Privacy Notice, Your Data And GDPR
All GP surgerys collect data about their patients. It is collected to enable safe and effective care for our patients. This information is collected for specific purposes and stored in secure ways. Please see the following link to view the GP Privacy Notice in full: https://www.buckinghamshireccg.nhs.uk/primary-care-privacy-notice/
What is GDPR?
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access requests
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What is ‘patient data’?
Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc.
What is consent?
Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
If you were concerned about your data, please call the surgery on 01296 425 775 or write to our Data Protection Office, Dr Toby Gillman
Sharing Your Data
Information about your health and care helps the NHS to improve your individual care, speed up diagnosis, plan your local services and research new treatments.
NHS Digital has a legal responsibility to collect data about NHS and social care services.
The NHS can’t analyse all information on its own, so we safely and securely share some with researchers, analysts and organisations who are experts in making sense of complex information. We only share what’s needed for each piece of research, and wherever possible, information is removed so that you can’t be identified.
You can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care.
Managing Your Data Choice
From 25 May 2018 you can choose to stop your confidential patient information being used for purposes other than your own care and treatment. This choice is known as a national data opt-out. If you choose to opt out, NHS Digital will apply your opt-out from 25 May 2018. All other health and social care organisations are required to apply your opt-out by March 2020. Find out more about the national data opt-out.
If you have previously registered an opt-out with your GP practice to request that NHS Digital does not use your confidential patient information (other than for your individual care and treatment), this will have automatically been converted to a national data opt-out on 25 May 2018. Find out more about this conversion.