GDPR Statement (from May 2018)
Your data, privacy and the Law - How we use your medical records
This practice handles medical records according to the laws on data protection and confidentiality.
- We share medical records with health professionals who are involved in providing you with care and treatment. This is on a need to know basis and event by event.
- Some of your data is automatically copied to the Shared Care Summary Record as part of National Arrangements for shared / out of hours care.
- We share some of your data with the Berkshire East out of hours / urgent or emergency care service and the PMCF GP out of hours routine appointments service.
- Data about you is used to manage national screening campaigns such as Flu, Cervical cytology and Diabetes prevention.
- Data about you, usually de-identified, is used to manage the NHS and make payments.
- We share information when the law requires us to do, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable people.
- Your data is used to check the quality of care provided by the NHS.
- We may also share anonymised medical records for medical research – identifiable data is NOT shared without prior consent.
Further Information Regarding Third party processors
In order to deliver the best possible service, the practice will share data (where required) with other NHS bodies such as other GP practices and hospitals. In addition the practice will use carefully selected third party service providers. When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by third parties includes:
- Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services etc.
- Delivery services (for example if we were to arrange for delivery of any medicines to you).
- Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).
Further details regarding specific third party processors can be supplied on request.
- If you wish to opt-out of local or national summary record sharing or risk stratification measures please contact the practice to discuss this.
For more information regarding specific areas please see below:
GDPR Patient Information
Detailed information regarding specific areas:
GDPR Direct Care and Referrals
GDPR Direct Care (Emergencies)
GDPR Summary Care Record
GDPR Risk Stratification
GDPR Public Health
GDPR NHS Digital
GDPR National Screening Programs