We are a GP practice working in the Betsi Cadwaladr Health Board. We serve a practice population of 6800 people across 2 site and employ a number of staff which include General Practitioners, Practice Nurses, Health Care Assistants and administration staff.
What is a privacy notice?
This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.
Why issue a privacy notice?
Bodreinallt Surgery recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to our values and being transparent and open.
This notice also explains what rights you have to control how we use your information.
What are we governed by?
The key pieces of legislation/guidance are:
- General Data Protection Regulations
- Human Rights Act 1998 (Article 8)
- Access to Health Records Act 1990
- Freedom of Information Act 2000
- Health & Social Care Act 2012, 2015
- Public Records Act 1958
- Copyright Design and Patents Act 1988
- The Re-use of Public Sector Information Regulations 2015
- The Environmental Information Regulations 2004
- Computer Misuse Act 1990
- The Common Law Duty of Confidentiality
- Information Security Management – NHS Code of Practice
Who are we governed by?
- Department of Health
- Information Commissioners Office
- Health Inspectorate Wales
- NHS Wales
- General Medical Council (GMC)
Why and how we collect information
Information which can be accessed, where there is a need, includes:
- personal information, such as name, date of birth, gender;
- hospital admission, attendances and referral dates;
- vaccinations and immunisations;
- test results, including measurements such as blood pressure;
- diagnoses (current and post problems);
- treatment and medical procedures.
How we use information
- To help inform decisions that we make about your care
- To ensure your treatment is safe and effective
- To work effectively with other organisations who may be involved in your care
- To support the health of the general public
- To ensure our services can meet future needs
- To review care provided to ensure it is of the highest standard possible
- To train healthcare professionals
- For research and audit
- To prepare statistics on performance
- To monitor how we spend public money
There is a huge potential to use your information to deliver care and improve health and care services across the NHS and social care. The information can be used to help:
- Improve individual care
- Understand more about disease risks and causes
- Improve diagnosis
- Develop new services
- Improve patient safety
- Evaluation of policy/procedures/pathways
It helps because
- Accurate and up to date information assists us in providing you with the best possible care
- If you see another healthcare professional, specialist from another part of the NHS, they can readily access the information they need to provide you with the best care possible.
- Where possible, when using information to inform future services and provision, non-identifiable information will be used.
What information will be blocked from viewing?
No information will routinely be blocked from viewing unless you specifically ask for information to be hidden. For example, it may be possible to hide particularly sensitive information such as sexually transmitted diseases, termination of pregnancy, etc. from certain individuals. If you have any questions, please discuss this initially with your Practice Manager.
How will my information be kept secure and confidential?
Your GP medical record is stored on a secure computer system and access to it is strictly controlled. All of the practices within the cluster, and the local health board, will have signed an agreement to confirm that they will follow the strict controls in place around the computer system itself, and around any staff who are allowed to access the system. Everyone working within the cluster has a legal, contractual and professional duty to keep information about you secure and confidential.
Can I find out who has viewed my medical record?
Every time your electronic GP medical record is accessed an Audit log is created. These Audit logs are retained so if you are concerned that someone has inappropriately accessed your record, please discuss this initially with the Practice Manager.
Is there a danger someone else could hack into my record or that my information could be lost?
Contracts are in place with the supplier of the clinical computer systems to ensure that they have robust security measures installed. These measures will prevent any information from being accessed without permission, lost or accessed inappropriately by a third party.
Your right to withdraw consent
You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving care.
Contacting us about your information
Each practice has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Calidicott Guardian. You can contact the Calidcott Guardian Dr Elisabeth Bowen at Bodreinallt Surgery.
Your NHS number, keep it safe
Every person registered with the NHS in England and Wales has their own unique NHS number. It is made up of 10 digits for example 123 456 7890.
Your NHS number is used by healthcare staff to identify you correctly. It is an important step towards improving the safety of your healthcare. To improve safety and accuracy always check your NHS number on correspondence the NHS sends to you.
If you don’t know your NHS number, ask at the Practice. You may be asked for proof of identify for example a passport of other form of identity. This is to protect your privacy.
For further information
If you would like additional information you can discuss the sharing of your medical records with the Practice Manager, Assistant Practice Manager, GP or any other member of the healthcare team.
Data Protection Officer details
Name of the ‘Data Protection Officer as a Service’ - NHS Wales Informatics Service (NWIS), Information Governance, Data Protection Officer Support Service
Address - 4th Floor, Tŷ Glan-yr-Afon, 21 Cowbridge Road East, Cardiff CF11 9AD
Contact via - firstname.lastname@example.org