GDPR- Legal Requirement to Share Data
How your information is shared so that this practice can meet legal requirements
The law requires West Heath Primary Care Centre to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:
• plan and manage services;
• check that the care being provided is safe;
• prevent infectious diseases from spreading.
We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information.
We must also share your information if a court of law orders us to do so.
We also share data via GP Connect – this allows clinicians in different care settings to view your GP record. You can see a copy of our Privacy Notice for GP Connect here.
“How the NHS and care services use your information
West Heath Primary Care Centre is one of many organisations working in the health and care system to improve care for patients and the public
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation ‘is currently’ compliant with the national data opt-out policy.“
• NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.
• It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
• This practice must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
• More information about NHS Digital and how it uses information can be found at:
• NHS Digital sometimes shares names and addresses of patients suspected of committing immigration offences with the Home Office. More information on this can be found here: https://www.gov.uk/government/publications/information-requests-from-the-home-office-to-nhs-digital
Care Quality Commission (CQC)
• The CQC regulates health and social care services to ensure that safe care is provided.
• The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk.
• For more information about the CQC see: http://www.cqc.org.uk/
• The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population.
• We will report the relevant information to local health protection team or Public Health England.
• For more information about Public Health England and disease reporting see: https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report
We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data.
West Heath Primary Care Centre
481 Rednal Road
Phone: 0121 4658188
Data Protection Officer contact details
Dr. G R Arora
West Heath Primary Care Centre
481 Rednal Road
Phone: 0121 4658188
Purpose of the processing
Compliance with legal obligations or court order.
Lawful basis for processing
The following sections of the GDPR mean that we can share information when the law tells us to.
Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’
Recipient or categories of recipients of the processed data
• The data will be shared with NHS Digital.
• The data will be shared with the Care Quality Commission.
• The data will be shared with our local health protection team or Public Health England.
• The data will be shared with the court if ordered.
Rights to object and the national data opt-out
There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.
• You have the right to object to information being shared with NHS Digital for reasons other than your own direct care.
• This is called a ‘Type 1’ objection – you can ask your practice to apply this code to your record.
• Please note: The ‘Type 1’ objection, however, will no longer be available after 2020.
• This means you will not be able to object to your data being shared with NHS Digital when it is legally required under the Health and Social Care Act 2012.
The national data op-out model provides you with an easy way of opting-out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons.
To opt-out or to find out more about your opt-out choices please go to NHS Digital’s website:
NHS Digital sharing with the Home Office
• There is no right of objection to NHS Digital sharing names and addresses of patients who are suspected of having committed an immigration offence.
• Legally information must be shared under public health legislation. This means that you are unable to object.
Care Quality Commission
• Legally information must be shared when the Care Quality Commission needs it for their regulatory functions. This means that you are unable to object.
• Your information must be shared if it ordered by a court. This means that you are unable to object.
Right to access and correct • You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website .
• We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016
or speak to the practice.
Right to complain
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113
Please click the link below to read our Supplementary Privacy Notice issued in response to Covid-19