Data Controller contact details:
Dr O. Jamshad
Freuchen Medical Centre,
190 High Street,
Harlesden,
NW10 4ST
Data Protection Officer contact details:
Dr. Ernest Norman-Williams
[email protected]
Purpose of the processing for the provision of your healthcare:
· To give direct health or social care to individual patients.
· For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
· To check and review the quality of care. (This is called audit and clinical governance).
Lawful basis for processing for the provision of your healthcare:
These purposes are supported under the following sections of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’;
and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
Purpose of the processing for medical research and to measure quality of care:
Medical research and to check the quality of care which is given to patients (this is called national clinical audit).
Lawful basis for processing for medical research and to measure the quality of care:
The following sections of the GDPR mean that we can use medical records for research and to check the quality of care (national clinical audits)
– Article 6(1)(e) – ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.
For medical research there are two possible conditions.
Either:
Article 9(2)(a) – ‘the data subject has given explicit consent…’
Or:
Article 9(2)(j) – ‘processing is necessary for… scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member States law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject’.
To check the quality of care (clinical audit):
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’
Purpose of the processing to meet legal requirements Compliance with legal obligations or court order:
Lawful basis for processing to meet legal requirements:
These purposes are supported under the following sections of the GDPR:
Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’
Purpose of the processing for National screening programmes:
· The NHS provides several national health screening programmes to detect diseases or conditions early such as cervical and breast cancer, aortic aneurysm and diabetes.
· The information is shared so that the correct people are invited for screening. This means those who are most at risk can be offered treatment.
Lawful basis for processing for National screening programmes:
The following sections of the GDPR allow us to contact patients for screening.
Article 6(1)(e) – ‘processing is necessary…in the exercise of official authority vested in the controller…’’
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’
Rights to object:
· You have the right to object to information being shared between those who are providing you with direct care.· This may affect the care you receive – please speak to the practice.
· You are not able to object to your name, address and other demographic information being sent to NHS Digital.
· This is necessary if you wish to be registered to receive NHS care.
· You are not able to object when information is legitimately shared for safeguarding reasons.
· In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
· The information will be shared with the local safeguarding service [Ealing Social Services 02088258000]
Right to access and correct:
· You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff.
We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention period GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: here or speak to the practice.
Right to complain:
You have the right to complain to the Information Commissioner’s Office. You may follow this link or call the helpline 0303 123 1113.
Data we get from other organisations:
We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.