Privacy Notice - How We Use Your Information
This practice keeps medical records confidential and complies with the General Data Protection Regulation.
We hold your medical record so that we can provide you with safe care and treatment.
We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
- We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
- This practice is a member of the East Devon Health federation of GP practices and works collaboratively with other member practices for the purpose of delivering the best possible healthcare to patients in east Devon. To enable us to optimise the available resources with your needs you may be referred to other member health partners for treatment and will be given access to your health record to facilitate this treatment. You have the right to opt out if you do not wish your data to be shared under this arrangement. For more information on how we share your information with other GP practices and any other organisation who are directly involved in your care, please ask to speak to either Dr Tania Davis who is our Caldicott Guardian Lead, or Mrs Deborah Mitchell our Practice Manager who would be pleased to discuss any concerns and share our arrangements and Information Sharing documents with you.
- Healthcare staff working in Accident and Emergency and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see the NHS Digital website or alternatively speak to your practice.
- You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.
Other important information about how your information is used to provide you with healthcare
Registering for NHS care
- All patients who receive NHS care are registered on a national database.
- This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.
- The database is held by NHS Digital a national organization which has legal responsibilities to collect NHS data.
- More information can be found on the NHS Digital website the phone number for general enquires at 0300 303 5678
Identifying patients who might be at risk of certain diseases
- Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
- This means we can offer patients additional care or support as early as possible.
- This process will involve linking information from your GP record with information from other health or social care services you have used.
- Information which identifies you will only be seen by this practice.
- For more speak to the practice.
- Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
- These circumstances are rare.
- We do not need your consent or agreement to do this.
- Please see our local policies for more information.
Not a patient but perhaps a relative, friend, next of kin or otherwise have an involvement with a patient?
It is possible that we also hold information on you as part of someone else’s record. The nature of the information held about you will depend on the circumstances that the information was collected for. For instance if you have been named as patient Next of Kin we will hold your name and a means of contacting you such as a phone number or address.
Under Data Protection law you will be entitled to receive a copy of this information unless there is good reason not to provide it.
Child Health Information Service
Purpose – South, Central and West Child Health Information Services (SCW CHIS) is commissioned by NHS England to support the monitoring of care delivered to children. Personal data is collected from the child’s GP record to enable health screening, physical examination and vaccination services to be monitored to ensure that every child has access to all relevant health interventions.
Legal Basis – Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Processor – SCW, Apollo Medical Software Solutions, System C
Population Health Analytics
As well as using your information to support the delivery of care to you, your data may be used to help improve the way health and social care is delivered to patients and service users throughout Devon using Population Health Management methods. We will only use a pseudonomised extract (ie not identifiable information) which will be sent securely to Devon ICB and in partnership with Optum, who have been appointed to provide technical assistance to Devon ICB, use the information to support the Devon Integrated Care System to improve short term and medium-term health outcomes for local populations. Please note that at no time will patient identifiable data be used in the delivery of this programme. Patients who have a National Data Opt Out, will be excluded from this programme and will not have their data extracted for this purpose.
Further information about Population Health Management can be found on the NHS England website. We will rely on Public interest task as the legal basis for processing your data for this purpose.
Recording of Telephone Calls
The surgery records all telephone calls to protect patients and staff and other health workers. Patients are protected by our having a record of our conversations with you, staff and other health workers are protected from potential abuse. All calls to and from the surgery are recorded. We also occasionally use recordings for staff training and quality control.
AccuRx – Patient Communication for Healthcare Professionals
AccuRx are an NHS Digital approved supplier generally and are also NHS Digital approved specifically as a video consultation supplier. They have Data Security and Protection Toolkit assurance (ODS code: 8JT17) and Cyber Essentials Plus certification.
AccuRx are used to facilitate text messaging and video consultations –– your name and mobile telephone number are shared for purposes of arranging video consultations, sending appointment reminder messages, links to specific healthcare advice and recall requests.
AccuBook is used specifically and only for booking Covid-19 Vaccination appointments.
Away from my Desk
The practice has 2 licences for Away From My Desk which allows senior employees to connect to their work computer remotely from their personal device in order to work from home. The practice ensures staff have completed Information Governance, Data Security and Data Protection training and follow strict protocols. There are full audit trails regarding usage.
Away from my Desk has achieved the Cyber Essentials scheme credentials and complies with the strict NHS Guidelines originally set out in the IG Toolkit.
The practice may use trained volunteers (ie doctors, nurses, students not employed by the practice etc ) to help with the administering of the Covid and Flu Vaccines and the data input into medical records of the Covid and Flu vaccines.
Devon Wide Research Feasibility Group
The practice, along with several others across Devon works with the National Institute for Health Research South West Peninsula (NIHR SWP) to deliver and offer Clinical Trials and Research Studies to the registered population.
In addition to offering Trials and Studies, the Practice works with the NIHR SWP to carry out feasibility reports. This enables the NIHR SWP to report on behalf of the practices, the population across Devon (where practice’s have opted in), to determine whether it is feasible for a study to open, or be considered for the local region (Devon, Cornwall and Somerset). The feasibility group does not extract or access patient identifiable data and staff who undertake this work are bound by Confidentiality: NHS Code of Practice, General Data Protection Regulations 2018 and Good Clinical Practice (training for the delivery of research).
Patients who wish for their data to be excluded from the “top level” feasibility reports should request that the practice records an opt out on their record.
Thrive Tribe have been commissioned by Devon ICB to provide help support the delivery of SMI Annual Physical Health Checks by increasing capacity within Primary Care.
The aim of the Service is to identify and invite eligible patients who have been diagnosed with a severe mental illness (SMI) to attend their annual physical health check.
In order to facilitate this, Thrive Tribe will need access to GP systems to be able to access the information needed to identify and contact eligible patients via phone, text, letter or email. Therefore, without access to this data, we will not be able to offer this service to GP Practices. A Data Sharing Agreement and DPIA is in place.
Care Home Project
The Care Homes Frailty team are contracted by WEB PCN to deliver the requirements of the Enhanced Health in Care Homes element of the Contract Network Direct Enhanced Service (DES) for all WEB PCN practices.
The project supports care home residents in receiving enhanced care and provides health and wellbeing reviews, individual care planning and specialist support by a multi-disciplinary team.
OTs and care co-ordinators will have read/write access to the clinical system. They will be expected only to access the records of the patients referred to them directly or added to their appointment clinic by the practice staff. A Data Sharing Agreement and DPIA is in place.
Summary Care Record (SCR)
NHS England have implemented the SCR which contains information about you; including your name, address, data of birth, NHS number, medication you are taking and any bad reactions to medication that you have had in the past. This information is automatically extracted from your records and uploaded onto a central system.
Many patients who are seen outside of their GP Practice are understandably not able to provide a full account of their care or may not be in a position to do so. The SCR means patients do not have to repeat their medical history at every care setting and the healthcare professional they are seeing is able to access their SCR. The SCR can only be viewed within the NHS on NHS smartcard-controlled screens or by organisations, such as pharmacies, contracted to the NHS.
As well as this basic record, additional information will also be added to include further information. You can find out more about the SCR on the NHS Digital website
We share your record using GP Connect to make sure that, whether you are visiting the practice, attending hospital, or being seen in the community or at home by a care professional, everyone knows the care you need and how you want to be treated. Your electronic health record is available to local providers who are involved in your care. This includes the sharing of, personal contact details, diagnosis, medications, allergies and test results. Your records will be treated with the strictest confidence and can only be viewed if you use their service.
Please note that if you have previously dissented (opted-out) to sharing your records, this decision will be upheld.
Should you wish to opt-out of, please speak to [Insert Contact Details/Employee role] who will be able to update your personal preferences. Please note that by opting out of this sharing, other health professionals may not be able to see important medical information, which may impact on the care you receive.
Devon and Cornwall Care Record
Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive. This shared system is called the Devon and Cornwall Care Record.
It’s important that anyone treating you has access to your shared record so they have all the information they need to care for you. This applies to your routine appointments and also in urgent situations such as going to A&E, calling 111 or going to an out-of-hours appointment.
It’s also quicker for staff to access a shared record than to try to contact other staff by phone or email.
Only authorised staff can access the Devon and Cornwall Care Record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data – just data that services have agreed is necessary to include.
The objective is to improve the efficiency of social prescribing, an initiative designed to improve the mental health and wellbeing of patients by connecting them to non-medical interventions such as exercise groups and activities.
Patients referred to the Social Prescribing Service will also be provided with information regarding the use of Joy App.
We are required by law to provide you with the following information about how we handle your information
|Data Controller contact details
Budleigh Salterton Medical Centre
Dr Tania Davis is the Caldicott Lead
|Data Protection Officer contact details
|Purpose of the processing
|Lawful basis for processing
These purposes are supported under the following sections of the GDPR:
Article 6(1)(f)”…necessary for the purpose of legitimate interest…”
Article 9(2)(b) “…necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law…” (specifically the safeguarding of children and vulnerable adults)
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
|Recipient or categories of recipients of the processed data
The data will be shared with:
|Rights to object
|Right to access and correct
|GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found on the NHS England website
|Right to complain
Please let us know if you are unhappy with how we have used your personal information. You can contact us at Budleigh Salterton Medical Centre, 1 The Lawn, Budleigh Salterton, Devon, EX9 6LS or via our secure online form
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link or call the helpline 0303 123 1113
|Data we get from other organisations
|We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.
|Processing of data for the purpose of Public Protection
|The practice may provide information to and receive information from other agencies for the purpose of protecting the public from individuals who may pose a risk (eg MAPPA). The practice may process this information either as a public task function or because it has a legal duty to do so. Further information including the other agencies involved in the data sharing can be found here
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.