Chapelford Medical Centre Privacy Notice
This notice provides information on about what personal data we collected from you how and why we use it for GP primary care purposes. We explain how we keep your data secure and what rights you can exercise around it. We also tell you how you can contact our Data Protection Officer if you have any queries about what we do with your information.
We handle your personal information in line with the requirements of Data Protection Act 2018 (DPA 2018), the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and all applicable laws and regulations relating to processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner’s Office (ICO).
Who we are
Chapelford Medical Centre is situated on Santa Rosa Boulevard, Great Sankey, Warrington WA5 3AL. Our Practice is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 and our registration number is ZA262451.
Why we collect personal information
Your records are used to directly, manage and deliver healthcare to you to ensure that:
- The staff involved in your care have accurate and up to date information to assess and advice on the most appropriate care for you.
- Staff have the information they need to be able to assess and improve the quality and type of care you receive.
- Appropriate information is available if you see another healthcare professional or are referred to a specialist or another part of the NHS, social care or health provider.
The personal information we collect about you may also be used to:
- Remind you about your appointments and send you relevant correspondence.
- review the care we provide to ensure it is of the highest standard and quality, e.g., through audit or service improvement;
- support the funding of your care, e.g., with commissioning organisations;
- prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory bodies;
- help to train and educate healthcare professionals;
- report and investigate complaints, claims and untoward incidents;
- report events to the appropriate authorities when we are required to do so by law;
- review your suitability for research study or clinical trial
- contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients
Where possible, we will always look to anonymise/ pseudonymise your personal information so as to protect patient confidentiality, unless there is a legal basis that permits us to use it and we will only use/ share the minimum information necessary.
How we collect personal information
Personal information about you is collected in a number of ways. This can be from referral details from our staff, other 3rd parties or hospitals, directly from you or your authorised representative.
What personal information we collect
We will likely hold the following basic personal information about you: your name, address (including correspondence), telephone numbers, date of birth, next of kin contacts, etc. We might also hold your email address, marital status, occupation, overseas status, place of birth and preferred name or maiden name.
In addition to the above, we may hold sensitive personal information about you which could include:
- Notes and reports about your health, treatment and care, including:
- your medical conditions
- results of investigations, such as x-rays and laboratory tests
- future care you may need
- personal information from people who care for and know you, such as relatives and health or social care professionals
- other personal information such as smoking status and any learning disabilities
- Your religion and ethnic origin
- Whether or not you are subject to any protection orders regarding your health, wellbeing and human rights (safeguarding status).
It is important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care plans in accordance with your needs.
Our lawful basis
Any personal information we hold about you is processed for the purposes of ‘provision of health or social care or treatment or the management of health of social care systems and services under chapter 2, section 9 of the Data Protection Act 2018.
Who we share your information with
We may need to share relevant personal information with other NHS organisations. For example, we may share your information for healthcare purposes with health authorities such as NHS England, Public Health England, NHS Practice, other general practitioners (GPs), ambulance services, primary care agencies, etc. We will also share information with other parts of the NHS and those contracted to provide services to the NHS in order to support your healthcare needs.
We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services, private care homes or our virtual consultation partner Push Doctor.
We will not disclose any health information to third parties without your explicit consent unless there are circumstances, such as when the health or safety of others is at risk or where current legislation permits or requires it.
There are occasions where the Practice is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
There may also be situations where we are under a duty to share your information, due to a legal requirement. This includes, but is not limited to, disclosure under a court order, sharing with the Care Quality Commission for inspection purposes, the police for the prevention or detection of crime or where there is an overriding public interest to prevent abuse or serious harm to others and other public bodies (e.g., HMRC for the misuse of public funds in order to prevent and detect fraud).
For any request to transfer your data internationally outside the UK/EU, we will make sure that an adequate level of protection is satisfied before the transfer.
The Practice is required to protect your personal information, inform you of how your personal information will be used, and allow you to decide if and how your personal information can be shared. Personal information you provide to the Practice in confidence will only be used for the purposes explained to you and to which you have consented. Unless there are exceptional circumstances, such as when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. Where there is cause to do this, the Practice will always do its best to notify you of this sharing.
How your personal information is kept secure
Where personal information is stored
Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.
We hold and process your information in accordance with the Data Protection Act 2018 as amended by the GDPR 2016, as explained above. In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.
We have a duty to:
- maintain full and accurate records of the care we provide to you;
- keep records about you confidential and secure;
- provide information in a format that is accessible to you.
Use of Email - Some services in the Practice provide the option to communicate with patients via email. Please be aware that the Practice cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk.
Further information can be found in our Information Governance policies, which are available at: http://www.sthk.nhs.uk/about/freedom-of-information/our-policies-and-procedures
How long we keep your personal information
All records held by the Practice will be kept for the duration specified by national guidance from the Department of Health. The Records Management Code of Practice for Health and Social Care 2016.
Confidential information is securely destroyed in accordance with this code of practice.
We may ask you to provide us with identification so that we can be sure that we are dealing with the right person. This is a security measure. We may also contact you to ask you to put your request into writing and/ or for further information in relation to your request to speed up our response.
We try to respond to requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In these cases, we will notify you and keep you up to date about when we expect to be able to respond.
If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 gives you certain rights, including the right to:
- Request access to the personal data we hold about you, e.g., in health records.
- Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards.
- Refuse/withdraw consent to the sharing of your health records: Under the Data Protection Act 2018, we are authorised to process, i.e., share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g., research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.
- Request your personal information to be transferred to other providers on certain occasions.
- Object to the use of your personal information: In certain circumstances you may also have the right to ‘object’ to the processing (i.e., sharing) of your information where the sharing would be for a purpose beyond your care and treatment (e.g., as part of a local/regional data sharing initiative). This is the “Data Opt-out” initiative, developed by Dame Caldicott. Further information can be found on the following website: https://digital.nhs.uk/national-data-opt-out
- We will always try to keep your information confidential and only share information when absolutely necessary.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you have any questions, want to exercise your rights or need further information about what we do with personal information, you can contact our Practice Manager, or our Data Protection Officer can be contacted by email at IG@sthk.nhs.uk.
The Data Protection Officer is:
Mr Craig Walker
Head of Information Governance and Quality Assurance & Data Protection Officer
St Helens & Knowsley Teaching Hospital Trust
Health Informatics Services
Alexandra Business Park
Tel: 0151 676 5698
You can find also out more about our legal obligations and your privacy rights from the Information Commissioner’s Office (ICO). The ICO oversees compliance with privacy laws in the UK. The ICO can be contacted at:
Information Commissioner's Office
Tel: 0303 123 1113
You have the right to make a complaint at any time to the ICO if you are not happy with the way that we have dealt with your personal data or a request from you to exercise your privacy rights.
We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Updating this notice
We may update this notice from time to time. If we plan to update the policy, we will let you know through the Chapelford Medical Centre website or by email.
A cookie is a small text file that may be placed on your computer or Device when you visit the Platform. When you next visit our website, the cookie allows us to distinguish you from other users. There are two categories of cookies: (a) ‘persistent cookies’ that remain on your computer or device until deleted manually or automatically; and (b) ‘session cookies’ which remain on your computer or device until you close your browser, when they are automatically deleted.
The cookies Chapelford Medical Centre uses:
- Essential cookies are required for the operation of the website and without them the website cannot operate properly.
- Performance cookies allow us to see and count the number of visitors to the website and what they do during their visit. We use the information from these cookies to improve the website’s performance. The data from these cookies doesn’t allow us to identify you.
Cookies may be set when you download, open or read an email from Chapelford Medical Centre if you have:
- configured weak security settings on your device
- added Chapelford Medical Centre to your safe senders list or address book
- enabled your device to automatically display images, or
- if you click on any link within the email.
If you would prefer for this not to happen, please disable automatic displaying of images, or remove us from your address book or strengthen your security settings. Alternatively, you can set your browser to restrict or reject cookies.