How we use your information to provide you with healthcare
- This practice keeps medical records confidential and complies with the General Data Protection Regulation:
- Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”
- Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care system.
- West Heath Primary Care Centre is the “Data Controller” of the information we hold for our patients
- Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.
- The Practice Data Protection Officer for West Heath Primary Care Centre is Umar Sabat from SDS MyHealthcare. He can be contacted on email@example.com
- If you have any queries regarding data protection, please address them to the Practice.
- We hold your medical record so that we can provide you with safe care and treatment.
- We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
- We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
- (NEW) The Practice uses a system called EMIS Web to manage clinical information about your care and health. This system is provided by a company called EMIS Health LTD who act as a data processor on behalf of the Practice. EMIS Health LTD also uses a sub-processor which is Amazon Web Services (sub processor) who act under written instruction from EMIS Health LTD to store the data. Under no circumstances is it technically possible for Amazon Web Services to access any information about you. Should you have any concerns or queries please do not hesitate to contact the Practice.
- Healthcare staff working in A&E, inpatients, outpatients, and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions and what medications you take. This will involve the use of:
- Summary Care Record (SCR) the national record sharing programme across England. For more information see: https://digital.nhs.uk/summary-care-records
- Your Care Connected (YCC) our local data sharing programme across Brimingham, Sandwell, and Solihull. For more information see: https://midlandsyourcareconnected.nhs.uk
- You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.
“How the NHS and care services use your information
West Heath Primary Care Centre is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation ‘is / is not currently’ compliant with the national data opt-out policy. “
Other important information about how your information is used to provide you with healthcare
Registering for NHS care
- All patients who receive NHS care are registered on a national database.
- This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.
- The database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.
- More information can be found at: https://digital.nhs.uk/ or phone general enquires at NHS Digital 0300 303 5678
Identifying patients who might be at risk of certain diseases
Health Risk Screening or Risk Stratification is a process that helps your GP to determine whether you are at risk of an unplanned admission or deterioration in health. By using selected information such as age, gender, NHS number, diagnosis, existing long term condition(s), medication history, patterns of hospital attendances, admissions and periods of access to community care your GP will be able to judge if you are likely to need more support and care from time to time, or if the right services are in place to support the local population’s needs.
To summarise Risk Stratification is used in the NHS to:
- Help decide if a patient is at a greater risk of suffering from a particular condition;
- Prevent an emergency admission;
- Identify if a patient needs medical help to prevent a health condition from getting worse; and/or
- Review and amend provision of current health and social care services.
Your GP will use computer based algorithms or calculations to identify their registered patients who are at most risk, with support from the local Commissioning Support Unit and/or a third party accredited Risk Stratification provider. The risk stratification contracts are in accordance with the current Section 251 Agreement. Neither the CSU nor your local CCG will at any time have access to your personal or confidential data. They will only act on behalf of your GP to organise the risk stratification service with appropriate contractual technical and security measures in place.
- Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
- These circumstances are rare.
- We do not need your consent or agreement to do this.
- Please contact the Practice if you require any further information.
West Heath Primary Care Centre shares information from medical records:
- to support medical research when the law allows us to do so, for example to learn more about why people get ill and what treatments might work best;
- we will also use your medical records to carry out research within the practice.
This is important because:
- the use of information from GP medical records is very useful in developing new treatments and medicines;
- medical researchers use information from medical records to help answer important questions about illnesses and disease so that improvements can be made to the care and treatment patients receive.
We share information with the medical research organisations with your explicit consent or when the law allows
You have the right to object to your identifiable information being used or shared for medical research purposes. Please speak to the practice if you wish to object
Checking the quality of care – national clinical audits
West Heath Primary Care Centre contributes to national clinical audits so that healthcare can be checked and reviewed.
- Information from medical records can help doctors and other healthcare workers measure and check the quality of care which is provided to you.
- The results of the checks or audits can show where hospitals are doing well and where they need to improve.
- The results of the checks or audits are used to recommend improvements to patient care.
- Data are sent to NHS Digital, a national body with legal responsibilities to collect data.
- The data will include information about you, such as your NHS Number and date of birth and information about your health which is recorded in coded form – for example the code for diabetes or high blood pressure.
- We will only share your information for national clinical audits or checking purposes when the law allows.
- For more information about national clinical audits see the Healthcare Quality Improvements Partnership website: https://www.hqip.org.uk/ or phone 020 7997 7370.
You have the right to object to your identifiable information being shared for national clinical audits. Please contact the practice if you wish to object.
How your information is shared so that this practice can meet legal requirements
The law requires West Heath Primary Care Centre to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:
- plan and manage services;
- check that the care being provided is safe;
- prevent infectious diseases from spreading.
We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information.
We must also share your information if a court of law orders us to do so.
- NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.
- It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
- This practice must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
- More information about NHS Digital and how it uses information can be found at: https://digital.nhs.uk/home
Care Quality Commission (CQC)
- The CQC regulates health and social care services to ensure that safe care is provided.
- The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk.
- For more information about the CQC see: http://www.cqc.org.uk
- The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population.
- We will report the relevant information to local health protection team or Public Health England.
- For more information about Public Health England and disease reporting see: https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report
National screening programmes
- The NHS provides national screening programmes so that certain diseases can be detected at an early stage.
- These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service.
- The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme.
- More information can be found at: https://www.gov.uk/topic/population-screening-programmes or speak to the practice.
- This helps us to provide you with a good experience when you visit our website and make improvements.