Eastgate Surgery
Eastgate House
28-34 Church Street
Dunstable, Bedfordshire
LU5 4RU

Call: 01582 957 599

Privacy Notice

Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.

Download our Data Protection Privacy Notice EG

Data Protection Privacy Notice: Eastgate Surgery

Our contact details

Name: Eastgate Surgery

Address: Eastgate House, 28-34 Church Street, Dunstable, Bedfordshire, LU5 4RU.

Phone Number: 01582 957599

E-mail: eastgatesurgery@nhs.net

Website: www.eastgatesurgery.co.uk

Date of privacy notice completion: 01st December 2022

Introduction:

Eastgate Surgery is committed to protecting and respecting privacy and confidentiality. This Privacy Notice informs you about what happens to any personal data that you give to us, or any information that we may collect from you or about you from other organisations.

This Privacy Notice applies to personal information processed by or on behalf of Eastgate Surgery.

For the purposes of this document, Eastgate Surgery is the ‘data controller’. This means that we decide how your personal data is processed and for what purposes.

For more information concerning data matters, please contact the Management Team on:

eastgatesurgery@nhs.net.

This Notice explains

1. What information we collect

2. How we use this information

3. How we lawfully use your data

4. How we store your personal information

5. How long records are retained

6. Your data protection rights

7. Risk stratification

8. Patient communication

9. How to make a complaint

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018) became law in the United Kingdom (UK) on 25th May 2018.

The GDPR is a single EU-wide regulation on the protection of confidential and sensitive (special) information.

The DPA 2018 deals with elements of UK law that differ from the European Regulation. Both Acts came into force in the UK on the 25th of May 2018, repealing the previous Data Protection Act (1998).

For the purpose of applicable data protection legislation (including but not limited to) the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), and the Data Protection Act 2018, the practice responsible for your personal data is Eastgate Surgery.

What information we collect

We currently collect and process the following information:

• ‘Personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified from the data. This includes but is not limited to: name, date of birth, address, postcode, telephone numbers, next of kin and NHS number.

And

• Special category/ ‘sensitive data’ such as medical history which includes details of appointments and contact with you, medication, emergency appointments and admissions, clinical notes, treatments, results of investigations, next of kin, supportive care arrangements, social care status, race, ethnic origin, genetics, gender/ gender identity, and sexual orientation.

To ensure you receive the best possible care, your records are consistently used to facilitate the care you receive.

Information held about you may be used to help protect the health of the public and to help us manage the NHS.

Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.

How we use this information

The NHS professionals who provide you with care retain records about your health and any treatment or care you have received previously, this could be from another NHS Trust, GP Surgery, Walk-in clinic, etc. Such records enable the NHS to provide you with the highest standards of healthcare.

We process your personal information about you in several ways, these include:

Primary uses- we process sensitive information pertaining to your health to enable our NHS staff who are directly involved in your care to provide you with the best possible healthcare. This can be when you, a patient, need to speak to or contact other doctors, consultants, nurses or any other medical/healthcare professional or organisation during the course of a diagnosis, treatment, or on-going healthcare.

Personal information concerning your health or social care is also made available to other provider organisations to enable them to make well- informed decisions about you when you utilise their services.

Secondary uses- the practice also process your personal information for purposes beyond direct care in the following ways:

• Reviewing the care we provide through clinical audit

• Investigating your queries, complaints, and any legal claims.

• Ensuring we receive payment for the healthcare you receive.

• Preparing and provide statistics on NHS performance.

• Auditing NHS accounts and services.

• Undertaking health research, and development (with your explicit consent, you have the right to choose whether you partake in this research)

• For business intelligence and analytical services to enable us to predict future trends and plan our services.

• Training and educating our healthcare professionals (with your explicit consent, and you have the right choose whether to be involved).

How we lawfully use your data

Eastgate Surgery will be what is known as the ‘Controller’ of your personal data.

The practice needs to know your personal, sensitive, and confidential data in order to provide you with healthcare services as a General Practice (GP). Under the General Data Protection Regulation, we will be lawfully using your information in accordance with:

• Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”

• Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems

We will never pass on your personal information to anyone else who does not need it or has no right.

Legal justification for collecting and using your information:

The law says we need a legal basis to handle your personal and healthcare information.

• Contract: We have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public.

• Consent: Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs.

• Necessary care: Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent.

• Law: Sometimes the law obliges us to provide your information to an organisation (see above).

Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us.

How we store your personal information

The NHS health records we maintain can come in electronic form, on paper or a mixture of both. The surgery uses a combination of working practices and technology to ensure that your information is kept highly confidential and secure.

The practice ensures that the information we store is kept in secure locations. Access is restricted to authorised personnel only.

We protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it).

How long records are retained

All records are retained and destroyed in accordance with the Records Management Code of Practice for Health and Social Care 2021.

The Practice does not keep patient records for longer than necessary and all records are destroyed confidentially once their retention period has been met, and the Practice has made the decision that the records are no longer required.

We keep a record of retention schedules within our information asset registers, in line with the Records Management Code of Practice for Health and Social Care 2021.

Your data protection rights

Where information from which you can be identified is held, you have the:

• The right to be informed

• Right of access to view or request copies of the record

• The right to erasure (not an absolute right), which only applies in certain circumstances

• Right to rectification of inaccurate personal data or special categories of personal data

• Right to restriction of the processing of your data where accuracy of the data is contested, processing is unlawful or where we no longer need the data for the purposes of the processing

• Right not to be subject to any automated individual decision-making

• Right to data portability by requesting the data which you provided to us (not data generated by us) in a structured, commonly used machine-readable format. Your right to portability shall apply only where:

  • data is processed by automated means, and
  • you provided consent to the processing or,
  • the processing is necessary for the fulfilment of a contract.

Risk stratification

Risk stratification data tools are being used in the NHS to help determine a person’s risk of suffering from a certain condition, preventing an unplanned or (re)admission to hospital, and identifying a need for preventive intervention.

Information about you is collected from a variety of sources, including NHS Trusts and from Eastgate Surgery. A risk score is then determined from an analysis of your de-identified information and is only provided back to your GP as data controller in an identifiable form. Risk stratification helps your GP to focus on preventing ill health, not just the treatment of sickness. If necessary, your GP may be able to offer you additional services.

You have the right to opt out of your data being used in this way.

Patient communication

Eastgate Surgery will use your name and contact details to inform you of NHS services, provide information about your health, or information about the management of the NHS service.

There may be occasions where authorised research facilities would like you to partake in research (should you have a specific condition) to try to improve health outcomes. Contact details may be utilised by the practice to ensure you receive further information about such research opportunities.

How to make a complaint

Should you have any concerns about how your information is managed at the practice, please contact the GP Practice Manager or the Data Protection Officer as above. If you are still unhappy following a review by the GP practice, you have a right to lodge a complaint with a supervisory authority:

Information Commissioner:

Wycliffe house
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 01625 545745

If you are happy for your data to be extracted and used for the purposes described in this policy, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact the Practice Data Protection Officer.

If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer as below.

Data Protection Officer:

The Practice Data Protection Officer is Paul Couldrey of PCIG Consulting Limited. Any queries regarding Data Protection issues should be addressed to him at:

Email:

Couldrey@me.com

Postal:

PCIG Consulting Limited
7 Westacre Drive
Quarry Bank
Dudley
West Midlands
DY5 2EE

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Date published: 18th October, 2014
Date last updated: 10th December, 2024