21 Dawson Road, West Timperley, Altrincham, Cheshire, WA14 5PF

0161 929 1515 | admin.wtmc@nhs.net

Privacy

Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.

UK General Data Protection Regulation Policy

Read our full UK GDPR policy on this link

Privacy Notice for Patients – Updated February 2023

We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way and we review this regularly.

Please read this Privacy Notice (‘Privacy Notice’) carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.

1. Why are we providing this privacy notice

We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store and hold about you. If you are unclear about how we process or use your personal and healthcare information, or you have any questions about this Privacy Notice or any other issue regarding your personal and healthcare information, then please do contact our Data Protection Officer (details below).

The Law says:

a. We must let you know why we collect personal and healthcare information about you;

b. We must let you know how we use any personal and/or healthcare information we hold on you;

c. We need to inform you in respect of what we do with it;

d. We need to tell you about who we share it with or pass it on to and why; and

e. We need to let you know how long we can keep it for.

2. The Data Protection Officer

The Data Protection Officer at the Surgery is Carolyn Healey. You can contact them at/on  carolyn.healey@nhs.net if;

  • You have any questions about how your information is being held;
  • If you require access to your information or if you wish to make a change to your information;
  • If you wish to make a complaint about anything to do with the personal and healthcare information we hold about you;
  • Or any other query relating to this Notice and your rights as a patient.

Please contact the Practice Manager, Emma Foskett if you require access to your medical records or have any queries that would be reviewed as a Subject Access Request.

3. About us

We, at West Timperley Medical Centre (‘the Surgery’) situated at 21 Dawson Road, Broadheath, WA14 5PF, are a Data Controller of your information. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient.

There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.

4. Information we collect from you

The information we collect from you will include:

a. Your personal contact details (such as your name, address, contact telephone numbers (landline and mobile) and email address, including place of work and work contact details);

b. Details and contact numbers of your next of kin;

c. Your age range, gender, ethnicity;

d. Details in relation to your medical history;

e. The reason for your visit to the Surgery;

f. Medical notes and details of diagnosis and consultations with our GPs and other health professionals within the Surgery involved in your direct healthcare.

5. Information about you from others

We also collect personal information about you when it is sent to us from the following:

  1. a hospital, a consultant or any other medical or healthcare professional, or any other person involved with your general healthcare.
  2. Firearms Applications
  3. Solicitor/Insurance Requests
  4. Court Matters
  5. Immigration Matters

6. Your Summary Care Record

Your summary care record (‘SCR’) is an electronic record of your healthcare history (and other relevant personal information) held on a national healthcare records database provided and facilitated by NHS England.

You can ask your doctor to add further information to your SCR from your medical notes. This can include health problems such as diabetes and your treatment preferences.

This record may be shared with other healthcare professionals and additions to this record may also be made by relevant healthcare professionals and organisations involved in your direct healthcare.

You may have the right to demand that this record is not shared with anyone who is not involved in the provision of your direct healthcare.  SCRs improve care, but if you do not want to have a SCR, then you are entitled to opt out. You can tell your GP or you can fill out a SCR opt out form. If you would like a form or wish to enquire further as to your rights in respect of not sharing information contained within this record then please contact our Data Protection Officer.

If you are happy with the use of this information you do not need to do anything. You may however change your mind at any time.

7. National Data Opt Out

A new national data opt-out was introduced in May 2018, following recommendations from the National Data Guardian. You can opt out of having your confidential patient information shared for reasons beyond your individual care, for example for research and planning.

Your health records contain a type of data called confidential patient information. This data can be used to help with research and planning.

You can choose to stop your confidential patient information being used for research and planning. You can also make a choice for someone else like your children under the age of 13.

To help the NHS respond to coronavirus, your information may be used for coronavirus research purposes even if you have chosen not to share it. Any information used will be shared appropriately and lawfully.

Confidential patient information is when 2 types of information from your health records are joined together.

The 2 types of information are:

  • something that can identify you;
  • something about your health care or treatment;

For example, your name joined with what medicine you take.

Identifiable information on its own is used by health and care services to contact patients and this is not confidential patient information.

Health and care staff may use your confidential patient information to help with your treatment and care. For example, when you visit your GP they may look at your records for important information about your health.

Confidential patient information might also be used to:

  • plan and improve health and care services;
  • research and develop cures for serious illnesses.

You can stop your confidential patient information being used for research and planning. Find out how to make your choice

If you’re happy with your confidential patient information being used for research and planning you do not need to do anything.

Any choice you make will not impact your individual care.

8. Who we may provide your personal information to and why

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected to help ensure you get the best possible care and treatment. This information may be passed to other approved organisations where there is a lawful basis, to help with planning services, improving care, research into developing new treatments and preventing illness. All of this helps to improve services and provide better care to you and your family and future generations. However, as explained in this Privacy Notice, confidential information about your health and care is only used in this way where allowed by law and would never be used for any other purpose without your clear and explicit consent.

We may pass your personal information on to the following people or organisations, because these organisations may require your information to assist them in the provision of your direct healthcare needs. It, therefore, may be important for them to be able to access your information in order to ensure they may properly deliver their services to you:

  1. Hospital professionals (such as doctors, consultants, nurses, etc);
  2. Other GPs/Doctors;
  3. Pharmacists;
  4. Nurses and other healthcare professionals;
  5. Dentists;
  6. Any other person that is involved in providing services related to your general healthcare, including mental health professionals.

9. Other people who we provide your information to

A. Commissioners;

B. Clinical Commissioning Groups/ ICB

C. Local authorities;

D. Community health services;

E. For the purposes of complying with the Law e.g. Police, Solicitors, Insurance Companies;

F. Anyone you have given your consent to, to view or receive your record, or part of your record. Please note, if you give another person or organisation consent to access your record, we will need to contact you to verify your consent before we release that record. It is important that you are clear and understand how much and what aspects of, your record you give consent to be disclosed.

G. Extended Access

We provide extended access services to our patients which means you can access medical services outside of our normal working hours. In order to provide you with this service, we have formal arrangements in place with the Clinical Commissioning Group and with other practices whereby certain key “hub” practices offer this service on our behalf for you as a patient to access outside of our opening hours. This means, those key “hub” practices will have to have access to your medical record to be able to offer you the service. Please note we ensure that those practices comply with the Law and protect the use of your information, we have very robust data sharing agreements and other clear arrangements in place to ensure your data is always protected and used for those purposes only.

The key Hub practices are as follows: St Johns Medical Centre, Altrincham

H. Data Extraction by the Clinical Commissioning Group

The clinical commissioning group at times extracts medical information about you, but the information we pass to them via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify (it is pseudo-anonymised). This therefore protects you from anyone who may have access to this information at the Clinical Commissioning Group from ever identifying you as a result of seeing the medical information and we will never give them the information that would enable them to do this.

I. Primary Care Network

We are a member of the Altrincham Healthcare Alliance Primary Care Network (PCN).  This means we will be working closely with a number of other Practices and health and care organisations to provide healthcare services to you. These Practices are listed at the end of this Privacy Notice. See Schedule 1 below.

During the course of our work we may share your information with these Practices and other health care organisations/professionals.  We will only share this information where it relates to your direct healthcare needs.

When we do this, we will always ensure that appropriate agreements are in place to protect your information and keep it safe and secure. This is also what the Law requires us to do.

If you would like to see the information the PCN holds about you, please contact Emma Foskett, Practice Manager at West Timperley Medical. See also your rights listed below.

J. Medicines Management

The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost-effective treatments. The reviews are carried out by the CCGs Medicines Management Team under a Data Processing contract with the Practice.

K. Safeguarding

The Practice is dedicated to ensuring that the principles and duties of safeguarding adults and children are holistically, consistently and conscientiously applied with the wellbeing of all, at the heart of what we do.

Our legal basis for processing For the General Data Protection Regulation (GDPR) purposes is: –

Article 6(1)(e) ‘…exercise of official authority…’.

For the processing of special categories data, the basis is: –

Article 9(2)(b) – ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law…’

L. Research

Clinical Practice Research Datalink (CPRD) collects de-identified patient data from a network of GP practices across the UK. Primary care data are linked to a range of other health related data to provide a longitudinal, representative UK population health dataset.  You can opt out of your information being used for research purposes at any time (see below), full details can be found here: –

https://cprd.com/transparency-information

10. Anonymised information

Sometimes we may provide information about you in an anonymised form. If we do so, then none of the information we provide to any other party will identify you as an individual and cannot be traced back to you.

11. Your rights as a patient

The Law gives you certain rights to your personal and healthcare information that we hold, as set out below:

Access and Subject Access Requests

You have the right to see what information we hold about you and to request a copy of this information.

If you would like a copy of the information we hold about you, please email the Practice at admin.wtmc@nhs.net. We will provide this information free of charge however, we may in some limited and exceptional circumstances have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive.

We have one month from the date of a request to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing and it is made clear to us what and how much information you require.

Online Access

We are currently working towards offering all existing patients on-line access to their medical records. All new patients will automatically be given on-line access to their records.

Please note that online access will also provide access to all relevant correspondence attached to your record. It is your responsibility to make sure that you keep your information safe and secure if you do not wish any third party to gain access.

 Correction

We want to make sure that your personal information is accurate and up to date. You may ask us to correct any information you think is inaccurate. It is very important that you make sure you tell us if your contact details including your mobile phone number has changed.

Removal

You have the right to ask for your information to be removed however, if we require this information to assist us in providing you with appropriate medical services and diagnosis for your healthcare, then removal may not be possible.

Objection

We cannot share your information with anyone else for a purpose that is not directly related to your health, e.g. medical research, educational purposes, etc. We would ask you for your consent in order to do this however, you have the right to request that your personal and healthcare information is not shared by the Surgery in this way. Please note the Anonymised Information section in this Privacy Notice.

Transfer

You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form), to another organisation, but we will require your clear consent to be able to do this.

12. Third parties mentioned on your medical record

Sometimes we record information about third parties mentioned by you to us during any consultation. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including yourself. Third parties can include: spouses, partners, and other family members.

13. How we use the information about you

We use your personal and healthcare information in the following ways:

  1. when we need to speak to, or contact other doctors, consultants, nurses or any other medical/healthcare professional or organisation during the course of your diagnosis or treatment or on-going healthcare;
  2. when we are required by Law to hand over your information to any other organisation, such as the police, by court order, solicitors, or immigration enforcement.

We will never pass on your personal information to anyone else who does not need it, or has no right to it, unless you give us clear consent to do so.

14. Lawful justification for collecting and using your information

In accordance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”), the Data Protection Act 2018 and any other relevant legislation, regulation, code of practice or guidance the Law says we need a lawful basis to handle your personal and healthcare information.

Contract: We have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public.

Consent: Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs.

Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us.

Necessary care: Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent.

Legal obligation: Sometimes the Law obliges us to provide your information to an organisation (see above).

15. Special categories

The Law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows:

Public interest: Where we may need to handle your personal information when it is considered to be in the public interest. For example, when there is an outbreak of a specific disease and we need to contact you for treatment, or we need to pass your information to relevant organisations to ensure you receive advice and/or treatment;

Consen: When you have given us consent;

Vital interest: If you are incapable of giving consent, and we have to use your information to protect your vital interests (e.g. if you have had an accident and you need emergency treatment);

Defending a claim: If we need your information to defend a legal claim against us by you, or by another party;

Providing you with medical care: Where we need your information to provide you with medical and healthcare services.

16. How long we keep your personal information

We carefully consider any personal information that we store about you, and we will not keep your information for longer than is necessary for the purposes as set out in this Privacy Notice.

17. If English is not your first language

If English is not your first language you can request a translation of this Privacy Notice. Please contact our Data Protection Officer.

18. Complaints

If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal and/or healthcare information, then please contact the Practice Manager.

However, you have a right to raise any concern or complaint with the UK information regulator, at the Information Commissioner’s Office: https://ico.org.uk/.

19. Our website

The only website this Privacy Notice applies to is the Surgery’s website. If you use a link to any other website from the Surgery’s website, then you will need to read their respective Privacy Notice. We take no responsibility (legal or otherwise) for the content of other websites.

20. Cookies

The Surgery’s website uses cookies. For more information on which cookies we use and how we use them, please see contact the Practice Manager.

21. Security

We take the security of your information very seriously and we do everything we can to ensure that your information is always protected and secure. We regularly update our processes and systems and we also ensure that our staff are properly trained. We also carry out assessments and audits of the information that we hold about you and make sure that if we provide any other services, we carry out proper assessments and security reviews.

22. Text messaging and contacting you

Because we are obliged to protect any confidential information we hold about you and we take this very seriously, it is imperative that you let us know immediately if you change any of your contact details.

We may contact you using SMS texting to your mobile phone in the event that we need to notify you about appointments and other services that we provide to you involving your direct care, therefore you must ensure that we have your up to date details. This is to ensure we are sure we are actually contacting you and not another person.

Please note that we have installed a CCTV system inside and outside the building for the safety of our patients/staff and in particular to record and evidence any serious incidents involving patients. We operate this system in accordance with the Law and the codes of practice issued by the Information Commissioners Office as well as other regulatory bodies. Our CCTV is monitored regulary and only authorised staff will have access to it.

We will not keep images captured on CCTV  for longer than is necessary. The agreed retention period for CCTV images at West Timperley Medical Centre is 30 days.  All information is saved on the HDD that is contained within the Network Video Recorder (NVR) which is encrypted.

Only authorised team members will be able to access and view recordings on the CCTV system.

If you believe your image has been captured on our CCTV you have a right to request to see it. Please contact our Data Protection Officer, who will be able to assist with your enquiry.

X-On (TELEPHONE SYSTEM)

The Practice uses X-on telephone system and call recording. Inbound and outbound calls are recorded for monitoring and training purposes. Call recordings are kept for 3 years and then destroyed. The data is retained in the UK. If a call needs to be reviewed the Practice Manager can access the recordings.

EMIS WEB

The Practice uses a clinical system provided by a Data Processor called EMIS, with effect from 10th June 2019, EMIS will start storing your practice’s EMIS Web data in a highly secure, third party cloud hosted environment, namely Amazon Web Services (“AWS”).

The data will remain in the UK at all times and will be fully encrypted both in transit and at rest. In doing this, there will be no change to the control of access to your data and the hosted service provider will not have any access to the decryption keys. AWS is one of the world’s largest cloud companies, already supporting numerous public sector clients (including the NHS), and it offers the very highest levels of security and support.

23. Where to find our privacy notice

You may find a copy of this Privacy Notice in the Surgery’s reception, on our website, or a copy may be provided on request.

24. Changes to our privacy notice

We regularly review and update our Privacy Notice. This Privacy Notice was last updated on February 2023.

Schedule 1

List the Practices that are members of your PCN here

West Timperley Medical Centre

St Johns Medical Centre

Altrincham Medical Practice

Shay Lane (Kelman & Naylor)

Park Medical Practice

Date published: 20th September, 2023
Date last updated: 5th December, 2023