Data Protection

In order to provide the right level of care, we are required to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.

Confidentiality and Personal Information

Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record if properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.

All information about you is held securely and appropriate safe guards are in place to prevent accidentals loss.

In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.

To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not, leave messages with others.

You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.

General Data Protection Regulations (GDPR)

What is GDPR?

The EU General Data Protection Regulation (GDPR) applies to all EU member states and will come into force on 25th May 2018. The GDPR is to be read in conjunction with the Data Protection Bill published in September 2017. The overall aim of the GDPR is to protect individuals from data and privacy breaches in an environment that is driven by technological advances.

The GDPR is based on the 1980 ‘Protection of Privacy and Transborder Flows or Personal Data Guidelines’ which outlined the following eight principles:

  1. Collection limitation
  2. Security safeguards
  3. Data quality
  4. Openness
  5. Purpose specification
  6. Individual Participation
  7. Use limitation
  8. Accountability

The GDPR requires practices to process data ‘fairly’ and in a ‘transparent manner’ which is ‘easily accessible and easy to understand’. This means that practices must provide information to patients about how the practice processes patient data in the form of ‘Practice Privacy Notices PPN)’.