GDPR/Privacy Notice

Coronavirus (COVID-19) Pandemic and Your Information

The ICO recognisesthe unprecedented challenges the NHS and other health professionals are facing during the COVID-19 pandemic.

The ICO also recognisethat ‘Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.’

The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a notice under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 requiring organisationssuch as GP Practices to use your information to help GP Practices and other healthcare organisationsto respond to and deal with the COVID-19 pandemic.

Please note that this notice has now been revised and extended by a further notice from 29th July 2020 until 31st March 2021.

In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non clinical staff who belong to organisationsthat are permitted to use your information and need to use it to help deal with the COVID-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisationsto monitor the disease, assess risk and manage the spread of the disease. Additionally, the use of your information is now required to support NHS Test and Trace.

Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs.

The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 31st March 2021 unless a further extension is required. Any further extension will be will be provided in writing and we will communicate the same to you.

Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.

It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.

If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice.

Data Sharing

Grove Surgery Fair Processing Statement

This practice may supply personal health data to comply with its legal obligations from time to time, as directed by the secretary of state for health, or other recognised statutory authority.

Sharing Your Information with Friends and Family

If you would like a member of your family or friends to be able to access your medical records on your behalf, then we will need written consent to allow this.

Please complete our third party consent form or collect a copy from the practice.

Privacy Notice

Grove Surgery has a legal duty to explain how we use any personal information we collect about you, as a registered patient at the practice. Staff at this practice maintain records about your health and the treatment you receive in the electronic and paper format.

What information do we collect about you?

We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.

How will we use this information?

Your data is collected for the purpose of providing healthcare services; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information.
In accordance with the Health and Social Care Act 2012, the care data programme enabled patient data to be collected by the Health and Social Care Information Centre (HSCIC) for quality and safety purposes. In addition, it is possible for us to share your data with other healthcare providers in order to provide you with a high level of care.

Maintaining confidentiality and accessing your records

We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulations (GDPR), Data Protection Bill 2017 (DPB), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information.

Risk stratification

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. caner. Your information is collected by a number of sources, including Grove Surgery, this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.

Invoice validation

Your information may be shared if you have received treatment to determine which Clinical Commissioning Group (CCG) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.

Opt outs

Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering a Type 1 opt-out, preventing your information from being shared outside this practice.

What to do if you have any questions

Should you have any questions about our privacy policy or the information we hold about you, you can:

  • Contact the practice.
  • Write to the practice at: Grove Surgery, Grove Lane, Thetford, Norfolk, IP24 2HY.
  • Ask to speak with the practice manager Claire Norman or Claire Osterberg.

Changes to our privacy policy

We regularly review our privacy policy and any updates will be published on our website, in our newsletter and on posters to reflect the changes.

What GDPR Means For Patients

The General Data Protection Regulation (GDPR) is a law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.

The GDPR sets out the key principles about processing personal data, for staff or patients:

  • Data must be processed lawfully, fairly and transparently.
  • It must be collected for specific, explicit and legitimate purposes.
  • It must be limited to what is necessary for the purposes for which it is processed.
  • Information must be accurate and kept up to date.
  • Data must be held securely.
  • It can only be retained for as long as is necessary for the reasons it was collected.

There are also stronger rights for patients regarding the information that practices hold about them. These include:

  • Being informed about how their data is used.
  • Patients to have access to their own data.
  • Patients can ask to have incorrect information changed.
  • Restrict how their data is used.
  • Move their patient data from one health organisation to another.
  • The right to object to their patient information being processed (in certain circumstances).