What is a privacy notice?
We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way and we review this regularly.
Please read this Privacy Notice (‘Privacy Notice’) carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.
A privacy notice is a statement that discloses some or all of the ways in which the practice gathers, uses, discloses and manages a patient’s data. It fulfils a legal requirement to protect a patient’s privacy.
Why do we need one?
We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store and hold about you. If you are unclear about how we process or use your personal and healthcare information, or you have any questions about this Privacy Notice or any other issue regarding your personal and healthcare information, then please do contact our Data Protection Officer (details below).
The Law says:
- We must let you know why we collect personal and healthcare information about you;
- We must let you know how we use any personal and/or healthcare information we hold on you;
- We need to inform you in respect of what we do with it;
- We need to tell you about who we share it with or pass it on to and why; and
- We need to let you know how long we can keep it for.
Why do we collect information about you?
Health care professionals, who provide you with care, are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help us to provide you with the best possible healthcare and to protect your safety.
We collect and hold data for providing healthcare services to our patients and to ensure compliance which includes monitoring the quality of care that we provide. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form.
We, at Brunel Medical Centre (‘the Surgery’) situated at Kingston Lane, Uxbridge, UB8 3PH are a Data Controller of your information. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient.
There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.
What is the GDPR?
The GDPR is the EU’s General Data Protection Regulation- effective form 25th May 2018-bringing a number of changes affecting how organisations store data. The GDPR and the Data Protection Act 2018 replace the provisions of the Data Protection Act 1998 and continue in place after the UK exit from the EU. The GPDR is designed to strengthen and unify data protection for all individuals within the EU. One of the key changes under GDPR is an explicit accountability principle. Only necessary, minimum, personal data, required for each specific purpose, should be collected, processed and stored.
The GDPR sets out the legal requirements for how organisations must handle the process personal data-
- Processed Fairly, Lawfully with Transparency
- Collected for Specified, Explicit and Legitimate Purposes
- Adequate, Relevant and Minimum Necessary
- Accurate and where Necessary UP TO DATE
- Kept for No Longer than Necessary
- Appropriate security
- It can only be retained for as long as necessary
- NOT TRANSFERRED outside EEA without adequate Protection
What GDPR will mean for patients?
You have the rights to
- To be informed how your Personal data is used
- Access to your own data
- You can ask to have incorrect information corrected
- Restrict how your data is used
- Move your data form one health organisation to another
- Right to object your personal information being processed (in certain circumstances)
How do we communicate our privacy notice?
At Brunel Medical Centre the practice privacy notice is displayed on our website, through signage in the waiting room, and in writing during patient registration (by means of this leaflet). We will:
- Inform patients how their data will be used and for what purpose
- Allow patients to opt out of sharing their data, should they so wish
What information do we collect about you?
We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, your contact details, age, gender, ethnicity etc. and any other relevant information to enable us to deliver effective medical care.
Information about you from others like letters from hospital, a consultant or any other health and social care professionals, allied health care professionals and any other person that may be involved with your general health care.
How do we use your information?
Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.
In order to comply with its legal obligations, this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Act 2012. Additionally this practice contributes to National Clinical Audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data such as date of birth, and information about your health which is recorded in Coded form for e.g. the clinical code for Diabetes or High Blood Pressure.
Processing your information in this way and obtaining consent ensures that we comply with the Articles 6(1) (c) 6(1)(e) and 9(2)(h) of the GDPR