Practice Policies & Patient Information
Access to Notes
Accessing your medical records
You have the right to confidentiality under the Data Protection Act 1998 (DPA), the Human Rights Act 1998 and the common law duty of confidence (the Disability Discrimination and the Race Relations Acts may also apply). You also have the right to view or ask for a copy of all records we hold about you.
Your request must be made in writing and addressed to the Business Manager. There may be a charge involved. We will normally provide a response within 21 days of any fee being paid. You will need to give adequate information (for example full name, address, date of birth NHS number etc.,). It may also be helpful if you could explain the reason for your request (so we can help you identify relevant information). You will be required to provide id with your request and before any information is released to you. You can appeal to the Business Manager if the GP decides not to disclose your information. If you think any information we hold about you is inaccurate or incorrect, please let us know as soon as possible.
You can also now view a summary of your medical records – currently medications, immunisations, allergies and any adverse reactions – online for free.
We plan to offer the facility for patients to view online, export or print detailed coded information held in their own records from 1 April 2016, subject to the necessary NHS GP systems and software being available to the practice. For more details, please click here.
Requirements
The service is currently available for all patients aged 18 and over.
Even if you have already signed up to our online appointment and prescription service, you will still need to fill in a short form, available at Reception before you can access your medical record.
You can also download the PDF form here or the RTF (Rich Text Format) form here.
You will need to bring in proof of your ID. Please ask at Reception for further details or for more information please see our Patient Information leaflet.
Things to consider before accessing your medical records
Forgotten History
There may be something you have forgotten about in your record that you might find upsetting.
Choosing to share your information with someone
It’s up to you whether or not you share your information with others – perhaps family members or carers. It’s your choice, but also your responsibility to keep the information safe and secure.
Coercion
If you think you may be pressured into revealing details from your patient record to someone else against your will, it is best that you do not register for access at this time.
Misunderstood Information
Your medical record it designed to be used by clinical professionals to ensure that you receive the best possible care. Some of the information within your medical record may be highly technical, written by specialists and not easily understood. If you require further clarification, please contact us for a clearer explanation.
Information about someone else
If you spot something in your record that is not about you or notice any other errors, please log out of the system immediately and contact us as soon as possible.
Average GP Earnings
NHS England require that the net earnings of doctors engaged in the practice are publicised, and the required disclosure is shown above. However, it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time the doctors spend working in the practice and should not be used to form any judgement about GP earnings, nor to make comparisons with other practices.
The average pay for GPs working in the Grove House Partnership in the last financial year was £50,268 before tax and national insurance. This is for eight full time GPs, four part time GP’s and three locums who worked in the practice for more than 6 months.
Care Data
Information about you and the care you receive is shared, in a secure system, by healthcare staff to support your treatment and care.
It is important that we, the NHS, can use this information to plan and improve services for all patients. We would like to link information from all the different places where you receive care, such as your GP, hospital and community service, to help us provide a full picture. This will allow us to compare the care you received in one area against the care you received in another, so we can see what has worked best.
Information such as your postcode and NHS number, but not your name, will be used to link your records in a secure system, so your identity is protected. Information which does not reveal your identity can then be used by others, such as researchers and those planning health services, to make sure we provide the best care possible for everyone.
You have a choice. If you are happy for your information to be used in this way you do not have to do anything. If you have any concerns or wish to prevent this from happening, please speak to practice staff or download the opt out form below, complete it and return it to the practice.
We need to make sure that you know this is happening and the choices you have.
How information about you helps us to provide better care
Care Data – Frequently Asked Questions
Please note that this information sharing is different from Summary Care Records and Medical Research Data Collection either of which you may have already opted out from. If you have opted out of Summary Care Records and/or Medical Research Data Collection then you will not automatically be opted out of Care Data.
You can find out more on the NHS England Care Data website.
Children’s Privacy Notice
A privacy notice helps your Doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your Healthcare record whenever you come to see us. It also tells you how we make sure your information is kept safe. The United Kingdom General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018 are active laws that make sure that your information is looked after. Everybody has to follow these laws including your Doctors and this means that your Doctor’s Surgery has to make sure that your information is kept safe. UK-GDPR is a document that helps your doctor’s surgery keep information about you secure. This law makes sure that your doctor, nurse and all other staff at the practice follow the rules and keep your information safe. We are here to provide care and treatment to you as our patients. In order to do this, the GP practice keeps information about you such as your name, address, your birthday, telephone numbers, the reason you are coming to see us, the name of the person who will generally bring you to your appointments, the reason that you are coming to see us, any information you or your family gives us, test results, X-rays and any other information to enable us to care for you. Our main purpose at Grove House Practice is to deliver quality healthcare to adults and children. We collect the information we need to care for you in the best way. We ask for your address so that we know where we can contact you, we ask for your date of birth as your age may be important to your care and each time you come to see us we will write down things that you tell us, things that we tell you and any medicines or treatment we give you so that way we can look back at what we have done for you to make sure we are treating you in the best way. We keep the information we collect electronically and on paper. All of this information together is called your Health Record and anyone involved in caring for you at the Practice can see what has been collected. This way we can all make the right decisions about your care with all of the information you have given us. Everyone working in our practice understands that they need to keep your information safe; this is called keeping your information confidential or protecting your privacy. They have training every year to remind them of this, we tell them that they are only allowed to look at your information if they are involved in your care or to help us run our practice and they understand that they must keep any information safe especially the information that identifies you. This might be your name or address and anything you come to see us about. We are not allowed to give any of this type of information to anyone who shouldn’t see it. This includes talking to them about it. We may share the information we record about you with others involved in your care. We routinely share information with school nurses, but not directly with school unless it is important for them to know. We might need to share this information with other medical teams, such as hospitals, if you need to been seen by a special doctor or sent for an X-ray. Your parents/guardians should get a copy of any letters we send to your doctor about your care. Some of you may decide that you do not want information being shared with your parents/guardians, we would advise you speak to a member of our team if you have any questions about this. If you have a social worker, we will share it with them too. That way they are kept up to date on what we are doing for you. We may have to share information with the police, the courts and other organisations and people who may have a legal right to see your information. If you tell us something that makes us worried about your safety or the safety of someone else you know, we might have to share this with other people outside of the practice – even if you don’t want us to. This is part of our job to keep you and others safe. Sometimes our surgery might be asked to take part in medical research that might help you in the future. We will always ask you or your parent(s) or adult with parental responsibility if we can share your information if this happens. All of our patients, no matter what their age, can say that they don’t want to share their information. If you have any concerns about this please speak to a member of the practice team. We will keep a copy of your information in our Practice for as long as you are registered with our Practice and if you leave the Practice, we will ensure that a copy of any information we hold about you is passed on to your new GP so they can continue with your care. Your record status will be marked as “inactive” in our clinical system. The practice has to follow the Records Management Code of practice 2021 which is a document that tells them how long they have to keep records for. Once the records have been kept for the time needed they will be safely deleted / destroyed. You have the following rights over your data we hold: To ask for a copy of to the information we have about you or to let us know if your information isn’t right please speak with the practice staff. A member of our staff/receptionist will be happy to talk to you about any questions you may have and we will do our best to help you. The Surgery has a person called a Data Protection Officer (DPO) who deals with all queries about patient information. Our receptionist may put you in touch with this person who will listen to your concerns and give you the advice you need. Our DPO is called MMDA Informatics service and they can be contacted at – IG@sthk.nhs.uk. We will always do our best to look after your information and to answer questions you might have. You can call the practice or discuss on a visit or you can contact us using the following information:
If you are still not happy with something we have done with your information you can speak to our DPO. If our DPO has not been able to help you or if you prefer not to speak to our DPO then you have a right to pass your complaint to an organisation called the Information Commissioner’s Office (ICO) who will look into what has gone wrong. You can contact them by calling 0303 123 1133 or go online to www.ico.org.uk/concerns.Protecting Your Data
Introduction
What is a privacy notice?
Why do we need one?
What is UK-GDPR?
What we do?
Why do we collect information?
What do we do with it and how do we keep it safe?
Who do we share it with?
Don’t want to share?
How long do we keep your information for?
What are your rights over your personal data?
What if I have a question?
What if I have a complaint about how you look after my information?
Write to us at: Grove House Practice, St Pauls Health Centre, High Street, Runcorn, WA7 1AB.
Communication
The practice produces a quarterly newsletter for patients, available from reception or click here to download the newsletter. We also use the notice boards in the waiting room to let patients know of any relevant news. In addition, we are aiming to develop the practice web-site during 2007.
We set up a patient group in February 2006 so that patients can be more directly involved in the future of this practice.
Click here to view the minutes from the patient group meetings.
Complaints, compliments and comments
We want to provide you with the best possible primary health care and we know there is always room for improvement. Please take the time to tell us when we get things right and when you think we could do better.
Often, our staff can deal with any concerns face-to-face, but if you wish to make a formal complaint, please put it in writing, either by filling in one of the forms available from reception or by writing direct to the business manager.
If you have a suggestion on how the practice can better meet your needs, please tell us. Again, you can fill in a form available at reception – or alternatively, just ask to speak to one of the team-leaders or the business manager.
Confidentiality
The NHS advises patients to provide information about their medical history to ensure patients receive proper care and treatment. This information is kept together with details of their care as it may be required if they are seen again. The NHS may use some of this information for other reasons for example:
- to help improve the health of the public generally
- to see that the NHS runs efficiently
- to plan for the future
- to train NHS staff
- to pay bills
- to carry out medical and other health research for the benefit of everyone
Everyone working for the NHS has a legal duty to keep information about patients confidential.
Sometimes the law requires the NHS to pass on information: for example, to notify a birth. The NHS Central Register for England and Wales contains basic personal details of all patients registered with a general practitioner. The register does not contain clinical information.
Patients may receive care and treatment from other organisations as well as the NHS. In these circumstances it may be necessary to share some information about the patient so that they receive the best possible treatment.
We only ever use or pass on information about the patient if people have a genuine need for it in your and everyone’s interests. Whenever we can we shall remove details which identify the patient. The sharing of some types of very sensitive personal information is strictly controlled by law.
If the patient’s doctor is requested to report information to external agencies such as solicitors or insurance companies, he/she will only do so with the patient’s explicit consent.
Anyone who receives information from us is also under a legal duty to keep it confidential.
You have a right of access to your health records.
General Practice Privacy Notice
This privacy notice explains in detail why we use your personal data which we, the GP practice (Data Controller), collects and processes about you. A Data Controller determines how the data will be processed and used and who this data will be shared with. We are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (Registration number Z682570X ). This notice also explains how we handle that data and keep it safe. The GP Practice has a Caldicott Guardian. A Caldicott Guardian is a senior person within a health or social care organisation, preferably a health professional, who makes sure that the personal information about those who use its services is used legally, ethically and appropriately, and that confidentiality is maintained. The Caldicott Guardian for the GP practice is:
Under the UK GDPR all public bodies must nominate a Data Protection Officer. The DPO is responsible for advising on compliance, training and awareness and is the main point of contact with the Information Commissioner’s Office (ICO). The DPO for the practice is:
We will continually review and update this privacy notice to reflect changes in our services and to comply with changes in the law. When such changes occur, we will revise the last updated date as documented in the version status in the header of this document. We are here to provide care and treatment to you as our patients. In order to do this, the GP practice keeps personal demographic data about you such as your name, address, date of birth, telephone numbers, email address, NHS Number etc and your health and care information. Information is needed so we can provide you with the best possible health and care. We also use your data to: We use the following types of information / data: This contains details that identify individuals even from one data item or a combination of data items. The following are demographic data items that are considered identifiable such as name, address, NHS Number, full postcode, date of birth. Under UK GDPR, this now includes location data and online identifiers. This is personal data consisting of information as to: race, ethnic origin, political opinions, health, religious beliefs, trade union membership, sexual life and previous criminal convictions. Under UK GDPR, this now includes biometric data and genetic data. This term came from the Caldicott review undertaken in 2013 and describes personal information about identified or identifiable individuals, which should be kept private or secret. It includes personal data and special categories of data but it is adapted to include dead as well as living people and ‘confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’. Individual-level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity. When data has been pseudonymised it still retains a level of detail in the replaced data by use of a key / code or pseudonym that should allow tracking back of the data to its original state. This is data about individuals but with all identifying details removed. Data can be considered anonymised when it does not allow identification of the individuals to whom it relates, and it is not possible that any individual could be identified from the data by any further processing of that data or by processing it together with other information which is available or likely to be available. This is statistical information about multiple individuals that has been combined to show general trends or values without identifying individuals within the data. The law on data protection under the UK GDPR sets out a number of different reasons for which personal data can be processed for. The law states that we have to inform you what the legal basis is for processing personal data and also if we process special category of data such as health data what the condition is for processing. The types of processing we carry out in the GP practice and the legal bases and conditions we use to do this are outlined below: Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority. Article 9 (2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems. Direct care means a clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. This is carried out by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship with. In addition, this also covers administrative purposes which are in the patient’s reasonable expectations. To explain this, a patient has a legitimate relationship with a GP in order for them to be treated and the GP practice staff process the data in order to keep up to date records and to send referral letters etc. Other local administrative purposes include waiting list management, performance against national targets, activity monitoring, local clinical audit and production of datasets to submit for national collections. This processing covers the majority of our tasks to deliver health and care services to you. When we use the above legal basis and condition to process your data for direct care, consent under UK GDPR is not needed. However, we must still satisfy the common law duty of confidentiality and we rely on implied consent. For example, where a patient agrees to a referral from one healthcare professional to another and where the patient agrees this implies their consent. This is information which is used for non-healthcare purposes. Generally this could be for research purposes, audits, service management, safeguarding, commissioning, complaints and patient and public involvement. When your personal information is used for secondary use this should, where appropriate, be limited and de-identified so that the secondary uses process is confidential. Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority. Article 9 (2)(b) – Processing is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or the data subject in the field of …social protection law. Information is provided to care providers to ensure that adult and children’s safeguarding matters are managed appropriately. Access to personal data and health information will be shared in some limited circumstances where it’s legally required for the safety of the individuals concerned. For the purposes of safeguarding children and vulnerable adults, personal and healthcare data is disclosed under the provisions of the Children Acts 1989 and 2006 and Care Act 2014. Article 6 (1)(c) – Processing is necessary for compliance with a legal obligation. Article 9 (2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems. Section 251 NHS Act 2006. Risk stratification entails applying computer based algorithms, or calculations to identify those patients who are most at risk from certain medical conditions and who will benefit from clinical care to help prevent or better treat their condition. To identify those patients individually from the patient community would be a lengthy and time-consuming process which would by its nature potentially not identify individuals quickly and increase the time to improve care. A GP / health professional reviews this information before a decision is made. The use of personal and health data for risk stratification has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority (known as Section 251 approval). This approval allows your GP or staff within your GP Practice who are responsible for providing your care, to see information that identifies you, but CCG staff will only be able to see information in a format that does not reveal your identity. NHS England encourages GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable admissions. Knowledge of the risk profile of our population helps to commission appropriate preventative services and to promote quality improvement. Risk stratification tools use various combinations of historic information about patients, for example, age, gender, diagnoses and patterns of hospital attendance and admission and primary care data collected in GP practice systems. If you do not wish information about you to be included in our risk stratification programme, please contact the GP Practice. We can add a code to your records that will stop your information from being used for this purpose. Please see the section below regarding objections for using data for secondary uses. Article 6 (1)(c) – Processing is necessary for compliance with a legal obligation. Article 9 (2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems. Section 251 NHS Act 2006, NHS Constitution (Health and Social Care Act 2012). The GP practice contributes to national clinical audits and will send the data which are required by NHS Digital when the law allows. This may include demographic data such as data of birth and information about your health which is recorded in coded form, for example, the clinical code for diabetes or high blood pressure. Article 6 (1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority. Article 9 (2)(j) – Processing is necessary for…scientific or historical research purposes… Common law duty of confidentiality – explicit consent or if there is a legal statute for this which you will be informed of. All NHS organisations (including Health & Social Care in Northern Ireland) are expected to participate and support health and care research. The Health Research Authority and government departments in Northern Ireland, Scotland and Wales set standards for NHS organisations to make sure they protect your privacy and comply with the law when they are involved in research. Our research ethics committees review research studies to make sure that the research uses of data about you are in the public interest, and meet ethical standards. Health and care research may be exploring prevention, diagnosis or treatment of disease, which includes health and social factors in any disease area. Research may be sponsored by companies developing new medicines or medical devices, NHS organisations, universities or medical research charities. The research sponsor decides what information will be collected for the study and how it will be used. Health and care research should serve the public interest, which means that research sponsors have to demonstrate that their research serves the interests of society as a whole. They do this by following the UK Policy Framework for Health and Social Care Research. They also have to have a legal basis for any use of personally-identifiable information. When you agree to take part in a research study, the sponsor will collect the minimum personally-identifiable information needed for the purposes of the research project. Information about you will be used in the ways needed to conduct and analyse the research study. NHS organisations may keep a copy of the information collected about you. Depending on the needs of the study, the information that is passed to the research sponsor may include personal data that could identify you. You can find out more about the use of patient information for the study you are taking part in from the research team or the study sponsor. You can find out who the study sponsor is from the information you were given when you agreed to take part in the study. For some research studies, you may be asked to provide information about your health to the research team, for example in a questionnaire. Sometimes information about you will be collected for research at the same time as for your clinical care, for example when a blood test is taken. In other cases, information may be copied from your health records. Information from your health records may be linked to information from other places such as central NHS records, or information about you collected by other organisations. You will be told about this when you agree to take part in the study. Even though consent is not the legal basis for processing personal data for research, the common law duty of confidentiality is not changing, so consent is still needed for people outside the care team to access and use confidential patient information for research, unless you have support under the Health Service (Control of Patient Information Regulations) 2002 (‘section 251 support’) applying via the Confidentiality Advisory Group in England and Wales or similar arrangements elsewhere in the UK. If you are asked about taking part in research, usually someone in the care team looking after you will contact you. People in your care team may look at your health records to check whether you are suitable to take part in a research study, before asking you whether you are interested or sending you a letter on behalf of the researcher. In some hospitals and GP practices, you may have the opportunity to sign up to a register to hear about suitable research studies that you could take part in. If you agree to this, then research nurses, researchers or administrative staff authorised by the organisation may look at your health records to see if you are suitable for any research studies. It’s important for you to be aware that if you are taking part in research, or information about you is used for research, your rights to access, change or move information about you are limited. This is because researchers need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from a study, the sponsor will keep the information about you that it has already obtained. They may also keep information from research indefinitely. If you would like to find out more about why and how patient data is used in research, please visit the Understanding Patient Data website: https://understandingpatientdata.org.uk/what-you-need-know In England you can register your choice to opt out via the “Your Data Matters” webpage on the link below: https://www.nhs.uk/your-nhs-data-matters/ If you do choose to opt out you can still agree to take part in any research study you want to, without affecting your ability to opt out of other research. You can also change your choice about opting out at any time. To find out more about UK GDPR and using personal data for research, please visit the Health Research Authority website on the link below: https://www.hra.nhs.uk/hra-guidance-general-data-protection-regulation/ Article 6 (1)(a) – Explicit Consent. Article 9 (2)(h) – Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems. Common law duty of confidentiality – explicit consent. If you contact the GP Practice about a complaint, we require your explicit consent to process this complaint for you. You will be informed of how and with whom your data will be shared by us, including if you have or you are a representative you wish the GP practice to deal with on your behalf. There are also other areas of processing undertaken where consent is required from you. Under UK GDPR, consent must be freely given, specific, you must be informed and a record must be made that you have given your consent, to confirm you have understood. Article 6 (1)(a) – Explicit Consent. Article 9 (2)(a) – Explicit Consent. If you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process personal confidential data which you share with us. We obtain your consent for this purpose. Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document. This type of data may be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development and monitor NHS performance where the law allows this. Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units and research institutions. This applies to identifiable patient data about your health (personal identifiable data in the diagram below), which is called confidential patient information. If you don’t want your confidential patient information to be shared by NHS Digital for purposes except your own care – either GP data, or other data we hold, such as hospital data – you can register a National Data Opt-out. If you have registered a National Data Opt-out, NHS Digital won’t share any confidential patient information about you with other organisations unless there is an exemption to this, such as where there is a legal requirement or where it is in the public interest to do so, such as helping to manage contagious diseases like coronavirus. You can find out more about exemptions on the NHS website. From July 2022, it is a legal requirement for all health and social care CQC registered organisations to be compliant with the national data opt out. The National Data Opt-out will also apply to any confidential patient information shared by your GP practice with other organisations for purposes except your individual care. It won’t apply to this data being shared by GP practices with NHS Digital, as it is a legal requirement for GP practices to share this data with NHS Digital and the National Data Opt-out does not apply where there is a legal requirement to share data. You can find out more about and register a National Data Opt-out or change your choice on nhs.uk/your-nhs-data-matters or by calling 0300 3035678. Whenever you use a health or care service, such as attending the practice, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with: This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law. Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed. You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care. To find out more or to register your choice to opt out, please visit: www.nhs.uk/your-nhs-data-matters On this web page you will: You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and, https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made). If you do not want your identifiable patient data (personally identifiable data in the diagram above) to be shared outside of your GP practice for purposes except for your own care, you can register an opt-out with your GP practice. This is known as a Type 1 Opt-out. Type 1 Opt-outs were introduced in 2013 for data sharing from GP practices, but may be discontinued in the future as a new opt-out has since been introduced to cover the broader health and care system, called the National Data Opt-out. If this happens people who have registered a Type 1 Opt-out will be informed. More about National Data Opt-outs is in the section Who we share patient data with. NHS Digital will not collect any patient data for patients who have already registered a Type 1 Opt-out in line with current policy. If this changes patients who have registered a Type 1 Opt-out will be informed. If you do not want your patient data shared with NHS Digital, you can register a Type 1 Opt-out with your GP practice. You can register a Type 1 Opt-out at any time. You can also change your mind at any time and withdraw a Type 1 Opt-out. A start date for the Data sharing with NHS Digital will be announced. If you have already registered a Type 1 Opt-out with your GP practice your data will not be shared with NHS Digital. If you wish to register a Type 1 Opt-out with your GP practice before data sharing starts with NHS Digital, this should be done by completing the Opt Out form and returning it to your GP practice as soon as possible to allow time for processing it. If you have previously registered a Type 1 Opt-out and you would like to withdraw this, you can also use the form to do this. You can send the form by post or email to your GP practice or call 0300 3035678 for a form to be sent out to you. If you register a Type 1 Opt-out after your patient data has already been shared with NHS Digital, no more of your data will be shared with NHS Digital. NHS Digital will however still hold the patient data which was shared with us before you registered the Type 1 Opt-out. If you do not want NHS Digital to share your identifiable patient data (personally identifiable data in the diagram above) with anyone else for purposes beyond your own care, then you can also register a National Data Opt-out. There is more about National Data Opt-outs and when they apply in the National Data Opt-out section below. We will use the information in a manner that conforms to the UK General Data Protection Regulations (UK GDPR) and Data Protection Act 2018. The information you provide will be subject to rigorous measures and procedures to make sure it can’t be seen, accessed or disclosed to any inappropriate persons. We have an Information Governance Framework that explains the approach within the GP practice, our commitments and responsibilities to your privacy and cover a range of information and technology security areas. Access to your personal confidential data is password protected on secure systems and securely locked in filing cabinet when on paper. Our IT Services provider, Mid Mersey Digital alliance , regularly monitor our system for potential vulnerabilities and attacks and look to always ensure security is strengthened. All our staff have received up to date data security and protection training. They are obliged in their employment contracts to uphold confidentiality, and may face disciplinary procedures if they do not do so. We have incident reporting and management processes in place for reporting any data breaches or incidents. We learn from such events to help prevent further issues and inform patients of breaches when required. Whenever we collect or process your data, we will only keep it for as long as is necessary for the purpose it was collected. For a GP practice, we comply with the Records Management NHS Code of Practice 2021 which states that we keep records for 10 years after date of death. Following this time, the records are securely destroyed if stored on paper, and/or deleted on the electronic health record system or archived for research purposes where this applies. This will only happen following a review of the information at the end of its retention period. Where data has been identified for disposal we have the following responsibilities: As stated above, where your data is being processed for direct care this will be shared with other care providers who are providing direct care to you such as: We work with third parties and suppliers (data processors) to be able for us to provide a service to you. These include: There may be occasions whereby these organisations have potential access to your personal data, for example, if they are fixing an IT fault on the system. To protect your data, we have contracts and / or Information Sharing Agreements in place stipulating the data protection compliance they must have and re-enforce their responsibilities as a data processor to ensure you data is securely protected at all times. We will not disclose your information to any 3rd party without your consent unless: Your data is processed with the GP surgery and by other third parties as stated above who are UK based. Your personal data is not sent outside of the UK for processing. Where information sharing is required with a country outside of the EU you will be informed of this and we will have a relevant Information Sharing Agreement in place. We will not disclose any health information without an appropriate lawful principle, unless there are exceptional circumstances such as when the health or safety of others is at risk, where the law requires it, or to carry out a statutory functions i.e. reporting to external bodies to meet legal obligations. You have the following rights over your data we hold: You can request access to and or copies of personal data we hold about you, free of charge (subject to exemptions) and provided to you within 1 calendar month. We request that you provide us with adequate information in writing to process your request such as full name, address, date of birth, NHS number and details of your request and documents to verify your identity so we can process the request efficiently. On processing a request, there may be occasions when information may be withheld if the organisation believes that releasing the information to you could cause serious harm to your physical or mental health. Information may also be withheld if another person (i.e. third party) is identified in the record, and they do not want their information disclosed to you. However, if the other person was acting in their professional capacity in caring for you, in normal circumstances they could not prevent you from having access to that information. To request a copy or request access to information we hold about you and / or to request information to be corrected if it is inaccurate, please contact:
The correction of personal data when incorrect, out of date or incomplete which must be acted upon within 1 calendar month of receipt of such request. Please ensure the GP practice has the correct contact details for you. Where your explicit consent is required for any processing we do, you have the right to withdraw that consent at any time. This is not applicable to health records but is normally relied upon where consent is obtained for any processing. You have the right to have that data deleted / erased. If we obtain consent for any processing we do, you have the right to have data provided to you in a commonly used and machine readable format such as excel spreadsheet, csv file. You have the right to object to processing however please note if we can demonstrate compelling legitimate grounds which outweighs the interest of you then processing can continue. If we didn’t process any information about you and your health care if would be very difficult for us to care and treat you. This right enables individuals to suspend the processing of personal information, for example, if you want to establish its accuracy or the reason for processing it. The NHS Constitution states “You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered”. The possible consequences (i.e. lack of joined up care, delay in treatment if information has to be sourced from elsewhere, medication complications which all lead to the possibility of difficulties in providing the best level of care and treatment) will be fully explained to you to allow you to make an informed decision. If you wish to opt out of your data being processed and / or shared onwards with other organisations for purposes not related to your direct care, please contact the surgery at:
If you feel that your data has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, please contact our Data Protection Officer / Practice Manager at the following contact details:
If you are not happy with our responses and wish to take your complaint to an independent body, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1133. Or go online to www.ico.org.uk/concerns (opens in a new window, please note we can’t be responsible for the content of external websites). We hope that the Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. Should you have any questions / or would like further information, please visit the websites below and / or contact either our Caldicott Guardian / Data Protection Officer / Practice Manager at the following contact details:
Protecting Your Data
Introduction
Caldicott Guardian
patient.comments@gp-n81066.nhs.uk,
Grove House Practice, St Pauls Health Centre, High Street, Runcorn, WA7 1AB.
Data Protection Officer (DPO)
IG@sthk.nhs.uk
Jubilee Court, Academy Site, Waterside, St Helens WA9 1TT
What we do?
Definition of Data Types
Personal Data
Special categories of data (previously known as sensitive data)
Personal Confidential Data (PCD)
Pseudonymised Data or Coded Data
Anonymised Data
Aggregated Data
Our data processing activities
Provision of Direct Care and administrative purposes within the GP practice
Type of Data
Personal Data – demographics Special category of data – Health data
Source of Data
Patient and other health and care providers
Legal basis for processing personal data and Condition for processing special category of data
Common Law Duty of Confidentiality basis
Implied Consent
Purposes other than direct care (secondary use)
Safeguarding
Type of Data
Personal Data – demographics Special category of data – Health data
Source of Data
Patient and other health and care providers
Legal Basis and Condition for processing special category of data under UK GDPR
Common Law Duty of Confidentiality basis
Overriding Public Interest / children and adult safeguarding legislation
Risk Stratification
Type of Data
Personal Data – demographics Special category of data – Health data
Source of Data
GP Practice and other care providers
Legal Basis and Condition for processing special category of data under UK GDPR
National Clinical Audits
Type of Data
Personal Data – demographics Special category of data – Health data Pseudonymised Anonymised
Source of Data
GP Practice and other care providers
Legal Basis and Condition for processing special category of data under UK GDPR
Research
Type of Data
Personal Data – demographics Special category of data – health data
Source of Data
GP Practice
Legal Basis and Condition for processing special category of data under UK GDPR
How patient information may be used for research
Your choices about health and care research
Complaints
Type of Data
Personal Data – demographics Special category of data – health data
Source of Data
Data Subject, Primary Care, Secondary Care and Community Care
Legal Basis and Condition for processing special category of data under UK GDPR
Purposes requiring consent
Patient and Public Involvement
Type of Data
Personal Data – demographics
Source of Data
GP Practice
Legal Basis and Condition for processing special category of data under UK GDPR
Using anonymous or coded information
National Data Opt-out (opting out of NHS Digital sharing your data)
Opting out of NHS Digital collecting your data (Type 1 Opt-out)
How we protect your personal data
How long do we keep your personal data?
Destruction
Who we share your data with?
Where is your data processed?
What are your rights over your personal data?
Subject Access Rights
PATCHS online administration request: grovehouse.co.uk,
Email: patient.comments@gp-n81066.nhs.uk,
In writing: Grove House Practice, St Pauls Health Centre, High Street, Runcorn, WA7 1AB.
Right to rectification
Right to withdraw consent
Right to Erasure (‘be forgotten’)
Right to Data Portability
Right to object to processing
Right to restriction of processing
Objections to processing for secondary purposes (other than direct care)
Email: patient.comments@gp-n81066.nhs.uk,
In writing: Grove House Practice, St Pauls Health Centre, High Street, Runcorn, WA7 1AB.
Complaints / Contacting the Regulator
Email: patient.comments@gp-n81066.nhs.uk,
In writing: Grove House Practice, St Pauls Health Centre, High Street, Runcorn, WA7 1AB.
Further Information / Contact Us
Email: patient.comments@gp-n81066.nhs.uk,
In writing: Grove House Practice, St Pauls Health Centre, High Street, Runcorn, WA7 1AB.
Patient Suggestions, Comments & Complaints
Suggestions and Comments
If you have a suggestion or comment about the Practice that you think might help us to improve our services to our patients, we’d love to hear from you. There are lots of ways you can contact us – by email, in person, by phone or in writing. Please see the full list here.
Compliments
Like most organisations, we really appreciate it when you take the time to let us know when we’ve done something that impresses/pleases you. We feel we often go the extra mile for our patients – but it’s good to know when that is recognised.
We’re all much more likely to give feedback when things go wrong so it’s really special when we hear from someone who just wants to compliment us. If you have a “good news” story about the Practice or want to compliment a particular member or group of staff, please let us know. Again, you can contact us in whatever way is easiest for you. You can also give feedback about Grove House Practice on the NHS Choices website.
Complaints Procedure
We always aim to provide the highest level of care for all of our patients. However, despite our best endeavours, we acknowledge that there may be occasions where we fall short of your expectations and you may feel let down by the service you have received from us. Our Practice complaints procedure outlined here is designed to make it as easy as possible for you to make a complaint and explains what you can do if you remain dissatisfied, after we respond to your complaint.
Many issues can often be resolved without having to make a formal complaint. In the first instance and where appropriate, we would ask you to consider having an informal chat with the clinician or member of staff concerned or with the Practice Business Manager. This is most often the quickest and easiest way to resolve your concern. However, if you don’t feel comfortable doing this, then please follow the procedures here.
However you wish to proceed, we hope that you will give us the opportunity to try and resolve your concerns. Not only will this give us the best chance of putting right whatever has gone wrong for you personally but it will also help us to learn from your experience and improve our service to other patients.
Rest assured that we take all complaints and comments (however raised) very seriously and we aim to resolve all issues to your satisfaction promptly and professionally.
Download a copy of our Complaints Procedure document (PDF).
Making a complaint
If you have any complaint or concern about the service that you have received from us, please let us know as soon as possible.
You can make your complaint to the Practice in a number of ways:
- Online – We have set up a dedicated online patient comments & complaints form
- In person – Please ask to speak to the Reception Supervisor, the Deputy Practice Manager or the Practice Business Manager
- By telephone – Please ask to speak to the Reception Supervisor, the Deputy Practice Manager or the Practice Business Manager
- By email – Please email the Practice Business Manager at patient.comments@gp-n81066.nhs.uk
- In writing – Please give as much information as you can and send your complaint to the Practice for the attention of the Business Manager
In addition, you can download a PDF copy of our complaint form or you can ask for a copy at Reception.
What we will do
Our complaints procedure is designed to try and ensure that we settle any complaints as quickly as possible.
If you have complained in writing, online or by email, we will normally acknowledge your complaint within 3 working days and aim to investigate and respond to your complaint as soon as is practicable. If there is any delay with the investigation, we will keep you informed of progress.
Our internal investigation will often involve a review of our information, systems and processes as well as interviews with the clinician or staff member involved.
If your complaint is about a clinical issue, we may also hold a meeting with all the Practice clinicians to discuss the issues that you raise and see what can be done differently, as necessary.
When we look into your complaint, we will aim to:
- Find out exactly what happened and why things appeared to go wrong
- Make it possible for you to discuss the problem with those concerned, if you would like to do this
- Make sure you receive an apology, where appropriate
- Identify what we can do to make sure the problem doesn’t happen again
At the end of the investigation we will formally respond to you, either verbally or in writing – as appropriate and as you request.
What can you do next?
If you need help making your complaint
If you would like help to make your complaint, you can ask the local Healthwatch Advocacy. This is a free, independent & confidential complaint advocacy service.
For more information, please view their Do you have a complaint about the NHS leaflet or call 0808 801 0389 (Mon-Fri, 9am-5pm).
Other ways to complain
Experience Nationally has shown that dealing directly with the GP Practice concerned can often help problems to be satisfactorily resolved more quickly and efficiently.
However, if you feel unable or uncomfortable dealing directly with Grove House, you can contact NHS England (as commissioners of the services we provide) who will investigate your complaint on your behalf. To contact NHS England, you can:
- Telephone: 0300 311 2233
- Email: england.contactus@nhs.net (adding ‘For the attention of the complaints manager’ in the subject line)
- Write to: NHS England, PO Box 16738, Redditch, B97 9PT
What if I am still dissatisfied?
If at the end of our internal complaints procedure you remain dissatisfied, you have the right to ask the Health Service Ombudsman to review your case.
The Ombudsman has powers set down by law and helps to resolve complaints about the NHS. This is a free service but generally only available AFTER the NHS has had a chance to sort out your complaint. If you decide to approach the Ombudsman, you should do this as soon as possible after you have exhausted the Practice procedure outlined here.
To contact the Health Service Ombudsman you can:
- Visit: www.ombudsman.org.uk
- Telephone: 0345 015 4033
- Textphone (minicom): 0300 061 4298
- Fax: 0300 061 4000
- Email: phso.enquiries@ombudsman.org.uk
- Text: “call back” with your name and mobile number to: 07624 813 005 (they will call you back)
- Write to: The Health Service Ombudsman, Millbank Tower, Millbank, London, SW1P 4QP
Practice Charter
Everyone who works at this Practice is motivated to achieve high quality health services that meet the needs of our patients.
Our charter is a statement of what you can expect from this Practice and what we feel we can expect in return from you.
You can expect that, at Grove House Practice:
- all patients will be treated equally. We do not discriminate on the grounds of gender, gender identity, race, disability, sexual orientation, religion or age
- our premises will be clean and comfortable and have facilities for the disabled
- all patients will be greeted in a friendly manner and be treated with courtesy by everyone in the practice
- strictest confidentiality will be maintained
- all clinicians and staff will be trained and qualified to an appropriate level
- patients will be offered advice about how to stay healthy and avoid illness
- new patients registering with the practice will be offered a health check
- patients will be referred to a consultant or for tests when the doctor feels this is necessary
- we will always see all patients with medically urgent problems as soon as possible (and usually on the same day)
- complaints will be dealt with by our Business Manager (who will refer complaints to the doctors where appropriate)
The NHS Constitution
The NHS Constitution outlines your Rights as a patient and can be accessed here: http://www.nhs.uk/choiceintheNHS/Rightsandpledges/NHSConstitution/Pages/Overview.aspx.
With these rights come responsibilities and for patients this means patients are asked to:
- attend their booked appointments at the arranged time
- inform the Practice as soon as possible if they no longer need or cannot attend a booked appointment
- understand that appointments are for one person only. Additional appointments will be made if more than one person needs to be seen
- take responsibility for their own health and the health of their children and should co-operate with the practice in endeavouring to keep themselves healthy
- take responsibility for their medication and always give at least 48 hours’ notice for repeat medication requests to be processed
- only request an urgent (on-the-day) appointment for those conditions that will worsen if not addressed the same day
- understand that home visits are made at the discretion of the doctor and are for housebound patients only. It is important to bear in mind that most medical problems are dealt with more effectively in the clinical setting of a well-equipped surgery
- understand that many problems can be solved by advice alone, therefore patients should not always expect a prescription at every consultation
- treat both the clinicians and staff with courtesy and respect
- respond in a positive way to questions asked by the Reception staff, in order to ensure they can offer the best service to meet your needs
- always inform the practice staff as soon as possible of any alterations in their circumstances, such as change of surname, address or telephone number, even if it is ex-directory
Summary Care Record
About the Summary Care Record
There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.
Why do I need a Summary Care Record?
Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.
This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.
Who can see it?
Only healthcare staff involved in your care can see your Summary Care Record.
Do I have to have one?
No, it is not compulsory. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the Practice. You can use the form at the foot of this page.
More Information
For further information visit the NHS Care records website or the HSCIC Website
Opt Out Form
Download a copy of the Opt Out Form.
Violent or Abusive Patients
We aim to treat all of our patients courteously at all times and expect our patients to treat all of the Practice Staff and other patients in a similarly respectful way. We take seriously any threatening, abusive or violent behaviour against any of our staff or patients. If a patient is violent or abusive they will be warned to stop their behaviour. If they persist, we may exercise our right to take action to have them removed, immediately if necessary, from our list of patients.