Trinity Medical Centre
1 Goldstone Villas, Hove, BN3 3AT
Current time is 09:17 - We're open
Telephone: 01273 email@example.com
Data Protection and Privacy Notices
COVID-19 and your information – Updated on 8th April 2020
Supplementary privacy notice on Covid-19 for Patients
During the Covid19 pandemic practices have been told to share details of patient’s personal confidential and special category data onto the Summary Care Record.
It supplements our Privacy Notice’s that are available below . The health and social care system is facing significant pressures due to the COvid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.The NHS in England uses a national electronic record called the Summary Care Record (SCR) to support patient care. It contains key information from your GP record. Your SCR provides authorised healthcare staff with faster, secure access to essential information about you in an emergency or when you need unplanned care, where such information would otherwise be unavailable. This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. ‘Risk stratification for case finding’ is a process for identifying and managing patients who have or may be at-risk of health conditions (such as diabetes) or who are most likely to need healthcare services (such as people with frailty). Risk stratification tools used in the NHS help determine a person’s risk of suffering a particular condition and enable us to focus on preventing ill health before it develops. Information about you is collected from a number of sources including NHS Trusts, GP Federations and your GP Practice. A risk score is then arrived at through an analysis of your de-identified information. This can help us identify and offer you additional services to improve your health. If you do not wish information about you to be included in any risk stratification programmes, please let us know. We can add a code to your records that will stop your information from being used for this purpose. Please be aware that this may limit the ability of healthcare professionals to identify if you have or are at risk of developing certain serious health conditions.
Type of Data – Identifiable/Pseudonymised/Anonymised/Aggregate Data .
GDPR Art. 6(1) (e) and Art.9 (2) (h). The use of identifiable data by CCGs and GPs for risk stratification has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority (approval reference (CAG 7-04)(a)/2013)) and this approval has been extended to the end of September 2022 NHS England Risk Stratification which gives us a statutory legal basis under Section 251 of the NHS Act 2006 to process data for risk stratification purposes which sets aside the duty of confidentiality. We are committed to conducting risk stratification effectively, in ways that are consistent with the laws that protect your confidentiality.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully I a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.
The relevant COPI notice states that its purpose: “…is to require organisations to process confidential patient information for the purposes set out in Regulation 3(1) of COPI to support the Secretary of State’s response to Covid-19 (Covid-19 Purpose). “Processing” for these purposes is defined in Regulation 3(2) and includes dissemination of confidential patient information to persons and organisations permitted to process confidential patient information under Regulation 3(3) of COPI.”Full details of the Summary Care Record supplementary privacy notice can be found here
Patients have the right to opt out of having their information shared with the SCR by completion of the form which can be downloaded here and returned to the practice. Please note that by opting out of having your information shared with the Summary Care Record could result in a delay care that may be required in an emergency. During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-Outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access Requests (SARs), Freedom of Information requests (FOIs) and new opt out requests whilst we focus our efforts on responding to the outbreak.
Personal confidential and Special Category data will be extracted at source from GP systems for the use of planning and research for the Covid-19 pandemic emergency period. Requests for data will be required from NHS Digital via their secure NHSX SPOC Covid-19 request process. NHS Digital has been directed by the Secretary of State under section 254 of the 2012 Act under the COVID-19 Direction to establish and operate a system for the collection and analysis of the information specified for this service: GPES Data for Pandemic Planning and Research (COVID-19). A copy of the COVID-19 Direction is published here:
Patients who have expressed an opt out preference via Type 1 objections with their GP surgery, not to have their data extracted for anything other than their direct care will not be party to this data extraction.
In order to look after your health and care needs we may share your confidential patient information included health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text message or email.
During this period of emergency we may offer you a consultation via telephone or video conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and the NHSX have developed a single, secure store to gather data from across the health and care system to information the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patient themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
General Data Extraction Service (GPES):CVDPREVENT Audit
NHS England has directed NHS Digital to collect and analyse data in connection with Cardiovascular Disease Prevention Audit (referred hereafter to as “CVDPREVENT Audit”). The NHS Long Term Plan identifies cardiovascular disease (CVD) as a clinical priority and the single biggest condition where lives can be saved by the NHS over the next 10 years. CVD causes a quarter of all deaths in the UK. This General Practice Extraction Service (GPES) data will be extracted as an initial full-year extract of data and thereafter as an extract on a quarterly basis. The first extract is scheduled to take place in the second half of 2020-21 financial year and will cover the previous financial year of 2019-20. All GP Practices in England are legally required to share data with NHS Digital for this purpose under section 259(1)(a) and (5) of the 2012 Act.
More information on this data extraction can be found here https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/directions-and-data-provision-notices/data-provision-notices-dpns/cardiovascular-disease-prevention-audit?_cldee=YW5uYS5jcmVzc2V5QG5ocy5uZXQ%3d&recipientid=lead-3f1b8087270deb11a812000d3a86b23d-6b9e859353374ccba6b3316066a5476e&esid=6e5380d6-c004-eb11-a813-000d3a86d6fd
GDPR (General Data Protection Regulation) will take effect from May 25th 2018
If you wish to opt-out of receiving Practice notifications- such as closure dates, research study invites- via voicemail, SMS or email, please speak to Reception and fill out a short form. You may opt out at any time.
Please note, this does not apply to messages relating to your direct care- such as appointment reminders, annual health checks. The Surgery will continue to contact you as normal.
This practice keeps data on you relating to who you are, where you live, what you do, your family, possibly your friends, your employers, your habits, your problems and diagnoses, the reasons you seek help, your appointments, where you are seen and when you are seen, who by, referrals to specialists and other healthcare providers, tests carried out here and in other places, investigations and scans, treatments and outcomes of treatments, your treatment history, the observations and opinions of other healthcare workers, within and without the NHS as well as comments and aide memories reasonably made by healthcare professionals in this practice who are appropriately involved in your health care.
When registering for NHS care, all patients who receive NHS care are registered on a national database, the database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS
GPs have always delegated tasks and responsibilities to others that work with them in their surgeries, on average an NHS GP has between 1,500 to 2,500 patients for whom he or she is accountable. It is not possible for the GP to provide hands on personal care for each and every one of those patients in those circumstances, for this reason GPs share your care with others, predominantly within the surgery but occasionally with outside organisations.
If your health needs require care from others elsewhere outside this practice we will exchange with them whatever information about you that is necessary for them to provide that care. When you make contact with healthcare providers outside the practice but within the NHS it is usual for them to send us information relating to that encounter. We will retain part or all of those reports. Normally we will receive equivalent reports of contacts you have with non NHS services but this is not always the case.
Your consent to this sharing of data, within the practice and with those others outside the practice is assumed and is allowed by the Law.
People who have access to your information will only normally have access to that which they need to fulfil their roles, for instance admin staff will normally only see your name, address, contact details, appointment history and registration details in order to book appointments, the practice nurses will normally have access to your immunisation, treatment, significant active and important past histories, your allergies and relevant recent contacts whilst the GP you see or speak to will normally have access to everything in your record.
You have the right to object to our sharing your data in these circumstances but we have an overriding responsibility to do what is in your best interests.
Please see documents below for more details.
SMS text messaging policy: TRINITY MEDICAL CENTRE SMS TEXT MESSAGE POLICY – patient information
GP Online Consultation Service Privacy Notice
By law, all organisations that use personal information (personal data) must provide a clear description of how it is used and also provide any related information to ensure the processing is carried out lawfully and fairly. Our main Privacy Notice is available on our website (or please contact our reception).
The additional information we have provided below describes only the use of your information when you use our online consultation service.
Please ensure you read our main Privacy Notice and if you wish to use our online consultation service, please also read the supplementary information below:
Our Online Consultation Service
We (your GP Practice) have engaged a specialised online consultation supplier which is approved to NHS England technical standards and has gone through stringent scrutiny and achieved all necessary requirements to comply with the Online Consultations. The contracts with the supplier ensures that we remain the Controller of your personal information when you use such services and that your information is used for the online consultation purposes only. Please note any digital image submitted as part of an online consultation, may be stored within your clinical notes.
The name of the organisation we have engaged to provide this service is displayed in the NHS App. The NHS App is provided by NHS Digital and provides health services such as viewing your medical record. It can be downloaded from the App Store and Google Play.
NHS Digital connects the NHS App to our online consultation service so that the service can operate within the NHS App. NHS Digital does this on our behalf. Both NHS Digital and our online consultation supplier are our processors.
Do we have a lawful basis for the processing carried out by our Online Consultation Service?
The following legal bases set out in the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 allow us to use your information when you use our service:
- a. When using your Personal Information (Personal Data)Article 6 (1) (e) of the GDPR, which permits us to process your personal information that is necessary to provide a service which is in the public interest
- b. When using your Sensitive Personal Information (Sensitive Personal Data):Article 9 (2) (h) of the GDPR which permits us to process your health information which is necessary for the provision of health treatment.
What are the purposes of the processing?
Online consultations allow our patients to contact the Practice without having to wait on the phone or take time to come into the practice in person especially if a patient is not sure whether they need a face to face consultation. Online consultations enable patients to use a secure online system to ask questions and report symptoms and we can then respond by signposting patients to the right person e.g. a Doctor or to appropriate service or support.
What personal information do we use?
Because this service is online, we need to ensure that we continue to provide you with a confidential and high-quality service. To do so, we need to properly identify you, accurately note both your request and our responses. If we were prevented from using this essential information, then we would be unable to provide the service securely and confidentially. We list the types of information we need later. Information which is not needed for the service is not collected.
We use the following information to identify and deal with your request.
- a. Identity and Contact Information: includes name, gender, date of birth, NHS number, email address and telephone number, postal address. If you have created a NHS login account you will already have verified who you are and you can, if you wish, use those details from your NHS login account (name, age, NHS number, gender) to save you time and avoid having to manually enter your details to re-identify yourself to use the Online Consultation service.
- b. Sensitive Personal Information: your health information such as your symptoms, conditions, medication and other details which are already held in our GP records and / or which you provide through the online consultation process.
Do we share your personal information?
As mentioned earlier, we have engaged a specialised and reputable organisation to provide this service on our behalf. If you are advised to seek urgent care, your information will not be shared elsewhere. We control your information and we will only use your information to provide you with our health services.
Our online consultation service is also made available to our patients who use the NHS App which can be downloaded from the App Store and Google Play. The NHS App is provided by NHS Digital and provides health services such as viewing your medical record. If you are logged into the NHS App, then you will have also have access to our online consultation service and the requests you make to us will be securely sent from the NHS App to our Practice system using our online consultation provider.
Whenever we share your information, we will always comply with the law.
Where is your information processed and stored?
We process and store your personal information within the United Kingdom.
How long is your personal information kept?
We set the retention periods for your information and instruct our engaged contractor that provides this service on our behalf to comply with these periods. When your information has been copied to our own systems then your information will be deleted by our contractor.
If you have been advised online to seek urgent care elsewhere, then your information will not be transferred to us and will not be retained after you have read the advice given.
Please find below updated DPIA for online consultations: