We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice for Patients Aged Between 13-16
If you wish to contact the practice Data Protection Officer, Lucy Hunt.
Please Note: An easy-read version of this policy is available from reception, or contact us online.
1 Introduction
We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way, and we review this regularly.
From the age of 13 we may ask for your consent before we discuss your medical records with your parents. This means that before we discuss your care or pass on copies of your medical records to your parents, we will check that you are happy with this first. Up until the age of 16 your parents will still be able to make an appointment for you and if you would like your parent(s) to come to the appointment with you, then you can bring them with you. Equally, if you would like to attend the appointment without your parents and make your own appointment, that is fine too. We are here to support your wishes.
If you do not want your parents to have access to your medical information, please speak to a member of the Practice team.
Please read this privacy notice (‘Privacy Notice’) carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.
2 About Us
As a practice all staff must abide by patient confidentiality and follow current Data Protection Regulations. (Currently DPA 2018 & UKGDPR 2016).
We, at Westbury-on-Trym Primary Care Centre are a Data Controller of your information. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient.
There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.
3 The Data Protection Officer
You can contact the Data Protection Officer by emailing us via our online form if you have any questions about how your information is being held.
- A. If you require access to your information or if you wish to make a change to your information.
- B. If you wish to make a complaint about anything to do with the personal and healthcare information, we hold about you.
- C. Or any other query relating to this Policy and your rights as a patient.
You can also write to her at the address stated below:
Lucy Hunt
Avon Local Medical Committee,
14a High Street,
Staple Hill,
Bristol, BS16 5HP
4 Why are we proving this Privacy Notice?
We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store, and hold about you. The Law says:
- A. We must let you know why we collect personal and healthcare information about you
- B. We must let you know how we use any personal and/or healthcare information we hold on you
- C. We need to inform you in respect of what we do with it
- D. We need to tell you about who we share it with or pass it on to and why
- E. We need to let you know how long we can keep it for
5 Why do we need one?
Your doctor’s surgery needs a privacy notice to make sure it meets the legal requirements which are written in a new document called the General Data Protection Regulation (or UKGDPR for short).
A privacy notice helps your doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all the notes the doctor or nurse makes about you in your healthcare record.
6 What is UKGDPR?
UKGDPR stands for United Kingdom General Data Protection Regulation and helps your doctor’s surgery keep the information about you secure. It was introduced on the in 2018, making sure that your doctor, nurse, and any other staff at the practice follow the rules and keep your information safe.
7 What Information do we collect about you
Don’t worry; we only collect the information we need to help us keep you healthy – such as your name, address, information about your parents or guardians, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays, and any other information to enable us to care for you.
If you are unclear about how we process or use your personal and healthcare information, or you have any questions about this Privacy Notice or any other issue regarding your personal and healthcare information, then please contact our Data Protection Officer.
NHS Digital sub-contract Amazon Web Services (AWS) to store your patient data. We have been informed that the data will always remain in the UK and will be fully encrypted both in transit and at rest. We have further been advised that AWS offers the very highest levels of security and support. The Practice does not have any influence over how the data is stored as this is decided centrally by NHS Digital.
8 Call Recording
We use Telephone Call Recording software for quality and training purposes. All telephone calls made or received via the Practice Telephony system may be recorded. Call Recordings are stored indefinitely on an external hard drive and can be accessed by the IT & Data Lead and Practice Management Team. We have internal policies that all staff must follow to protect your data.
9 Other people who we provide your Information to
- A. Commissioners
- B. Integrated Care Boards (ICB)
- C. Local authorities
- D. Community health services
- E. For the purposes of complying with the law e.g., Police, Solicitors, Insurance Companies.
- F. Anyone you have given your consent to, to view or receive your record, or part of your record.
- G. Extended Access - We provide extended access services to our patients which means you can access medical services outside of our normal working hours we have very robust data sharing agreements and other clear arrangements in place to ensure your data is always protected and used for those purposes only.
- H. Data Extraction by the Clinical Commissioning Group - the clinical commissioning group at times extracts medical information about you, but the information we pass to them via our computer systems cannot identify you to them. This information only refers to you by way of a code, that only your practice can identify (it is pseudo-anonymised). This therefore protects you from anyone who may have access to this information at the clinical commissioning group from EVER identifying you as a result of seeing the medical information and we will never give them the information that would enable them to do this.
- I. Severnside Integrated Urgent Care Service - incorporates NHS111, this is an Out of hours service for GP Practices this service ensures that you receive the right level of care for your condition.
- J. CQC - Care Quality Commission - Regulate and inspect health and social care services across the UK.
10 Other NHS Organisations
The ICB also collects information about whether patients have long term conditions such as diabetes, blood pressure, cholesterol levels and medication. However, this information is anonymous and does not include anything written as notes by the GP and cannot be linked to you.
Local Data Sharing Agreements:
Sirona
Sirona Community nurses and other health care professionals can access GP information about people on their caseload who have recently been discharged from hospital, or who are housebound, or who require longer term rehabilitation from the GP record. This information can be read by the healthcare professional to improve the patients care, but they are not able to amend the GP medical record.
Connecting Care
Connecting Careen enables a range of health care organisations, including local NHS hospital, the Ambulance Service and the Out of Hours service provided by Brisdoc. This information can be read by the healthcare professional to improve the patients care, but they are not able to amend the GP medical record.
One Care
The One Care agreement allows patients from the surgery to be seen and treated by GPs from other surgeries in the evening and at weekend. The agreement allows a GP in other localities to access the GP record securely and allows information about the consultation to be written into the record.
St Peter’s Hospice
The St Peter’s Hospice agreement enables hospice staff to read the records of patients in their care. This information can be read by the healthcare professional to improve the patients care, but they are not able to amend the GP medical record.
Westbury on Trym Primary Care Centre
The practice also shares anonymised data with several research bodies to enable clinical research to be undertaken, but no personally identifiable data is shared.
Please note: if you give another person or organisation consent to access your record, we will need to contact you to verify your consent before we release that record. It is important that you are clear and understand how much and what aspects of your record you give consent to be disclosed.
11 Special Categories
The Law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows:
Public Interest
Where we may need to handle your personal information when it is in the public interest. For example, when there is an outbreak of a specific disease and we need to contact you for treatment, or we need to pass your information to relevant organizations to ensure you receive advice and/or treatment.
Consent
When you have given us consent.
Vital Interest
If you are incapable of giving consent, and we must use your information to protect your vital interests (e.g., if you have had an accident and you need emergency treatment).
Defending a Claim
If we need your information to defend a legal claim against us by you, or by another party.
Providing You With Medical Care
Where we need your information to provide you with medical and healthcare service.
12 How do we use your Information
Your information is taken to help us provide your care. But we might need to share this information with other medical teams, such as hospitals, if you need to be seen by a special doctor or sent for an X-ray. Your doctor’s surgery may be asked to help with exciting medical research; but don’t worry, we will always ask you, or your parents or adults with parental responsibility, if it’s okay to share your information.
13 How do we keep your Information Private
Well, your doctor’s surgery knows that it is very important to protect the information we have about you. We make sure we follow the rules that are written in the UKGDPR and other important rule books.
14 What if you have a long-term Medical Condition
If you have a long-term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them help you, making sure you get the care you need when you need it
15 What if you don’t want to Share your Information
All our patients, no matter what their age, can say that they don’t want to share their information. If you’re under 16 this is something which your parents or adults with parental responsibility will have to decide. They can get more information from a member of staff at the surgery, who can also explain what this means to you.
16 How can you access your records
Remember we told you about the UKGDPR? Well, if you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). Your parents or adults with parental responsibility will do this on your behalf if you’re under 16. But if you are over 12, you may be classed as being competent and you may be able to do this yourself. We will always check with you that you are happy with any request made on your behalf before we process it.
17 What if you have a question
If you have any questions, your parents or adults with parental responsibility are the best people to ask, however you are also able to do one of the following:
- Contact the practice’s data controller via email at
- Doctors’ surgeries are data controllers for the data they hold about their patient.
18 Your Summary Care Record
Your summary care record is an electronic record of your healthcare history (and other relevant personal information) held on a national healthcare records database provided and facilitated by NHS England. This record may be shared with other healthcare professionals and additions to this record may also be made by relevant healthcare professionals and organizations involved in your direct healthcare.
You may have the right to demand that this record is not shared with anyone who is not involved in the provision of your direct healthcare. If you wish to enquire further as to your rights in respect of not sharing information on this record, then please contact our Data Protection Officer.
19 How the NHS use your Information – National Data Opt-out
The Practice is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- Research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this were allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit Your NHS Data Matters.
On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
Information About Patients - Health Research Authority
which covers health and care research
Understanding Patient Data
which covers how and why patient information is used, the safeguards and how decisions are made
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Practice is currently compliant with the national data opt-out policy.
20 What is Population Health Management?
This work is aimed at improving the health of an entire population.
It is about improving the physical and mental health outcomes and wellbeing of people and making sure that access to services is fair and equal. It helps to reduce the occurrence of ill-health and looks at all the wider factors that affect health and care.
The project requires health care organisations to work together with communities and partner agencies. The organisations will share information with each other to get a view of health and services for the population in a particular area.
In your area, a population health management programme has been introduced. The programme will combine information from GP practices, community service providers, hospitals and other health and care providers.
20.1 How will my personal data be used?
The information will include information about your health care.
The information will be combined and anything that can identify you (like your name or NHS Number) will be removed and replaced with a code.
This means that the people working with the data will only see the code and cannot see which patient the information relates to.
If we see that an individual might benefit from some additional care or support, we will send the information back to your GP or hospital provider and they will use the code to identify you and offer you services.
The information will be used for a number of healthcare related activities such as:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
20.2 Who will my personal data be shared with?
Your GP and hospital providers will send the information they hold on their systems to the South Central and West Commissioning Support Unit, who are part of NHS England.
They will link all the information together to review and make decisions about the whole population or patients that might need support. During this process any identifiable data will be removed before it is shared with Optum Healthcare.
Both the Commissioning Support Unit and Optum are required to protect your information and maintain confidentiality in the same way that your doctor or hospital provider is.
20.3 Is using my information in this way lawful?
Health Care Providers are permitted by data protection law to use information where it is ‘necessary for medical purposes. This includes caring for you directly as well as management of health services more generally.
Some of the work that happens at a national level with your information is required by other parts of the law. For more information, speak to our Data Protection Officer.
Sharing and using your information in this way helps to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this when allowed by law and in most cases, anonymised data is used so that you cannot be identified.
20.4 What will happen to my information when the project is finished?
Once the 20-week programme has completed the information will be securely destroyed.
20.5 Can I object?
You have a right to object to information being used in this way.
You also have several other information rights. See our main privacy policy for more information.
To find out more or to register your choice to opt out, please visit Your NHS Data Matters.
21 Coronavirus Pandemic – Data Protection
The NHS and other health professionals faced huge, unexpected challenges during the Coronavirus (COVID-19) pandemic, and the health and social care system took action to help limit the spread and impact of the virus.
As part of this response, a Control of Patient Information Notice (COPI Notice) was issued, which meant that all GP practices could share patient data nationally to help improve patient care and safety, unless the patient had previously not given permission for their information to be shared. The COPI notice expired on 30th April 2023, but the legal basis (see Section 22) permitting the sharing of data remains in place.
If you have previously opted-out of sharing your data via GP Connect, or didn’t consent to share your Additional Information, your decision will be respected and applied as part of any policy change. You can also change your mind at any time.
If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice.
22 Legal Justification for collecting and using your information
The Law says we need a legal basis to handle your personal and healthcare information.
Contract
We have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public.
Consent
Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs. Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us.
Necessary Care
Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent.
Law
Sometimes the Law obliges us to provide your information to an organisation.
23 What do you do if you are not happy with how we have handled your information?
We really want to make sure you’re happy, but we understand that sometimes things can go wrong. If you or your parents or adults with parental responsibility are unhappy with any part of our data-processing methods, you can complain. For more information, visit ico.org.uk and select ‘Raising a concern’. We always make sure the information we give you is up to date. Any updates will be published here on our website, and on our leaflets.
24 Complaints
If you have a concern about the way we handle your personal data or have a complaint about what we are doing, with your data or how we have used or handled your personal and/or healthcare information, then please contact our Data Protection Officer.
You also have a right to raise any concern or complaint with the UK information regulator:
Information Commissioner’s Office (ICO)
25 Our website
The only website this Privacy Notice applies to is the Surgery’s website. If you use a link to any other website from the Surgery’s website, then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.
26 Change to our Privacy Notice
We regularly review and update our Privacy Notice. This Privacy Notice was last updated in March 2023.