Confidentiality Statement
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to write to the practice requesting the information. Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.
Anyone who receives information from us also has a legal duty to keep it confidential and secure.
All staff in the Practice sign a Confidentiality Agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
Please be aware that your information will be accessed by non-clinical Practice staff in order to perform tasks enabling the functioning of the Practice. These include, but not limited to:
- typing referral letters to Hospital Consultants or allied Healthcare Professionals
- opening letters from Hospitals and Consultants
- scanning clinical letters, radiology reports and any other documents not available in electronic format
- photocopying or printing documents for referral to Consultants
- handling, printing, photocopying and postage of medical legal and insurance reports and of associated documents.
How we keep your information confidential and safe
Everyone working for our organisation is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for specific purposes in accordance with the law. The NHS Digital Code of Practice on Confidential Information applies to all NHS staff and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All our staff are expected to make sure information is kept confidential and receive regular training on how to do this.
The health records we use may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel. We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed. We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- Human Rights Act
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality and Information Security
- Health and Social Care Act 2015
- And all applicable legislation
We have a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott Guardian.
We are registered with the Information Commissioner’s Office (ICO) as a data controller which describes the purposes for which we process personal data. A copy of the registration is available from the ICO’s web site by searching on our name.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.