This privacy notice explains why Caritas Group Practice collects personal information about you, and how that information may be used. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations. As data controllers, GPs have responsibilities under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA18). This means ensuring that your personal data is handled in ways that are safe, transparent and what you would reasonably expect. We respect your trust in us to use, store and share your information. In this notice we explain how we collect personal information about you, how we use it and how you can interact with us about it. We try to keep this notice as simple as possible but if you are unfamiliar with our terms, or want more detail on any of the information here, please contact us at 01422 438550.
Meeting our Legal and Regulatory Obligations
To use your information lawfully, we rely on one or more of the following legal bases:
- for the performance of a task carried out in the public interest or it is necessary in the exercise of official authority vested in us
- the performance of a contract
- where the processing is necessary for compliance with our legal obligations
- protecting the vital interests of you or others
- for our organisational legitimate interests; e.g. for incidental and ancillary data processing, for example the management of non-patient or medical databases used for our internal administrative purposes
- where appropriate with your consent
- where necessary for the purposes of preventative or occupational medicine, for the assessment of medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
We also respect the common law duty of confidentiality and to satisfy the common law we may rely on implied consent to share confidential health data for the provision of direct care; for example, when a patient agrees to a referral from one healthcare professional to another.
Health care professionals are required to maintain records about your health including any treatment or care you have received within the NHS (e.g. NHS hospital trust, GP surgery, walk-in clinic, etc.). Using these records helps us to provide the best possible healthcare for our patients.
NHS health records may be processed electronically or on paper or a mixture of both and a combination of working practices and technology are used to ensure that your information is kept confidential and secure.
Records used and stored by this GP practice may include the following information:
- Any contact we have with you, such as appointments, clinic visits, emergency appointments, telephone triage etc.
- Notes and reports about your health
- Details about your treatment and care
- Details about you, including your date of birth, NHS number, address and next of kin etc.
- Results of investigations about you such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, agencies, relatives or those who care for you.
This GP practice collects and holds data for the sole purpose of providing healthcare services to our patients and we will ensure that such sensitive information is kept confidential. However, we may disclose your personal information if:
(a) It is required by law
(b) You consent to do so – either implicitly (e.g. for your own treatment and care) or explicitly for other purposes (e.g. sending you newsletters etc.)
(c) It is justified in the public interest
Some of your personal data will be held centrally and used for statistical purposes. Where we hold data centrally, we take strict measures to ensure that individual patients cannot be identified.
Sometimes information about you may be requested to be used for research purposes. Caritas Group Practice will always endeavour to gain your consent before releasing such information.
Under the powers of the Health and Social Care Act 2012 (HSCA) the Health and Social Care Information Centre (HSCIC) can request Personal Data from GP Practices without seeking the patient’s consent.
Improvements in information technology are also making it possible for us to share data with other healthcare providers with the objective of providing you with better care.
Any patient can choose to withdraw their consent to their data being used in this way. When Caritas Group Practice is about to participate in any new data-sharing scheme we will make patients are aware by displaying prominent notices in the surgery and on our website, providing reasonable notice before the scheme is due to start. We will also explain clearly what you have to do to ‘opt-out’ of each new scheme. A patient can object to their personal information being shared with other health care providers, however if this limits the treatment that you can receive then the doctor will explain this to you at the time.
Data controller: Catherine Gill, Caritas Group Practice, Woodside Surgery, Woodside Road, Boothtown, Halifax, HX3 6EL