The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services
- To help you get other services e.g. from the social work department. This requires your consent
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Access to Records
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made in writing through the practice manager and may be subject to an administration charge with a 48 hours notice. No information will be released without the patient consent unless we are legally obliged to do so.
Subject Access Request
We will act on a subject access request without undue delay and at the latest within 28 days of receipt of request.
GDPR – General Data Protection Regulations
GPDR came into force 25 May 2015
What is General Data Protection Regulations (GDPR)
- Replaces the Data Protection Act 1998 (DPA)
- Designed to match data privacy laws accross Europe
- Redesigned the way organisations across the region approach data privacy
- Applies to ‘Data Controllers’ and ‘Data Processors’. Similar to the DPA – the controller says how and why personal data is processed
- Applies to organisations outside the EU that offer goods or services to individuals in the EU
Why is it changing from the Data Protection Act 1998
- The European Union’s General Data Protection Regulation (GDPR) represents the biggest change to global privacy laws for over 20 years.
- Many changes involving personal data have occured since the Act was first introduced. Internet and Social Media now play a major part in society. Patients can now book their GP appointments via the the internet and medical records can also be retrieved electronically – all of which were not as readily available in 1998 as they are now.
- Whilst the GPDR is still based on the same data protection principles as before, it introduces new rights for data subject.
Privacy Notice – Easy Read
This notice is about what happens to the information that Dr Walji & Colleagues collects about you whenever you come to see us. It also tells you how we make sure it is kept safe.
What do we collect?
We collect information from you such as:
- Your name
- Why you are coming to see us
- Your birthday and year you were born
- Your address
- The name of the person who will generally bring you to your appointments
- The reason you are coming to see us
- Detailed clinical information/experiences about you
- What we do to care for you
Why do we collect it?
Dr Walji & Colleagues main purpose is to deliver healthcare to the community. We collect the data we need to care for you in the best way. We ask for your address so that we know where we can contact you. We ask for your date of birth as your age may be important to your care.
Each time you come to see us we will write records things electronically that you tell us, things that we tell you and any medicines or exercises we give you. That way, we can look back at what we have done for you to make sure we are treating you in the best way.
What do we do with it?
We keep the information we collect electronically and on paper. All of this information together is called your Health Record and will be held on secure system.
Anyone involved in in caring for you at the Practice can see what has been collected. This way we can all make the right decisions about your care with all the information you have given us.
Who we share it with
We will share the information we record about you where it is clinically appropriate and will benefit your care and treatment. That way key people involved in your care is kept up to date on what we are doing for you.
If you tell us something that makes us worried about your safety or the safety of someone else you know, we might have to share this with other people outside of the practice – even if you don’t want us to. This is part of our job to keep you and others safe.
We teach future doctors and nurses
Students sometimes spend time with us at the Practice. This is so that we can teach them how to look after patients and their families. They are also told how to keep information we collect safe.
Checking we are doing our best
All Practices are checked by organisations to make sure they are treating and caring for patients and families in the best way they can. They also ensure that we are keeping records safe and secure.
Am I able to see the information you collect from me?
Yes! You can request this directly from the Practice. We will check you are who you say are so that we are not sharing your information with anyone who shouldn’t see it.
If I think some of my Information is wrong can I do something about it?
Yes! You can contact any member of the Practice who will speak to our Data Protection Officer. We may need to contact you further to discuss this.
If i’m unhappy with the way you’ve used some of my information can I do anything?
Yes! Let us know if your still unhappy you can contact the Information Governance Office.
We hope this notice tells you what you need to know about the information we collect about you..
Caldicott Guardian and Data Protection Officer
The Caldicott Guardian and Data Protection Officer for the Practice are responsible for ensuring information about you is processed in a confidential, legal and appropriate manner.