Privacy

Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.

The Wapping Group Practice is part of Tower Hamlets CCG who are responsible for planning, designing, buying and paying for certain NHS services. These services include planned and emergency hospital care, mental health, rehabilitation, and community services.

Patients have the right to have information about them processed fairly and lawfully, and to access any personal information held by the NHS. Patients also have the right to privacy, and expect the NHS to keep information confidential and secure. Patients have the right to request that their confidential information is not used for purposes other than their own care and treatment, and to have their objections considered. These rights are set out in the NHS Constitution.

To find out more about how data is used across East London, please see the NHS Data Sharing In East London page by clicking here.

What information do we hold and how is this stored?

NHS health care records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records this GP Practice hold about you may include the following information:

Details about you, such as your name, address, carer’s, legal representatives and emergency contact details
Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
Notes and reports about your health
Details about your treatment and care
Results of investigations such as laboratory tests, x-rays, etc.
Relevant information from other health professionals, relatives or those who care for you

How the NHS and care services use your information

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
monitoring safety
planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

Your NHS Data Matters

Type1 Opt-out: Recorded in GP health records at the request of patients who want to prevent all confidential patient information being shared outside their GP practice for purposes other than individual care. Opt out by submitting this form to your GP: Type 1 opt-out form

National Data Opt-Out: Introduced in May 2018, following recommendations from the National Data Guardian. patients can opt-out of having their confidential patient information shared for reasons beyond their individual care, for example for research and planning. This is not held at the GP surgery but is held centrally. GPs cannot see if a patient as a national data opt-out currently, but they still hold the Type 1 opt-out.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

See what is meant by confidential patient information
Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
Find out more about the benefits of sharing data
Understand more about who uses the data
Find out how your data is protected
Be able to access the system to view, set or change your opt-out setting
Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
See the situations where the opt-out will not apply

You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2021 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.

Access to personal information

You have a right under the Data Protection Act 2018 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:

You can access your GP records, and nominate someone you trust to access them, through GP online services – NHS App. Contact GP practice.
You can request in writing to the GP – for information from the hospital you should write direct to them
We are required to respond to you within 30 days
You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

Notification

The Data Protection Act 2018 requires organisation’s to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.

This information is publicly available on the Information Commissioners Office website www.ico.org.uk

The practice is registered with the Information Commissioners Office (ICO).

Who is the Data Protection Officer (DPO)?

Our Data Protection Officer makes sure we respect your rights and process your personal information according to the law. If you have any concerns or questions about how we look after your personal information please contact the Data Protection Officer Umar Sabat of IG Health at dpo.th@nhs.net

Who is the Data Controller?

The Data Controller, responsible for keeping your information secure and confidential is:

The Wapping Group Practice
22 Wapping Lane
London
E1W 2RL

Objections / Complaints

Should you have any concerns about how your information is managed at the GP, please contact the practice in writing. If you are unhappy following a review by the GP practice, you can then complain to the DPO. If you are still unhappy, you can contact the Information Commissioners Office (ICO) via their website www.ico.gov.uk, casework@ico.org.uk , telephone: 0303 123 1113 (local rate).