health and Social Care which determines the length of time records should be kept.

NHS data are subject to legal retention periods and should not be destroyed unless specific instructions to do so has been determined and received from the Data Controller.

What rights do I have?

By law you have certain rights related to your information. These are:

The right to be informed

You have the right to know what information that we hold about you, what we do with it and why. We inform patients through this privacy notice.

The right of access

You have the right to have a copy of the information that we hold on you. We must provide this to you within one calendar month and free of charge unless an exemption applies. We may need you to prove your identity before we can release any information to you.

The right of rectification

You have the right to have your personal data corrected if inaccurate.

The right to erasure

You have the right to have your personal data erased in certain circumstances.

The right to restrict processing

You have the right to restrict the processing of your personal data in certain circumstances.

The right to data portability

You have the right allows you to obtain and reuse your information for your own purposes. You have the right to have your information in a digital format.

The right to object

You have the right to prevent processing of your information in certain circumstances.

Rights related to automated decision making and profiling

We must inform you if we do this kind of processing, and offer you a human based alternative.

If you wish to exercise any of your rights, you can make contact by using the information below:

Data Protection Officer – Paul Cook – email: wsccg.gp.dpo@nhs.net or iesccg.gp.dpo@nhs.net

The Data Protection Officer service is provided by the West Suffolk Clinical Commissioning Group (WSCCG) more information is available at: https://www.westsuffolkccg.nhs.uk/

The Data Protection Officer service is provided by Ipswich and East Suffolk Clinical Commissioning Group (IESCCG) more information is available at: http://www.ipswichandeastsuffolkccg.nhs.uk/

Your Data Matters

Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments. In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.

The National Data Opt-Out programme is a service that allows patients to opt out of their confidential patient information being used for research and planning.

Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters.

Raising concerns

If you are concerned about the way we are handling your information or wish to make a complaint please contact the Practice Manager.

If you still have further concerns then please contact the Data Protection Officer – Paul Cook – email: (please pick which email address relates to the CCG you come under) wsccg.dpo@nhs.net or iesccg.dpo@nhs.net

The Data Protection Officer service is provided by the West Suffolk Clinical Commissioning Group (WSCCG) more information is available at: https://www.westsuffolkccg.nhs.uk/

The Data Protection Officer service is provided by Ipswich and East Suffolk Clinical Commissioning Group (IESCCG) more information is available at: http://www.ipswichandeastsuffolkccg.nhs.uk/

If the issue cannot be resolved by our organisation or the Data Protection Officer, you have the right to report it to the Information Commissioners Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You can contact them on the details below:

www.ico.org.uk/concerns/

Phone – 0303 123 1113


Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Hide this section
Show accessibility tools