At Westlands, This Is How Weuse Your Information to Provide You with Healthcare

At Westlands, this is how weuse your information to provide you with healthcare

This practice keeps medical records confidential and complies with the General Data Protection Regulation.

We hold your medical record so that we can provide you with safe care and treatment.

We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.

• We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.

• For more information on how we share your information with organisations who are directly involved in your care can be found in the additional privacy statements.
• Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see: alternatively speak to your practice.

• You have the right to object to information being shared for your own care, by completing an opt-out form. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.

Other important information about how your information is used to provide you with healthcare

Registering for NHS care

• All patients who receive NHS care are registered on a national database.

• This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.

• The database is held by NHS Digital and NHS Business Shared Business Services Organisation, these are national organisation that have a legal responsibilities to collect NHS data.

• More information can be found at: [Link to relevant website] or the phone number for general enquires at : 303 5678 and 0161 212 3701

Identifying patients who might be at risk of certain diseases

• Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.

• This means we can offer patients additional care or support as early as possible.

• This process will involve linking information from your GP record with information from other health or social care services you have used.

• Information which identifies you will only be seen by this practice.

• More information can be found at: speak to the practice.

Safeguarding

• Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.

• These circumstances are rare.

• We do not need your consent or agreement to do this, however you will be informed at an appropriate time that that this has taken place

• Please speak to the Practice if you require any further information

We are required by law to provide you with the following information about how we handle your information.

Data Controller contact details / Westlands Medical Centre, 20b Westlands Grove, Portchester, Fareham PO16 9AD Tel: 02392 317514
Data Protection Officer contact details / To be allocated when NHS Training has been provided and successfully completed
Purpose of the processing /

• To give direct health or social care to individual patients.

• For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.

• To check and review the quality of care. (This is called audit and clinical governance).

Lawful basis for processing / These purposes are supported under the following sections of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
Recipient or categories of recipients of the processed data / The data will be shared with:

• healthcare professionals and staff in this practice;
• local hospitals;
• out of hours services;
• diagnostic and treatment centres;
• or other organisations involved in the provision of direct care to individual patients.

If you require further information please ask the Practice
Please see appendix details of other organisations we may share your data with
Rights to object /

• You have the right to object to information being shared between those who are providing you with direct care.

• This may affect the care you receive – please speak to the practice.

• You are not able to object to your name, address and other demographic information being sent to NHS Digital.

• This is necessary if you wish to be registered to receive NHS care.

• Youare not able to object when information is legitimately shared for safeguarding reasons.

• In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.

• The information will be shared with the local safeguarding service –please see appendix A

Right to access and correct /

• You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or complete a ‘subject access request’

• We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Retention period / GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at:
or speak to the practice.
Right to complain / You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link call the helpline 0303 123 1113
Data we get from other organisations / We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.

At Westlands we may need to share your data with other organisations to help meet the needs of your healthcare. This is a list of such organisations.

Who we share your information with and why

Activity / Rationale
Clinical Commissioning Group / Purpose –the clinical commissioning group at times extracts information about your care, but the information they extract via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify (it is pseudonymised). We will never give the CCG access to any system or information that would enable them to identify you.
The Clinical Commissioning Group requires this pseudonymised information for the following purposes:

• For management and monitoring of the GP Practice core contract
• For management and monitoring of the GP Practice enhanced services
• For assurance of compliance with these contracts
• For assurance of the effective spending of public funding
• To conform with delegated responsibilities from NHS England
• To fulfil the CCGs role in ensuring services commissioned meet patient population need and are being delivered in accordance with commissioning intentions

Legal Basis – non identifiable data only
Data Processor – Fareham & Gosport & SE Hants CCG
Individual Funding Requests – The CSU / Purpose –We may need to share your information with the IFR team for the funding of treatment that is not normally covered in the standard contract
Legal Basis –The clinical professional who first identifies that you may need the treatment will explain to you the information that is needed to be collected and processed in order to assess your needs and commission your care; they will gain your explicit consent to share this.
Data processor– We ask NHS South, Central and West Commissioning Support Unit (CSU) to do this on our behalf.
Summary Care Records / Purpose – limited Personal identifiable data is shared with the Summary Care Record to help with emergency doctors and nurses help you when you contact them when the surgery is closed.
Legal Basis – This is for your direct care and in an emergency – you can opt out of your record being shared
Data Processor – Central NHS database
Hampshire Health Record (HHR) / Purpose – is a local combined electronic health record. It brings together information in your health records from different parts of the NHS to assist with your direct care – you may opt out of having your information shared on this system.
Legal Basis – This service is for your direct care
Data Processor – Local NHS organisation
Other GP practices within the GP Extended Access Access Service / Purpose - We will enable other GP’s and staff in other GP practices to have access to your medical record to allow you to receive acute medical care within that service.
Legal Basis – this service is for your direct care and is fully consented, permission to share your medical record will be gained prior to an appointment being made in the service and again once you are in the consultation.
Data processor – Westlands Medical Centre
Pharmacists from the CCG / Purpose – to provide monitoring and advice in line with the national directive for prescribing. Anonymous data is collected by the CCG.
Legal Basis – direct care
Data Processor –Fareham & Gosport & SE Hants CCG
Purpose – to provide monitoring and advice in line with the national & CCG directive for prescribing.
Legal Basis – direct care
Data Processor –Westlands Medical Centre
Continuing Healthcare / Purpose – We may need to share your identifiable information where you have asked for an assessment for Continuing Healthcare funding (a package of care for those with complex medical needs) and you need to have a particular care package commissioned for you.
Legal Basis - The clinical professional who first sees you to discuss your needs will explain to you the information that they need to collect and process in order for your needs to be assessed and commission your care; they will gain your explicit consent to share this.
Data Processor –Service provider to undertake assessments and commission your care.
MASH – Multi Agency Safeguarding Board - Safeguarding Children
Safeguarding Adults / Purpose – We share information with health and social care authorities for safeguarding issues
Legal Basis - Because of public Interest issues, e.g. to protect the safety and welfare of Safeguarding we will rely on a statutory basis rather than consent to share information for this use.
Data Processor –Multi Agency Safeguarding Authorities.
Risk Stratification / Purpose –Risk stratification is a process for identifying and managing patients who are at high risk of emergency hospital admission.
Risk stratification tools use various combinations of historic information about patients, for example, age, gender, diagnoses and patterns of hospital attendance and admission and primary care data collected from GP practice record systems.
GPs will be able to identify which of their patients are at risk in order to offer a preventative service to them.
Legal Basis - Risk stratification has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority
NHS England encourages GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable hospital admissions and to promote quality improvement in GP practices.
Data Processors – NHS South, Central and West Commissioning Support Unit (CSU)to assist us with providing Risk Stratification tools.
Data Processing activities for Risk Stratification – The GP practice instructs its GP IT system supplier to provide primary care data identifiable by your NHS Number.
Opting Out - If you do not wish information about you to be included in our risk stratification programme, please contact the GP Practice. They can add a code to your records that will stop your information from being used for this purpose. Further information about risk stratification is available from:
Quality monitoring, concerns and serious incidents / Purpose – We need to ensure that the health services you receive are safe, effective and of excellent quality. Sometimes concerns are raised about the care provided or an incident has happened that we need to investigate. You may not have made a complaint to us directly but the health care professional looking after you may decide that we need to know in order to help make improvements.
Legal Basis – The health care professional raising the concern or reporting the incident should make every attempt to talk to you about this and gain your consent to share information about you with us. Sometimes they can do this without telling us who you are. We have a statutory duty under the Health and Social Care Act 2012, Part 1, Section 26, in securing continuous improvement in the quality of services provided.
Data processor – We share your information with health care professionals that may include details of the care you have received and any concerns about that care. In order to look into these concerns we may need to talk to other organisations such as Fareham & Gosport and SE Hants CG as well as other Public bodies and Government agencies such as NHS Improvement, the Care Quality Commission, NHS England as well as the Providers of your care.
For example - Quasar Reporting Tool
Commissioning, planning, contract monitoring and evaluation / Purpose – We share aggregated, anonymous, patient data about services we have provided.
Legal Basis - Our legal basis for collecting and processing information for this purpose is statutory. We set our reporting requirements as part of our contracts with NHS service providers and do not ask them to give us identifiable data about you.
If patient level data was required for clarity and extensive evaluation of a service, consent will be gained for the surgery to share this information.
Data Processor – Various organisations, CCG, third party organisations commissioned by the NHS to perform actuarial services, NHS England
eConsult – online consultation
National Registries / National Registries (such as the Learning Disabilities Register) have statutory permission under Section 251 of the NHS Act 2006, to collect and hold service user identifiable information without the need to seek informed consent from each individual service user.
Surveys and asking for your feedback / Sometimes we may offer you the opportunity to take part in a survey that the practice is running. We will not generally ask you to give us any personal confidential information as part of any survey.
Legal Basis – you are under no obligation to take part and where you do, we consider your participation as consent to hold and use the responses you give us.
Data Processor – Survey Monkey
Research / Purpose -To support research oriented proposals and activities in our commissioning system
Legal Basis - Your consent will be obtained by the organisation holding your records before identifiable information about you is disclosed for any research. If this is not possible then the organisation wishing to use your information will need to seek formal approval from The Independent Group Advising on the Release of Data (IGARD)
Data Processor
Other organisations who provide support services for us / Purpose -The Practice may use the services of additional organisations (other than those listed above), who will provide additional expertise to support the Practice.
Legal Basis - We have entered into contracts with other organisations to provide some services for us or on our behalf.
Data Processor– Westlands Medical Centre
Shred it – Provide confidential waste destruction services