Privacy Notice
Our Duties
As part of our legal duties, this practice is required to;
– Maintain full and accurate records of the care and services we provide you
– Keep records about you confidential and secure
Your Information
The practice aims to provide you with safe, high quality care that is based on accurate, up to date information.
This information allows us to work others involved in your care and this may involve sharing information with other health and social care organisations.
Information Includes:
– Basic details such as address, date of birth and next of kin
– Contact we have had with you
– Notes and reports about your health
– Details and records about your treatment and care
Others may also need to use records about you to:
– Check the quality of care you are receiving
– Protect the health of the general public
– Keep track of NHS spending
– Help investigate any concerns or complaints you ask us to
– Teach students or staff
– Support health and social care research
Sometimes we share your information with third parties to support your care such as:
– Hospitals
– Social care
– Community Health
– Clinical Commissioning Groups
– Mental Health Providers
– NHS Digital
When we are sharing information to support third parties in providing your care, we will work hard to ensure it is the minimum necessary and that it is done so securely and lawfully. We aim to ensure that we only use your personal information in a way that you would reasonably expect.
When we share information that is used for healthcare management or planning, this does not allow for you to be identified.
Sometimes we will be required to share information for other reasons;
– When required to by law
– We have special permission for health or research purposes (e.g. if you have agreed to take part in a research trial)
– There is a strong public interest (e.g. there is a risk of serious harm or crime)
Objections
You can choose not to have information that could identify you shared beyond your GP practice. You can also choose to prevent information that does not identify you from being shared for planning and research.
Simply contact your GP either to register an opt-out or end an opt-out you have already registered and they will update your medical record. Your GP practice will also be able to confirm whether or not you have registered an opt-out in the past.
If you have previously told your GP practice that you don’t want NHS Digital to share your personal confidential information for purposes other than your own care and treatment, your opt-out will have been implemented by NHS Digital from 29th April 2016 as instructed in a direction from the Secretary of State. It will remain in place unless you change it.
As the Secretary of State’s direction; this included the policy on how to apply opt-outs was not available before April 2016 it was not possible for NHS Digital to honour opt-outs made before this date. This means that information may have been shared without respecting these opt-outs between January 2014 and April 2016.
You can find more information on NHS Digital’s website:
– See how NHS Digital uses your information.
– Read about how NHS Digital handles your information and your choices.
Your Rights
Under Data Protection law, you have a right to;
– object to certain uses of your data
– to be provided with a copy information held about you
– that your information will not be used for direct marketing purposes
– have any incorrect information amended or erased
Please contact your surgery for any requests made in connection with these rights.
For a copy of your information;
– Your request must be made in writing to your surgery
– The surgery is required to respond to your request in writing within 40 days (a month from May 2018)
– You will need to give the surgery your full name, address, date of birth and NHS number
– You will be required to provide personal identification such as a driving licence or passport
Use of the Website
Generally, our website will not require you to enter personal information. When it does, for example; online appointment booking, we will apply the same confidentiality principles as those described above.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
Data Security
We intend to protect the confidentiality, quality and integrity of your personal information and we have implemented appropriate technical and organisational measures to do so. These include staff training, up to date policies and procedures and working to align with national cyber security guidelines.
Privacy Notice – Research
Why We Participate in Research
Our practice occasionally takes part in health research studies. We only agree to participate in research that has a clear purpose and is likely to benefit patients and healthcare services.
How Your Data May Be Used
Researchers usually do not contact patients directly. Instead, they may ask us to reach out to suitable patients and request their consent.
If researchers need to use identifiable information (such as your name or NHS number), this will only happen:
– With your explicit consent, or
– If the law permits it, such as under the Health Service (Control of Patient Information) Regulations 2002 (“section 251 support”), approved by the Confidentiality Advisory Group.
We may also share anonymous or aggregated data that cannot identify you.
Who We May Share Data With
With your consent—or where legally permitted—we may share information with approved research organisations, including:
The National Institute for Health and Care Research (“NIHR”)
OpenSAFELY
NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.
Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.
Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.
Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
Here you can find additional information about OpenSAFELY.
Your Rights and Choices
You can say no: You do not have to take part in research. You can withdraw your consent at any time.
National Data Opt-out: You can opt out of having your data used for certain research and planning. Learn more at nhs.uk/your-nhs-data-matters
Access and correction: You have the right to view any identifiable data we share and request corrections if needed.
Legal Basis for Using Your Data
We only use or share your data when legally justified.
This may include:
– Consent:
– Article 6(1)(a) – Consent for processing personal data
– Article 9(2)(a) – Explicit consent for special category data
– Public interest or research purposes:
– Article 6(1)(e) – Task in the public interest
– Article 9(2)(j) – Scientific research under Article 89(1)
– Article 9(2)(h) – Health or social care provision
We always follow safeguards required under UK GDPR Article 89(1), including data minimisation and pseudonymisation.
Data Retention
Your data will be retained only for the duration specified in the relevant research protocol.
Contact Details
Data Controller: Crown Street Surgery, 2 Lombard Court, Crown Street, Acton, London, W3 8SA
Data Protection Officer: Dr Ernest Norman-Williams nhsnwl.icb-dpo-corporate@nhs.net
Complaints
If you have concerns about how your data is used, you can contact the Information Commissioner’s Office (ICO):
Make a complaint online https://ico.org.uk/make-a-complaint/data-protection-complaints/
Call: 0303 123 1113
As part of our legal duties, this practice is required to;
– Maintain full and accurate records of the care and services we provide you
– Keep records about you confidential and secure
Your Information
The practice aims to provide you with safe, high quality care that is based on accurate, up to date information.
This information allows us to work others involved in your care and this may involve sharing information with other health and social care organisations.
Information Includes:
– Basic details such as address, date of birth and next of kin
– Contact we have had with you
– Notes and reports about your health
– Details and records about your treatment and care
Others may also need to use records about you to:
– Check the quality of care you are receiving
– Protect the health of the general public
– Keep track of NHS spending
– Help investigate any concerns or complaints you ask us to
– Teach students or staff
– Support health and social care research
Sometimes we share your information with third parties to support your care such as:
– Hospitals
– Social care
– Community Health
– Clinical Commissioning Groups
– Mental Health Providers
– NHS Digital
When we are sharing information to support third parties in providing your care, we will work hard to ensure it is the minimum necessary and that it is done so securely and lawfully. We aim to ensure that we only use your personal information in a way that you would reasonably expect.
When we share information that is used for healthcare management or planning, this does not allow for you to be identified.
Sometimes we will be required to share information for other reasons;
– When required to by law
– We have special permission for health or research purposes (e.g. if you have agreed to take part in a research trial)
– There is a strong public interest (e.g. there is a risk of serious harm or crime)
Objections
You can choose not to have information that could identify you shared beyond your GP practice. You can also choose to prevent information that does not identify you from being shared for planning and research.
Simply contact your GP either to register an opt-out or end an opt-out you have already registered and they will update your medical record. Your GP practice will also be able to confirm whether or not you have registered an opt-out in the past.
If you have previously told your GP practice that you don’t want NHS Digital to share your personal confidential information for purposes other than your own care and treatment, your opt-out will have been implemented by NHS Digital from 29th April 2016 as instructed in a direction from the Secretary of State. It will remain in place unless you change it.
As the Secretary of State’s direction; this included the policy on how to apply opt-outs was not available before April 2016 it was not possible for NHS Digital to honour opt-outs made before this date. This means that information may have been shared without respecting these opt-outs between January 2014 and April 2016.
You can find more information on NHS Digital’s website:
– See how NHS Digital uses your information.
– Read about how NHS Digital handles your information and your choices.
Your Rights
Under Data Protection law, you have a right to;
– object to certain uses of your data
– to be provided with a copy information held about you
– that your information will not be used for direct marketing purposes
– have any incorrect information amended or erased
Please contact your surgery for any requests made in connection with these rights.
For a copy of your information;
– Your request must be made in writing to your surgery
– The surgery is required to respond to your request in writing within 40 days (a month from May 2018)
– You will need to give the surgery your full name, address, date of birth and NHS number
– You will be required to provide personal identification such as a driving licence or passport
Use of the Website
Generally, our website will not require you to enter personal information. When it does, for example; online appointment booking, we will apply the same confidentiality principles as those described above.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
Data Security
We intend to protect the confidentiality, quality and integrity of your personal information and we have implemented appropriate technical and organisational measures to do so. These include staff training, up to date policies and procedures and working to align with national cyber security guidelines.
Privacy Notice – Research
Why We Participate in Research
Our practice occasionally takes part in health research studies. We only agree to participate in research that has a clear purpose and is likely to benefit patients and healthcare services.
How Your Data May Be Used
Researchers usually do not contact patients directly. Instead, they may ask us to reach out to suitable patients and request their consent.
If researchers need to use identifiable information (such as your name or NHS number), this will only happen:
– With your explicit consent, or
– If the law permits it, such as under the Health Service (Control of Patient Information) Regulations 2002 (“section 251 support”), approved by the Confidentiality Advisory Group.
We may also share anonymous or aggregated data that cannot identify you.
Who We May Share Data With
With your consent—or where legally permitted—we may share information with approved research organisations, including:
The National Institute for Health and Care Research (“NIHR”)
OpenSAFELY
NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.
Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.
Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.
Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
Here you can find additional information about OpenSAFELY.
Your Rights and Choices
You can say no: You do not have to take part in research. You can withdraw your consent at any time.
National Data Opt-out: You can opt out of having your data used for certain research and planning. Learn more at nhs.uk/your-nhs-data-matters
Access and correction: You have the right to view any identifiable data we share and request corrections if needed.
Legal Basis for Using Your Data
We only use or share your data when legally justified.
This may include:
– Consent:
– Article 6(1)(a) – Consent for processing personal data
– Article 9(2)(a) – Explicit consent for special category data
– Public interest or research purposes:
– Article 6(1)(e) – Task in the public interest
– Article 9(2)(j) – Scientific research under Article 89(1)
– Article 9(2)(h) – Health or social care provision
We always follow safeguards required under UK GDPR Article 89(1), including data minimisation and pseudonymisation.
Data Retention
Your data will be retained only for the duration specified in the relevant research protocol.
Contact Details
Data Controller: Crown Street Surgery, 2 Lombard Court, Crown Street, Acton, London, W3 8SA
Data Protection Officer: Dr Ernest Norman-Williams nhsnwl.icb-dpo-corporate@nhs.net
Complaints
If you have concerns about how your data is used, you can contact the Information Commissioner’s Office (ICO):
Make a complaint online https://ico.org.uk/make-a-complaint/data-protection-complaints/
Call: 0303 123 1113