Access to Medical Records
If requested, patients can have access to their medical records registering with online access or contacting the surgery for assistance.
All patients are entitled to have a chaperone present for any consultation, examination or procedure where they feel one is required. The chaperone may be a family member or friend. On occasions you may prefer a formal chaperone to be present, i.e. a trained member of staff.
Wherever possible we would ask you to make this request at the time of booking so that arrangements can be made and your appointment is not delayed in any way. Where this is not possible we will endeavour to provide a formal chaperone at the time of request. However, occasionally it may be necessary to reschedule your appointment.
Your healthcare professional may also require a chaperone to be present for certain consultations in accordance with our chaperone policy.
Employee Privacy Notice
The organisation gathers and processes personal data relating to its employees to enable us to run the business and manage our relationship with you. We are committed to being open and transparent about how we gather and use that data and to meeting our data protection obligations.
This privacy notice applies to personal information processed by or on behalf of Beechwood Surgery
This notice explains:
- Who we are, how we use your information and our data protection officer (DPO)
- What kind of personal information about you we process
- What the legal grounds are for our processing of your personal information (including when we share it with others)
- What you should do if your personal information changes
- For how long your personal information is retained by us
- What your rights are under data protection laws
The UK General Data Protection Regulation (UK GDPR) became law on 24 May 2016. This is a single EU-wide regulation on the protection of confidential and sensitive information. It entered into force in the UK on the 25 May 2018, repealing the Data Protection Act (1998).
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), and the Data Protection Act 2018 (DPA2018), the organisation responsible for your personal data is Beechwood Surgery.
This notice describes how we collect, use and process your personal data and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us and we are committed to protecting and safeguarding your data privacy rights.
How we use your information and the law
Beechwood Surgery will be what is known as the ‘controller’ of the personal data you provide to us. Upon commencement of employment with the organisation you will be asked to supply the following personal information:
- Telephone numbers
- Email address
- Date of birth
- Marital status and family details
- National insurance number
- Bank details
- Emergency contact information
- Health information
- Vaccination and immunisation status/information
- Recruitment information such as your application form and CV, references, qualifications and membership of any professional bodies and details of any pre-employment assessments
- Information about your contract of employment (or services) including start and end dates of employment, role and location, working hours, details of promotion, salary (including details of previous remuneration), pension, benefits and holiday entitlement
- Your identification documents including passport and driving licence and information in relation to your immigration status and right to work for us
- Information relating to disciplinary or grievance investigations and proceedings involving you (whether or not you were the main subject of those proceedings)
- Information relating to your performance and behaviour at work
- Training records
- Electronic information in relation to your use of IT systems/swipe cards/telephone systems
- Your images (whether captured on CCTV, by photograph or video)
The information that we ask you to provide to the organisation is required by the business for the following reasons:
- For us to pay your salary
- For us to contact you out of hours if required
- To provide you with organisation information via email and post if required
- To have the ability to contact your emergency contacts if necessary
- To ensure we are able to inform the emergency services if your health is compromised
- To ensure that we can provide any reasonable adjustments as necessary
- To comply with payroll, auto-enrolment and RTI responsibilities
The organisation may collect this information in a variety of ways, for example from application forms, CVs or resumes, obtained from your passport or other identity documents such as your driving licence, from forms completed by you at the start of or during employment (such as pensions benefit nomination forms), from correspondence with you or through interviews, meetings or other assessments.
This personal data might be provided to us by you or someone else (such as a former employer, your doctor or a credit reference agency and information from criminal records checks permitted by law) or it could be created by us.
Your personal data will be stored in a range of different places including in your personnel file, in the organisation’s HR management systems and in other IT systems (including the organisation’s email system).
Throughout your employment we will collect data and add to your personnel file i.e., appraisal paperwork, communications, absence information and changes to personnel data.
Special categories of personal data
Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities).
Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring. This is to carry out its obligations and exercise specific rights in relation to employment.
Employment decisions are not based solely on automated decision-making.
How do we lawfully use your data?
We need to know your personal, sensitive and confidential data in order to employ you, under the GDPR we will be lawfully using your information in accordance with:
- Article 6, (b) Necessary for performance of/entering into contract with you
- Article 9(2) (b) Necessary for controller to fulfil employment rights or obligations in employment
This notice applies to the personal data of our employees and the data you have given us about your carers/family members.
How do we maintain the confidentiality of your record?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- The UK General Data Protection Regulations
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality, Information Security and Records Management
We will only ever use or pass on information about you to others who have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e., life or death situations) or where the law requires information to be passed on.
Our policy is to respect the privacy of our staff and to maintain compliance with the UK GDPR and all UK specific data protection requirements. Our policy is to ensure all personal data related to our staff will be protected.
All employees and sub-contractors engaged by Beechwood Surgery are asked to sign a confidentiality agreement. The organisation will, if required, sign a separate confidentiality agreement if the client deems it necessary. If a sub-contractor acts as a data processor for Beechwood Surgery, an appropriate contract (art. 24-28) will be established for the processing of your information.
In certain circumstances you may have the right to withdraw your consent to the processing of data. Please contact the data protection officer in writing if you wish to withdraw your consent. In some circumstances we may need to store your data after your consent has been withdrawn to comply with a legislative requirement.
Where do we store your information electronically?
All the personal data we process is processed by our organisation in the UK. However, for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.
No third parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. We have a data protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:
- Primary Care Networks
- Integrated Care Systems
- NHS Commissioning Support Units
- NHS England (NHSE) and NHS Digital
- Local authorities
- Private sector providers providing employment services
- Other ‘data processors’ which you will be informed of
Sharing your personal data
Your information may be shared internally including with members of the HR and recruitment team (including payroll), your line manager, managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles.
Sometimes we might share your personal data with other organisations within our group or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests, for example to obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service, the provision of benefits (NHS Pensions Scheme) and the provision of occupational health services.
The organisation may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
You will be informed who your data will be shared with and in some cases asked for consent for this to happen when this is required.
Who is the data controller?
Beechwood Surgery is registered as a data controller under the Data Protection Act 2018. Our registration number is ZA048057 and our registration can be viewed online in the public register at www.ico.gov.uk. This means we are responsible for handling your personal information and collecting and storing it appropriately.
We may also process your information for a particular purpose and therefore we may also be data processors. The purposes for which we use your information are set out in this privacy notice.
How long do we keep your personal information?
We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records Management Code of Practice for health and social care and national archives requirements.
More information on records retention can be found online at: NHSX – Records Management Code of Practice 2020
How can you access, amend or move the personal data that you have given to us?
Even if we already hold your personal data, you still have various rights in relation to it. For further information about this, please contact the Practice Manager. We will seek to deal with your request without undue delay and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us to resolve any issues that you raise.
- Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
- Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example for a research project) or consent to market to you, you may withdraw your consent at any time.
- Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data is collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
- Right of data portability: If you wish, you have the right to transfer your data from us to another data controller.
Your rights as an employee
Data Subject Access Requests (DSAR): You have a right under the data protection legislation to request access to view or to obtain copies of what information this organisation holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:
- Your request should be made to Clare Mulhall, Beechwood Surgery.
- There is no charge to have a copy of the information held about you. However we may, in some limited and exceptional circumstances, have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive
- We are required to provide you with information within one month. We would ask therefore that any requests you make are in writing and it is made clear to us what and how much information you require
- You will need to give adequate information (for example full name, address, date of birth and details of your request) so that your identity can be verified and your records located
What should you do if your personal information changes?
You should tell us so that we can update our records. Please contact the practice manager as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number). Beechwood Surgery will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.
What to do if you have any questions
- Contact the organisation via email at [email protected]
- Write to the data protection officer at Beechwood Surgery, 155 Victoria Road East, Thornton Cleveleys, FY5 5HH
- Ask to speak to the practice manager, Clare Mulhall.
The data protection officer (DPO) for Beechwood Surgery is Clare Mulhall.
Objections or complaints
In the unlikely event that you are unhappy with any element of our data processing methods, do please contact the practice manager, Clare Mulhall at Beechwood Surgery in the first instance. If you feel that we have not addressed your concern appropriately, you have the right to lodge a complaint with the ICO. For further details, visit ico.gov.ukand select “Raising a concern” or telephone: 0303 123 1113
The Information Commissioner’s Office is the regulator for the General Data Processing Regulations and offers independent advice and guidance on the law and personal data including your rights and how to access your personal information.
Summary Care Record
Summary Care Records (SCR)
Your Summary Care Record is a short summary of your GP medical records. It tells other health and care staff who care for you about the medicines you take and your allergies.
This will enable health and care professionals to have better medical information about you when they are treating you at the point of care. This change will apply for the duration of the coronavirus pandemic only. Unless alternative arrangements have been put in place before the end of the emergency period, this change will be reversed.
All patients registered with a GP have a Summary Care Record, unless they have chosen not to have one. The information held in your Summary Care Record gives health and care professionals, away from your usual GP practice, access to information to provide you with safer care, reduce the risk of prescribing errors and improve your patient experience.
Your Summary Care Record contains basic information about allergies and medications and any reactions that you have had to medication in the past.
Some patients, including many with long term health conditions, have previously agreed to have additional information shared as part of their Summary Care Record. This additional information includes information about significant medical history (past and present), reasons for medications, care plan information and immunisations.
During the coronavirus pandemic period, your Summary Care Record will automatically have additional information included from your GP record unless you have previously told the NHS that you did not want this information to be shared.
There will also be a temporary change to include COVID-19 specific codes in relation to suspected, confirmed, Shielded Patient List and other COVID-19 related information within the additional information.
By including this additional information in your SCR, health and care staff can give you better care if you need health care away from your usual GP practice:
- in an emergency
- when you’re on holiday
- when your surgery is closed
- at outpatient clinics
- when you visit a pharmacy
Additional information is included on your SCR
In response to the coronavirus (COVID-19) pandemic we are temporarily removing the requirement to have explicit consent to share the SCR additional information. This change of requirement will be reviewed when the pandemic is over.
You can be reassured that if you have previously opted-out of having a Summary Care Record or have expressly declined to share the additional information in your Summary Care Record, your preference will continue to be respected and applied.
Additional information will include extra information from your GP record, including:
- health problems like dementia or diabetes
- details of your carer
- your treatment preferences
- communication needs, for example if you have hearing difficulties or need an interpreter
This will help medical staff care for you properly, and respect your choices, when you need care away from your GP practice. This is because having more information on your SCR means they will have a better understanding of your needs and preferences.
When you are treated away from your usual doctor’s surgery, the health care staff there can’t see your GP medical records. Looking at your SCR can speed up your care and make sure you are given the right medicines and treatment.
The only people who might see your Summary Care Record are registered and regulated healthcare professionals, for example doctors, nurses, paramedics, pharmacists and staff working under their direct supervision. Your Summary Care record will only be accessed so a healthcare professional can give you individual care. Staff working for organisations that do not provide direct care are not able to view your Summary Care Record.
Before accessing a Summary Care Record healthcare staff will always ask your permission to view it, unless it is a medical emergency and you are unable to give permission.
Protecting your SCR information
Staff will ask your permission to view your SCR (except in an emergency where you are unconscious, for example) and only staff with the right levels of security clearance can access the system, so your information is secure. You can ask an organisation to show you a record of who has looked at your SCR – this is called a Subject Access Request.
The purpose of SCR is to improve the care that you receive, however, if you don’t want to have an SCR you have the option to opt out. If this is your preference please inform your GP or fill in an SCR opt-out form and return it to your GP practice.
Regardless of your past decisions about your Summary Care Record consent preferences, you can change your mind at any time. You can choose any of the following options:
- To have a Summary Care Record with additional information shared. This means that any authorised, registered and regulated health and care professionals will be able to see a enriched Summary Care Record if they need to provide you with direct care.
- To have a Summary Care Record with core information only. This means that any authorised, registered and regulated health and care professionals will be able to see information about allergies and medications only in your Summary Care Record if they need to provide you with direct care.
- To opt-out of having a Summary Care Record altogether. This means that you do not want any information shared with other authorised, registered and regulated health and care professionals involved in your direct care, including in an emergency.
To make these changes, you should inform your GP practice or complete the SCR patient consent preferences form and return it to your GP practice.