GDPR Privacy Notice
Your Information, Your Rights
As your GP practice, we are a ‘data controller’ for any information that we keep about you and your health.
This Privacy Notice tells you what information we collect about you, how we store it, and who we share it with - and the reasons why.
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. hospital, GP surgery etc.). These records help to provide you with the best possible healthcare.
What type of information do we keep about you?
- ‘Personal data’. This means any information that can identify who you are. This includes your name, date of birth, full postcode, address and next of kin;
- ‘Special category / sensitive data’. This means any information about your medical history. It could be when you have come in for appointments, medication you have been given, notes about your care, or treatments. It could also be social care status, race or ethnic origin.The personal information we keep about you is to help us provide health or social care or treatment, under the Data Protection Act (DPA) 2018.
Where do we keep your records?
Your personal information is held in both paper and electronic forms for specific amounts of time. We will always make sure:
- Your records are accurate
- Your records are secure
- You can access your records
What do we do with your information?
Your records are used to manage and deliver your care. This helps us make sure:
- The practice staff has all of the information they need to help them provide you with the best care for your needs.
- The practice staff involved in your care has correct and up-to-date information about you.
- The right information is available in case you see another healthcare professional, or need to see a specialist, social care or health care provider.
Who do we share your information with?
We may need to share information with other organisations such as:
- HSCNI Trusts
- Public Health
- Other GP practices, hospitals or ambulance services
- Private Sector Providers
- Voluntary Sector Providers
- Independent contractors e.g. dentists, opticians
- Local Authorities
- Education Services
- Police & Judicial Services
- Social Services
- Other ‘data processors’ which you will be informed of
What are your rights?
You will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen when it is required.
The DPA 2018 means that you or your parent(s) / guardian(s) may have the right to:
- Ask to see the personal data we hold about you, such as health records.
- Ask us to correct information in your health records that you think is wrong or incomplete.
- Refuse or take away consent for us to share your health records with others – an example could be using your information for research purposes.
- Ask us to send your personal information to other healthcare providers.
All our staff and members of other NHS organisations have a legal obligation to keep information about you confidential.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any 3rd party without your consent unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on for example Child/Adult Protection and Serious Criminal Activity.
Access to personal information
You have a right under the Data Protection Act 2018 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following made in writing to the practice.
- There is no charge to have a printed copy of the information held about you. However, if requests for your record are excessive or manifestly unfounded, a reasonable fee for the administrative cost will be charged to comply with the request.
- We are required to respond to you within 30 days
- You will need to give adequate information (for example full name, address, date of birth, Health & Care number and details of your request) so that your identity can be verified and your records located
Objections / Complaints
Should you have any concerns about how your information is managed by your GP Practice, please contact the Practice Manager- Angela Kirker. If you are still unhappy following a review by the GP practice, you can then complain to the Information Commissioners Office (ICO) via their website (www.ico.org.uk).
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
The Data Protection Act 2018 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
This information is publicly available on the Information Commissioners Office website www.ico.org.uk
The practice is registered with the Information Commissioners Office (ICO)
Who is the data Processor?
This is the person/people or organisation that is responsible for using and recording your information. All staff at Cregagh Surgery are individual Data Processors.
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure and confidential is Cregagh Surgery.
Data Protection Officer (DPO)
The Data Protection Officer has overall responsibility for GDPR within this area. Our designated DPO Angela Kirker.