General Data Protection Regulations (GDPR)
GDPR is a new piece of legislation which will update the Data Protection Act we are used to from Friday 25th May 2018. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access requests within 1 month
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What is "Patient data"?
Patient data is any information which relates to an individual, such as their diagnosis, name, age, past medical history etc.
What is "consent"?
Consent is permission from a patient - an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the GDPR Regulations.
The following notice reminds you of your rights in respect of the above legislation and how The Clays Practice will use your information for lawful purposes in order to deliver your care and the effective management of the local NHS system.
This notice reflects how we use information for:
- The management of patient records;
- Communication concerning your clinical, social and supported care;
- Ensuring the quality of your care and the best clinical outcomes are achieved through clinical audit and retrospective review;
- Participation in health and social care research; and
- The management and clinical planning of services to ensure that appropriate care is in place.
Data Controller
As your registered GP practice, we are the data controller for any personal data that we hold about you.
The Clays Practice Privacy Notice:
GDPR - Privacy Notice
What Does GDPR Mean for Patients:
GDPR poster - What it will mean for patients
Data Protection Policy:
Access to Health Records form:
Patient Form - Access to Health Records
Further information:
ICO guide to the general data protection regulation (gdpr)
At The Clays Practice we take the issue of patient confidentiality extremely seriously and it is the bed-rock of everything that we do. However there are circumstances where sharing patient data helpful and leads to safer care. We are talking about personal information being shared for the purpose of delivering care to you, the patient.
At all times you would have the right to opt-out of data sharing, and you can control which external organisations can access your medical record.
There are three main areas with regard to sharing patient information:
1.Summary Care Record
Summary Care Records (SCR) are a national electronic record of important patient information, created from GP medical records. They can be seen and used by authorised staff in other areas of the health and care system involved in the patient’s direct care.
Access to SCR information means that care in other settings is safer, reducing the risk of prescribing errors. It also helps avoid delays to urgent care.
At a minimum, the SCR holds important information about:
- current medication
- allergies and details of any previous bad reactions to medicines
- the name, address, date of birth and NHS number of the patient
If you wish to opt-out of having a Summary Care Record please complete this form: SCR Opt Out
The patient can also choose to include additional information in the SCR, such as details of long-term conditions, significant medical history, or specific communications needs. For further information please download this leaflet
Benefits of using additional information in SCR
When a patient consents to including additional information in their SCR, the GP can add it simply by changing the consent status on the clinical system. This means more information will be available to health and care staff viewing the SCR. It will then be automatically updated when the GP record is updated.
This is a quick, cost-effective way to:
- improve the flow of information across the health and care system
- increase safety and efficiency
- improve care
- respond to particular challenges such as winter pressures
It’s particularly useful for people with complex or long term conditions, or patients reaching end of life.
2.Sharing data with other SystmOne services
We use the SystmOne clinical system, and we now have the opportunity to share patient data with other relevant services to improve the care you receive.
If you don’t want your medical record to ever be shared with any service who is providing care to you, you can ask the practice to opt you out of sharing. We will be automatically turning the sharing function on for all patients unless we hear from you. But this does not mean that your record is automatically shared. Each time an external service wants to access your record they will ask for your consent. So for example, if you are being seen by a GP at the Urgent Treatment Centre, they will ask you if you give your consent for them to access your record. You can say no at this point.
The services that could potentially access your record include:
- District Nursing
- Health Visiting
- Community Matrons
- Urgent Treatment Centre
- Therapy and Community Rehab teams
- Continence service
- Chronic Fatigue Service
- Community Cardiac, Dermatology, MSK, Neurology, Oncology, Podiatry, Vasectomy and Anti-coagulation services
- Pulmonary Rehab service
- Dietetics
- Intermediate Care
- Looked After Children’s team
- School Nursing
- Tissue Viability service
- Speech and Language services (Adult and Child)
- Minor Injuries Units
- Community Stroke services
These services will only access your record if you are being treated by them, and if you give your consent when they ask.
3.Sharing within the Primary Care Network
We are now working closely with three other practices (Brannel Surgery, Probus Surgery & Roseland Surgeries) to develop services that serve the needs of all our patients.
This does not mean we have any plans to merge. We intend to continue operating as an independent practice, albeit with close links with these three other practices.
Medical Reports
Our practice has decided to outsource our medical reporting to MediData, who will process your medical report using their system, eMR.
What is eMR/MediData?
MediData is a NHS Digital accredited company who have developed a digital system called eMR, which enables GP practices to create digital, GDPR compliant medical reports.
eMR helps GP Surgeries with data security, speed, and efficiency.
eMR also helps you to easily see your medical data, stay in control of it and decide who you want to share it with.
MediData has worked hard to develop their NHS GP IT Futures accredited technology, eMR, which interfaces with our GP practice’s system to extract your medical record. This means you can receive a full copy of that information securely and share it with others as you wish, keeping your data safe.
If you wish to speak to a member of the MediData team regarding your medical report, or any concerns you may have regarding your data, please contact MediData directly on:
Phone - 0333 3055 774
Email - connect@medi2data.com
LiveChat - to access this, go to https://www.medi2data.com/ and select the speech bubble in the bottom right-hand corner of the page