Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases
- Anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff and will only access whatis necessary for your query.
Freedom of Information
Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
Access To Records
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue any kind of complaint please write to the practice manager if possible completing our complaints form,who will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from reception.
How We Use Your Data
This privacy notice explains why and what information we collect about you, and how that information may be used.
- Details about you, such as address and next of kin
- Any contact this or your previous practices have had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you and know you well
Your records are primarily used to facilitate the care you receive. However there are a number of crucial other uses for clinical data these include the ability to properly
- Check the quality of care we provide to everyone (ie clinical audit, responding to complaints)
- Protect the health of the general public
- Monitor how we spend public money
- Train healthcare workers
- Carry out research
- Help the NHS plan for the future.
- Risk stratification
For full details including all third parties we share data with, data retention periods, lawful basis for processing as well as information about your rights; please see our Fair Processing Notice available from reception.
How We Share Your Data
We are mindful of both the Data sharing laws and Caldicott principles that underpin Information Governance. We only share your data within these frameworks and Laws.
There is currently only one key national data sharing initiative – The Summary Care Record. There is one other local data sharing initiative – The Camden Integrated Digital Record.
Summary Care Record
The NHS in England uses an electronic record called the Summary Care Record (SCR) to support patient care.
It’s a copy of key information i.e. allergies and medication from your GP record and provides authorised healthcare staff faster, secure access to your essential information when it’s needed, for example when you attend accident & emergency.
What if I don’t want a summary care record?
You can opt out at any time by asking Reception.
What if I don’t want an integrated record?
You can opt out at any time by asking Reception.
The Practice is registered with the Data Protection Agency and is bound by the rules governing the collection and storage of personal data. Your personal data will only be seen by professionals at the practice involved in providing your care. Occasionally anonymised health information is sent to the Primary Care Trust to support quality monitoring, public health analysis and post-payment verification.
Under the Data Protection Act 1998, you have the right of access to your health records. If you wish to be given a copy of your records, a small fee will be charged for this service to cover the cost to the practice. If you would like to apply for access to your records, please speak to your Doctor or to the Assistant to Practice Manager.
Freedom of Information Act 2000
The Freedom of Information Act, gives the general right of access to all types of recorded information held by the practice. The intention of the Act is to encourage a spirit of openness and transparency in the NHS and the whole public sector. Our practice aims to fully support this.
GDPR – General Data Protection Regulation
Ask at reception and we will provide you with a subject access request form.
What Is GDPR?
The GDPR is Europe’s new framework for data protection laws which apply as from 25th May 2018 – it replaces the previous 1995 data protection directive, which current UK law is based upon.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access requests
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What is 'patient data'?
Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc.
Whats is consent?
Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
Subject Access Requests (SARs)
Under the Data Protection Act 1998, all living individuals or ‘Data Subjects’ have a right to be informed of the following:
- If the practice holds, stores or processes personal data about them.
- A description of the Personal Data held, the purposes for which it is processed and to whom the personal data may be disclosed.
- A copy of any information held.
- To be informed as to the source of the data held.
HIE - Health Information Exchange
As part of the response to the COVID crisis, West Hampstead Medical Centre (and all other practices in North Central London) have been enrolled in the Health Information Exchange system which creates a Health & Care Joined-up record (and supersedes the previous Care Integrated Digital Record.
We all use a wide range of health and care services in our lives, whether it’s a visit to our GP practice, a hospital appointment or receiving a visit from a social worker.
When this happens, each organisation keeps a record of the care we receive; in the past, these records were on paper, but now this is usually an electronic record held separately by each organisation.
The joined-up record will mean that your medical record at WHMC will be shared with these other local health and care professionals, helping them to make quicker and safer decisions about your care.
This joined up record is part of a wider drive by the NHS and social care services to use technology as a way of improving care and making better use of staff time and money.
There is also a separate system called Healtheintent which has different uses that we have not currently joined pending discussion with our Patient Participation Group.
Please do refer to the FAQs section for more information including regarding how your information is safely accessed and stored and how to make a Subject Access Request
If you have any further questions which have not been addressed on the website please do email email or call the enquiry line on 02036881900.
You also access the Data Protection Officer (Mr Steve Durbin) via the same email who will look at resolve any Subject Access Requests, Data enquires, Information Governance concerns or Legal quieries.
We share anonymised information from medical records:
- To support medical research when the law allows us to do so, for example to learn more about why people get ill and what treatments might work best;
- We will also use your medical records to carry out research within the practice.
This is important because:
- The use of information from GP medical records is very useful in developing new treatments and medicines;
- Medical researchers use information from medical records to help answer important questions about illnesses and disease so that improvements can be made to the care and treatment patients receive.
- We share information with the following medical research organisations with your explicit consent or when the law allows: Clinical Research Network, University College Hospital
- You have the right to object to your identifiable information being used or shared for medical research purposes. Please speak to the practice if you wish to object
Checking the quality of care - national clinical audits
We contribute to national clinical audits so that healthcare can be checked
- Information from medical records can help doctors and other healthcare workers measure and check the quality of care which is provided to you.
- The results of the checks or audits can show where hospitals are doing well and where they need to improve.
- The results of the checks or audits are used to recommend improvements to patient care.
- Data are sent to NHS Digital - a national body with legal responsibilities to collect data. The data will include information about you, such as your NHS Number and date of birth and information about your health which is recorded in coded form - for example the code for diabetes or high blood pressure.
- We will only share your information for national clinical audits or checking purposes when the law allows.
- For more information about national clinical audits see the Healthcare Quality Improvements Partnership website: https://www.hqip.org.uk/ or phone 020 7997 7370.
- You have the right to object to your identifiable information being shared for national clinical audits. Please contact the practice if you wish to object.
NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.
- It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
- This practice must comply with the law to send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
- More information about NHS Digital and how it uses information can be found at the NHS Website
- NHS Digital sometimes shares names and addresses of patients suspected of committing immigration offences with the Home Office.
National Screening Programmes
The NHS provides national screening programmes so that certain diseases can be detected at an early stage.
- These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service.
- The law requires us to share your contact information with Public Health England so that you can be invited to the relevant screening programme.