General Data Protection Regulations (GDPR) 2018 (formerly Data Protection Act 1998)

Information about you and how we use it

When you come to the surgery, information about you, your medical treatment and family background may be recorded, on paper and computer, to help us care for you. The information is part of your health record and will be kept in case we need to see you again.We hold demographic data (name, address, telephone numbers, date of birth, ethnic origin, family relationships, next of kin) and clinical data (diagnoses, family history, allergies and sensitivities, medication, consultation records, investigations, test results, referrals and letters to and from other NHS organisations about your care).

Members of the clinical teams looking after you may share your personal health information with each other. This team may include healthcare professionals and support staff. All NHS staff are bound by law and a strict code of confidentiality, and are monitored by the Surgery's Caldicott Guardian (Dr Alex Harding), who is responsible for ensuring patients' confidentiality is respected. Your confidentiality is very important to us, and we have strict controls in place to protect your information.

Data will be retained only for as long as necessary to provide care for you. Our document retention policy is available by clicking here

Your information rights

  • You have the right to know how we will use your personal information.
  • You have the right to see your health record (your medical notes). This is known as Right of Subject Access.
  • You have the right to object to us making use of your information.
  • You can ask us to change or restrict the way we use your information and we have to agree if possible.
  • You have the right to ask for your information to be changed, blocked or erased if it is incorrect.

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

Accessing your Record

You have a right under the General Data Protection Regulations 2018 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate more>>

How your records are used to help you

Accurate, up-to-date information about you:

  • helps staff to assess your health and care for you
  • will help staff to treat you in future, in the surgery or elsewhere
  • allows staff to monitor and if necessary investigate the care you have received

How your records help us

Accurate, up-to-date information about you:

  • helps us provide high quality care and meet all our patients' needs
  • helps us train healthcare professionals and support research and development
  • is necessary for the surgery to be paid for your treatment
  • supports audits of NHS services and accounts
  • supports investigation of any incidents or issues that arise
  • contributes to national NHS statistics.

Sharing your information

Sometimes we have to pass on information by law:

  • to notify a birth or death
  • when an infectious disease such as meningitis or measles may endanger the safety of others
  • where a formal court order has been issued
  • when sharing information with the police may prevent a serious crime, or prevent harm to you or other people.

We may have to share information about you with non-NHS staff (for example Social Services): we will only do this if it is necessary, and if we need your consent we will ask you for it. The main NHS organisations which may need your information are Clinical Commissioning Groups, Commissioning Support Units, other NHS trusts, hospitals, other GP practices and ambulance services. If we have to share information about you, we will remove your personal details where possible.

Downloads

Document retention
Our policy on document retention

Information for patients
Practice leaflet abour GDPR

Register your Type 1 Opt-out preference

Statement of Intent

Summary Care Record (SCR)
Having a Summary Care Record can help by providing healthcare staff treating you with vital information from your health record. This will help the staff involved in your care make better and safer decisions about how best to treat you. more>>


GP to GP record transfers
It is very important that you are registered with a doctor at all times. NHS England require practices to utilise the GP2GP facility for the transfer of patient records between practices when a patient registers or de-registers (not for temporary registration) more>>

Data for other purposes
You have the right to object to your information being shared under the national data opt-out model. The national data opt-out model provides an easy way for you to opt-out of sharing information that identifies you being used or shared for medical research purposes and quality checking or audit purposes.

To opt-out of your identifiable information being shared for medical research or to find out more about your opt-out choices please ask a member of staff or go to NHS Digital's website

Notification

The UK General Data Protection Regulation 2018 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office (ICO) website and the practice is registered with them.

Our Data Protection Officer is:

Bex Lovewell
Delt Shared Services Ltd.
BUILDING 2 - DELT
Derriford Business Park
Plymouth
PL6 5QZ

St Leonards Practice is registered with the ICO as the Data Controller and we are responsible for keeping your information secure and confidential.

Lawful basis for direct care and administrative purposes

All health and adult social care providers are subject to the statutory duty under section 251B of the Health and Social Care Act 2012 to share information about a patient for their direct care. This duty is subject to both the common law duty of confidence and currently the DPA98 (and in due course the DPA18 and GDPR).

For common law purposes, sharing information for direct care is on the basis of implied consent, which may also cover administrative purposes where the patient has been informed or it is otherwise within their reasonable expectations.

Under the GDPR, for processing personal data in the delivery of direct care, and for providers' administrative purposes, the Article 6 condition for lawful processing that applies to the surgery and all publicly funded health and social care organisations in the delivery of their functions is:
6(1)(e) for the performance of a task carried out in the public interest or in the exercise of official authority

Under the GDPR, personal data concerning health are special categories of personal data; the most appropriate Article 9 condition which applies to the surgery for direct care or administrative purposes is:
9(2)(h) medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems

Data transferred outside the EU

The data we hold on you will not be transferred outside the EU. Should any future changes in the NHS mean that this is possible, we will seek you permission before transferring any of your information outside the EU.

St Leonard's Practice

The Surgery
Athelstan Road
Exeter EX1 1SB

Surgery opening hours
Monday to Friday 08:15 - 18:00
Closed Wed 13:00 - 14:00

Appointment Line: 01392 201 791
General Enquiries: 01392 201 790

Surgery telephone hours
Monday to Friday 08:30 - 13:00 & 14:00 - 18:00

The St Leonard's Practice provides GP and family doctor services to patients in Exeter, Wonford, Heavitree, St Leonard's, Whipton, Stoke Hill and Pennsylvania.