General Data Protection Regulations (GDPR) –
How we use your personal information
This privacy notice explains what information this GP practice holds about you, why we hold that information and how that information may be used. The healthcare professionals who provide you with care, maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which this GP Practice hold about you may include the following information;
Details about you, such as your address, carer, legal representative, emergency contact details. We also hold the following:
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations such as laboratory tests, x-rays etc.
Relevant information from other health professionals, relatives or those who care for you to ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided or for research purposes. Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
How do we ensure your records are held confidentiality?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- General Data Protection Regulations 2018
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Codes of Confidentiality
- Information Security and Records Management
- Information: To Share or Not to Share Review
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.
The Practice shares your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England). This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.
For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.desphiow.co.uk
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (Information: To share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.”
This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.
6.1 My Surgery Website Limited does not set first party cookies on this website containing any personal data unless specifically instructed to do so by the user. For example, if a user requests to be remembered on a form then a cookie is set to retain the form data for next time.
6.3 You may delete Cookies at any time. See the help in your internet browser to find out how to delete your cookies.
Change of Details
It is important that you tell the practice if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so your record is accurate and up to date.
You have the right to object to our sharing your data in these circumstances but we have an overriding responsibility to do what is in your best interests. Please see below.
We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.
1) Data Controller contact details
208 Farnborough Road
Tel: 01252 545078, Fax: 01252 370751
2) Data Protection Officer contact details
3) Purpose of the processing
Direct Care is care delivered to the individual alone, most of which is provided in the surgery. After a patient agrees to a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care.
4) Lawful basis for processing
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”*
5) Recipient or categories of recipients of the processed data
The data will be shared with Health and care professionals and support staff in this surgery and at hospitals, diagnostic and treatment centres who contribute to your personal care. We are currently preparing detailed privacy notices for each of the ways in which we use your information. These will be available in the practice and on the website.
6) Rights to object
You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance
7) Right to access and correct
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law. Your request may be made either verbally or in writing to the practice.
8) Retention period
The data will be retained in line with the law and national guidance. https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or speak to the practice.
9) Right to Complain.
If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything. If you have any concerns about how your data is shared then please contact the practice. Please contact the Practice Manager in the first instance.
You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/
Or calling their helpline Tel: 0303 123 1113 (local rate) or
01625 545 745 (national rate)
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)
The surgery will soon be allowing the A&E department at Frimley Park Hospital (FPH) potential access to the GP records of our patients attending that department. FPH will only be able to see that information if the patient gives their explicit consent at the time of attendance in A&E. This system is known as EMIS Web data streaming.
The information made available will include important diagnoses, medications, allergies, past operations and past medical history. The hospital already has access to investigations (such as x-rays) performed at the hospital, and bloods test results.
For further information please click here
Sharing your records
Information about you is used in a number of ways by the NHS and social care services to support your personal care and to improve health and social care services for everyone.
NHS Digital is the national NHS organisation with a legal responsibility to collect data as people make use of NHS and social care services.
The data is used locally and nationally to help with planning, managing your care, supporting research into new treatments, identifying trends and issues and so forth, and is used to try to make services better for all.
You can, however, choose not to have information about you shared or used for any purpose beyond providing your own treatment or care.
Your right to opt out
You can choose not to have anything that could identify you shared beyond your GP practice. You can also choose for NHS Digital not to share information it collects from health providers any further.
Simply contact your GP either to register an opt-out or end an opt-out you have already registered and they will update your medical record. Your GP practice will also be able to confirm whether or not you have registered an opt-out in the past.
If you have previously told your GP practice that you don't want NHS Digital to share your personal confidential information for purposes other than your own care and treatment, your opt-out will have been implemented by NHS Digital from April 29 2016 as instructed in a direction from the Secretary of State. It will remain in place unless you change it.
As the Secretary of State’s direction, which included the policy on how to apply opt-outs was not available before April 2016 it was not possible for NHS Digital to honour opt-outs made before this date. This means that information may have been shared without respecting these opt-outs between January 2014 and April 2016.
You can find more information on NHS Digital's website: