Data Protection Privacy Notice
General Practices are usually the first point of contact if you have a health problem. They can treat many conditions and give health advice. They also refer patients to hospitals and other medical services for urgent and specialist treatments.
The data we hold may also be used to shape the way we work together to plan service improvements, improve the health and wellbeing of our communities, and take action to prevent illness and disease for individuals as well as wider communities.
The categories of personal information
Dependent on the purpose of processing, different categories of data may be used by the Practice. Data can be categorised using the following terms:
Anonymised data – data where personal identifiable identifiers have been removed. Data protection laws and the Common Law of Confidentiality to do not apply to anonymised data.
Pseudonymised data – data where any information which could be used to identify an individual has been replaced with a fake identifier. Pseudonymised data remains personal data and as such the Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
Person identifiable information (or personal data) – any information about an individual from which, either on its own or together with other information, that person may be identified. The Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
To find out more about the data processed for each purpose, please click on the links below (The Purpose(s) of Processing).
In addition to the above types of data, some information is considered protected regardless of the purpose of processing; this information does not form part of your shared care record and is not disclosed to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on such information.
The purpose(s) of processing personal data
Orchard Family Practice processes data for the following purposes:
What is the lawful basis for the sharing?
Each purpose of sharing has its own lawful basis, and these can be found in detail on the associated Privacy Notices above.
Organisations we share your personal information with
Personal Data (including special category data) will only be shared between the general Practice and health and social care organisations that have signed a Joint Controller or Data Processing Agreement. These currently include:
How long do we keep your record?
The Practice maintains your records in accordance with the NHS Records Management Code of Practice 2021.
How we keep your personal information safe and secure
To protect personal and special category data, we make sure the information we hold is kept in secure locations and access to information is restricted to authorised personnel only.
Our appropriate technical and security measures include:
The NHS Digital Code of Practice on Confidential Information applies to all staff who access clinical systems. They are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
What are your rights?
Under data protection legislation, you have the right:
Please note not all these rights are absolute, please see our ROPA for more details
If you wish to exercise your rights in any of the ways described above, you should in the first instance contact Orchard Family Practice, firstname.lastname@example.org
Right to complain
You can get further advice or report a concern directly to email@example.com
Our Data Protection Officer function is provided by NHS Kent and Medway who can be contained via email firstname.lastname@example.org
You also have the right to contact the UK’s data protection supervisory authority (Information Commissioner’s Office) by:
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Phone: 0303 123 1113 (local rate) or 01625 545745 (national rate)
Information about the way in which the NHS uses personal information and your rights is published by NHS Digital.
The NHS Constitution
The constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to. These rights cover how patients access health services, the quality of care you will receive, the treatments and programmes available to you, confidentiality, information and your right to complain, if things go wrong.
NHS England collects health information from the records health and social care providers keep about the care and treatment they give, to promote health or support improvements in the delivery of care services in England.
Reviews of and changes to this privacy notice
We will review the information contained within this notice regularly and update it as required. We therefore recommend you check this webpage regularly to remain informed about the way in which we use your information.
Additional Privacy Notices: