GDPR and Privacy
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a regulation in EU law on Data protection and privacy for all individuals within the EU. It also addresses the export of personal data outside the EU.
The GDPR aims primarily to give control to citizens and residents over their personal data. It should be read alongside the forthcoming UK Data Protection Act 2018 (DPA 2018). The GDPR and the DPA 2018 will replace the existing Data Protection Act 1998.
Havergal Surgery Privacy Notice
Link to GPES data for pandemic planning and research (COVID-19) - Click Here
National Data Opt-Out Compliance
How the NHS and care services use your information
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice. If you are happy for your information to be used in this way you do not have to do anything. If you do not want your personally identifiable patient data to be shared outside of your GP practice for purposes except your own care, you can register an opt-out with your GP practice. This is known as a Type 1 Opt-out. You can do this by clicking the link. This page will consists of the following:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
Type 1 Opt-outs may be discontinued in the future. If this happens then they may be turned into a National Data Opt-out. Your GP practice will tell you if this is going to happen and if you need to do anything. More information about the National Data Opt-out is here: https://www.nhs.uk/your-nhs-data-matters/
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until June 2022 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Havergal Surgery is compliant with the national data opt-out policy.
National Data Opt-Out Compliance
What is this?
The NDOP is basically the national replacement for the “type 2” opt-out i.e. when the patient wishes to opt out of use of their data for anything except direct care.
Information at NHS Digital which does not reveal your identity can then also be used by others, such as researchers and those planning health services, to make sure we provide the best care possible for everyone.
You have a choice. If you are happy for your information to be used in this way you do not have to do anything. If you have any concerns or wish to prevent this from happening, please check https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/ for further information on how to make your choice. GP practices are no longer able to manage this type of opt-out.
For more information on either type of opt-out check https://www.nhs.uk/using-the-nhs/about-the-nhs/opt-out-of-sharing-your-health-records/