All information you supply to us is kept strictly confidential. Any information about you, your medical issues or treatment is only ever shared with other healthcare professionals on a ‘need to know’ basis.

Information is sometimes shared with NHS management for data audit and planning, and all those who work for the NHS have a duty of confidentiality towards patients.

All data you supply to us is kept confidential. Any information about you, your medical issues or treatment is only ever shared with other healthcare professionals on a ‘need to know’ basis.

Information is sometimes shared with NHS management for data audit and planning, and all those who work for the NHS have a duty of confidentiality towards patients.

The practice operates a zero tolerance policy regarding the use of bad language, shouting or violence towards any member of staff or other patients.

Under the terms of the Department of Health contract for General Medical Services all patients are now required to have an allocated, named, accountable GP.

However, you have the right to see a doctor of your choice and, where possible, we will observe this right.  Please ask at Reception if you wish to know who you are registered with or have any concerns.

Your Right to see your Health records

A health record is any record of information relating to someone’s physical or mental health that has been made by (or on behalf of) a health professional. This could be anything from the notes made by a GP in your local surgery to results of an MRI scan or X-rays.  Health records are extremely personal and sensitive.

They can be held electronically or as paper files, and are kept by a range of different health professionals both in the NHS and the private sector.

How can I Access my Records?

To do so, you will need to make your request in writing (or by email lscicb-fw.thorntonpractice@nhs.net ) to The Thornton Practice (address your letter to the Practice Secretary. This is known as a subject access request.

Please include the words ‘Subject Access Request’ at the beginning of your letter or in the subject line of your email.

The Subject Access request form is available below for you to download.

• subject access request form

What is GDPR?

GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA principles.

The main changes are:

• Practices must comply with subject access requests
• Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
• There are new, special protections for patient data
• The Information Commissioner’s Office must be notified within 72 hours of a data breach
• Higher fines for data breaches – up to 20 million euros

What is ‘patient data’?

Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc.

What is Consent?

Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”

The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.

Individuals also have the right to withdraw their consent at any time.

For additional information on Your Medical Records and how the data is used and processed by the Thornton Practice please see the detailed information booklet. Click on the link below to download / read.

• your medical records and thornton practice

How the NHS and care services use your information

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

On this web page you will:

• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

• https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
• https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

If you wish to register a Type 1 Opt-out with your GP practice before data sharing starts with NHS Digital, this should be done by returning this form to your GP practice by 23 June 2021 to allow time for processing it. If you have previously registered a Type 1 Opt-out and you would like to withdraw this, you can also use the form to do this.

You can send the form by post or email to your GP practice or call 0300 3035678 for a form to be sent out to you.

If you register a Type 1 Opt-out after your patient data has already been shared with NHS Digital, no more of your data will be shared with NHS Digital. NHS Digital will however still hold the patient data which was shared with them before you registered the Type 1 Opt-out.

If you do not want NHS Digital to share your identifiable patient data (personally identifiable data in the diagram above) with anyone else for purposes beyond your own care, then you can also register a National Data Opt-out.

Under data protection law we must tell you about how we use your personal information. This includes the personal information that we collect from and share with other organisations and why we do so. We do this through Transparency Notices.

Read our main Transparency Notice.

This additional Transparency Notice provides details about the personal information that GP practices are sharing with us under our General Practice Data for Planning and Research data collection.

We use the term patient data to refer to personal information in the rest of this notice.