Wapping Health Centre, 22 Wapping Lane, London E1W 2RL
Call: 0207 481 9376

Privacy

Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find the documents and links below.

The Wapping Group Practice is part of North East London ICB who are responsible for planning, designing, buying and paying for certain NHS services. These services include planned and emergency hospital care, mental health, rehabilitation, and community services.

Patients have the right to have information about them processed fairly and lawfully, and to access any personal information held by the NHS. Patients also have the right to privacy, and expect the NHS to keep information confidential and secure. Patients have the right to request that their confidential information is not used for purposes other than their own care and treatment, and to have their objections considered. These rights are set out in the NHS Constitution.

To find out more about how data is used across East London, please see the NHS Data Sharing In East London page by clicking here.

What information do we hold and how is this stored?

NHS health care records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records this GP Practice hold about you may include the following information:

  • Details about you, such as your name, address, carer’s, legal representatives and emergency contact details
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you

How the NHS and care services use your information

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

Your NHS Data Matters

You can choose whether or not your data is used for research and planning. There are different types of data-sharing you can opt out of.

1. Stop your GP surgery from sharing your data – Type1 Opt-out:

This is recorded in GP health records at the request of patients who want to prevent all confidential patient information from being shared outside their GP practice for purposes other than individual care.

  • To do this you need to fill in an opt-out form and return it to your GP surgery. Download a Type 1 Opt-out form.
  • Only your GP surgery can process your opt-out form. They will be able to tell you if, and when, you have been opted out.

If you choose a Type 1 Opt-out, your GP will not share your data for research and planning. However, NHS England will still be able to collect and share data from other healthcare providers, such as hospitals.

2. Stop NHS England and other health and care organisations from sharing your data for research and planning – National Data Opt-Out:

Introduced in May 2018, following recommendations from the National Data Guardian. patients can opt-out of having their confidential patient information shared for reasons beyond their individual care, for example for research and planning. This is not held at the GP surgery but is held centrally. GPs cannot see if a patient has a national data opt-out currently, but they still hold the Type 1 opt-out.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2021 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.

Access to personal information

You have a right under the Data Protection Act 2018 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:

  • You can access your GP records, and nominate someone you trust to access them, through GP online services – NHS App. Contact GP practice.
  • You can request in writing to the GP – for information from the hospital you should write direct to them
  • We are required to respond to you within 30 days
  • You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

Notification

The Data Protection Act 2018 requires organisation’s to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.

This information is publicly available on the Information Commissioners Office website www.ico.org.uk

The practice is registered with the Information Commissioners Office (ICO).

Who is the Data Protection Officer (DPO)?

Our Data Protection Officer makes sure we respect your rights and process your personal information according to the law. If you have any concerns or questions about how we look after your personal information please contact the Data Protection Officer Umar Sabat of IG Health at dpo.th@nhs.net

Who is the Data Controller?

The Data Controller, responsible for keeping your information secure and confidential is:

The Wapping Group Practice
22 Wapping Lane
London
E1W 2RL

Objections / Complaints

Should you have any concerns about how your information is managed at the GP, please contact the practice in writing. If you are unhappy following a review by the GP practice, you can then complain to the DPO. If you are still unhappy, you can contact the Information Commissioners Office (ICO) via their website www.ico.gov.ukcasework@ico.org.uk , telephone: 0303 123 1113  (local rate).

Date published: 20th September, 2023
Date last updated: 1st July, 2024