What do we use your information for?

We hold your medical record so that we can provide you with safe care and treatment. We will also use your information so that our surgery can check and review the quality of care we provide, this helps us to improve the service we provide to you. We shall share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in hospital or your GP will send details about your prescription to your chosen pharmacy.

Aside from sharing information directly for your care, there are some other purposes that we may share data for, including:

Risk Stratification

Risk stratification is a process GPs use to help them to identify a person who may benefit from a targeted healthcare intervention and to help prevent un-planned hospital admissions or reduced the risk of certain diseases developing such as type 2 diabetes. This is called risk stratification for case-finding. As part of this, our surgery uses a primary care software system called Eclipse.

NHS Digital

NHS Digital is a national body which has legal responsibilities to collect information about health and social care services. It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients. This surgery must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.

Care Quality Commission (CQC)

The CQC regulates health and social care services to ensure that safe care is provided. The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk. For more information about the CQC see: http://www.cqc.org.uk/

Public Health

The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population. We will report the relevant information to local health protection team or Public Health England.

Who do we share your information with?

We may share your information with other parties dealing with your care. When we do this we will inform you first unless we have a legal basis. We will not share your information with marketing organisations or other organisations that could cause you harm or lead to intrusive contact

  • Refer you to other healthcare providers when you need other service or tests
  • Share samples with laboratories for testing (like blood samples)
  • Share test results with hospitals or community services (like blood test results)
  • Allow out of hours or extended hours GPs to look at your health record when you are going to an appointment
  • Send prescriptions to a pharmacy
  • Text you in relation to healthcare services
  • Samples are provided to the courier for delivery to pathology
  • Share reports with the coroner
  • Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital
  • Share information across the practices within our partnership when necessary for healthcare purposes

Follow this link to see a list of the partners that we usually share with.

Suffolk Primary Care Partnership has signed a Suffolk Wide Information Sharing Agreement which allows health and social care providers to agree a secure and lawful way to share your information.


What else do we do with your information?

Along with activities related directly to your care, we also use information in ways which allow us to check that care is safe and provide data for the improvement and planning of services.

  • Quality / payment / performance reports are provided to service commissioners
  • As part of clinical research – information that identifies you will be removed, unless you have consented to being identified
  • Undertaking clinical audits within the practice
  • Supporting staff training

Sharing when Required by Law

We will keep you informed of how your data is used through this privacy notice, however please note that there may be times when we may not notify you such as for the prevention and detection of crime, safeguarding purposes, or as requested by a Court Order. We will only do this when the law requires us to do so.


CCTV

CCTV is in place in the following practices;

  • Norwich Road Surgery, Ipswich
  • Stowhealth, Stowmarket

It has been installed solely for the safety and security of our patients and staff, to prevent and deter crime.

Images are recorded 24 hours a day and stored on the hard drives of the recording devices that are situated in secure areas and only the practice managers and those delivering technical support services will have access to the system.

The CCTV only records images and does not record audio.

Generally, CCTV recordings are stored on our recording devices for 28 days before being deleted.

There are signs in the practice telling you that CCTV is in place.

We will only ever share information with the relevant authorities in connection with the safety and security of patients and staff and will not share with any other third parties.

Visitors to the practice have the right to request to see images of themselves on CCTV as part of a request made under the privacy legislation. Like all subject access requests, it must be made in writing.

We have followed the CCTV guidelines produced by the Information Commissioners’ Office.


Information Access and Rights

Data protection law provides you with a number of rights that the practice is committed to supporting you with;

Right to Access

You have the right to obtain:

  • confirmation that your information is being used, stored or shared by the practice
  • a copy of information held about you
  • Partners with whom we have shared information

If you only require a particular part of your record, tell us and we may be able to respond even quicker.

We will respond to your request within one month of receipt or will tell you when it might take longer.

We are required to validate your identity including the identity of someone making a request on your behalf

Right to Object or Withdrawn Consent

We mainly use, store and share your information because we are permitted in order to deliver your healthcare but you do have a right to object to us doing this.

Where we are using, storing and sharing your information based on explicit consent you have provided, you have a right to withdraw that consent at any time.

Our Data Protection Officer will be happy to speak with you about any concerns you have.

Right to Correction

If information about you is incorrect, you are entitled to request that we correct it

There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time

We will respond to your request within one month of receipt or will tell you when it might take longer.

Complaints

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

For more detailed information on your rights visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/


Case Finding

Sometimes your information will be used to identify whether you need particular support from us.

Those involved in your care might look at particular ‘indicators’ (such as particular conditions) and contact you or take action for healthcare purposes. For example, this might be to prevent you from having to visit accident and emergency by supporting you in your own home or in the community.

We will use automated technology to help us to identify people that might require support but ultimately, the decision about how or whether to provide extra support you is made by those involved in your care.

Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.


Information Technology

The practice will use third parties to provide services that involve your information such as;

  • Removal and destruction of confidential waste
  • Provision of clinical systems
  • Provision of connectively and servers

Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery)

We have contracts in place with these third parties that prevent them from using it in any other way that instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.

Please visit this link to find out more about our sharing partners and providers.



Hide this section
Show accessibility tools