Confidentiality, Data Protection & GDPR
We respect your right to privacy and keep all your health information confidential and secure. It is important that the NHS keeps accurate and up-to-date records about your health and treatment so that those treating you can give you the best possible advice and care. This information is only available to those involved in your care and you should never be asked for personal medical information by anyone not involved in your care.
You have a right to know what information we hold about you. If you would like to see your records or require a copy, please view our Access to Medical Records policy (click the link below) and complete the appropriate form.
Freedom Of Information - Publication Scheme
The Freedom of Information Act 2000 obliges the practice to produce a Publication Scheme. A Publication Scheme is a guide to the ‘classes’ of information the practice intends to routinely make available.
From 25th May 2018 the law is changing with the addition of the General Data Protection Regulation (GDPR). This regulation will have an impact on how we handle your data. Further information can be found on www.eugdpr.org.uk or in the following privacy notices:
Privacy Notice - Risk Stratification
Privacy Notice - NHS Digital
Privacy Notice - Summary Care Record
Privacy Notice - Direct Care
Privacy Notice - Payments
Privacy Notice - Safeguarding
Privacy Notice - Research
Privacy Notice - Employees
GDPR - Subject Access Request
Data Protection Policy
GDPR Privacy Impact Assessment
Fair Processing & Privacy Notice Guidance
EMIS moving to Amazon Warehousing system for data storage
A data processor acting on our behalf, EMIS Health, is changing certain technical aspects of the way in which it delivers services to us, and as part of this transition it will be moving the data which it hosts on our behalf from its own data centre to a third party data centre, which is owned and operated by Amazon Web Services (AWS).
Delivery of the services is subject to the terms of the GP Systems of Choice Framework (GPSOC) which is managed by NHS Digital on behalf of the Secretary of State for Health.
The exercise will involve a change to the manner in which data is being processed on our behalf. Although this change does not introduce processing that is likely to result in a high risk to individuals (which would necessitate the undertaking of a DPIA), given that the data includes special category data we nevertheless feel that it is appropriate that we undertake a review.
As detailed above, the data (which includes special category data (i.e. health data) which is collected via the processor’s clinical IT system and which forms the patient’s medical record) will be stored in a third party data centre (which will act on the instructions of EMIS Health, who in turn will act in accordance with instructions received from (or on behalf of) ourselves as the relevant controller pursuant to our call off contract under the GPSOC framework or as otherwise documented).
Aside from the manner in which the data is being hosted, we have not identified, as part of this change, any material change to the manner in which the data is being processed (in terms of data sharing and/or use).
The scope of the data processing is as detailed in the relevant GP Systems of Choice contract (and related call off contract (and deed of undertaking)) or as otherwise agreed in writing between EMIS Health and ourselves.
As noted above, aside from the hosting element the manner in which the data is being used or otherwise processed will not materially change as a result of this change.