Privacy Notice

 

BACK TO MAIN INDEX

 

Introduction

The Data Protection Regulations in the UK include two key pieces of law:

  • The Data Protection Act 2018
  • The UK GDPR which was adapted from the EU version at Brexit and now applies to processing for people based in the UK

There are other regulations in specific areas which need to be taken into account. This Privacy Notice has been written within the legislative framework as at Sept 2021. It will be revised as the framework and case law change.

 

What is this Privacy Notice about?

This Privacy Notice is part of the information to data subjects about how personal data is used. Being transparent and providing accessible information to individuals about how organisations will use their personal information is a key element of Data Protection Regulations.

This Privacy Notice is part of our programme to make the data processing activities we are carrying out in order to meet our healthcare obligations transparent.

The Privacy Notice tells you about information we collect and hold about you, the legal basis for collecting and holding the information, what we do with it, how we keep it secure (confidential), who we might share it with and what your rights are in relation to your information.

 

Who we are

Temple Fortune Medical Group is a GP Practice located in Hampstead, Garden suburb, Temple Fortune Medical Group has a full complement of clinical and non-clinical staff that recognises the importance of working as a team and we value the contribution of all of our staff members.

 

Types of information we use

We use the following types of information/data:

  • Personal data or sensitive personal/special categories of personal data such as:
    • demographics – name, address, date of birth, postcode, NHS number
    • racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, medical/health data, sexual life or sexual orientation data.
  • Pseudonymised - about individuals but with identifying details (such as name or NHS number) replaced with a unique code.
  • Anonymised - about individuals but with identifying details removed.
  • Aggregated - anonymised information grouped together so that it doesn't identify individuals.
 

What we use your personal data and special categories of personal data (known as or sensitive personal) for

We use and share information about you in a number of ways. These include:

Primary uses - information from your GP medical record which can be made available to other NHS and public sector organisations, including doctors, nurses and care professionals in order to help them make the best informed decision, and provide you with the best possible direct care delivery.

Secondary uses - information from your GP medical record involves extracting identifiable data and (usually) sharing that data with other NHS organisations, for the purpose of indirect care. Examples include using your information for research, auditing, and healthcare planning (population health management). A national opt-out for some secondary uses exists for your data – please see section below.

 

Identity and Contact details of the Data Controller and Data Protection Officer

Practice Contact Details

  • Name of Practice: Temple Fortune Medical Group
  • Address: 23 Temple Fortune Lane, London NW11 7TE
  • Contact Number: 0208 209 2401
  • Practice ICO Reference Number: ZA159729

Data Protection Officer

You can contact the data protection officer by post at the practice address, addressed for the attention of the Data Protection Officer.

The Data Protection Officer service is provided across NCL practices by:

Steve Durbin

Please quote the practice name in any communication.

 

Organisations we share your your personal information with

We share information about you with other GPs, NHS acute or mental health Trusts, local authorities, community health providers, pharmacists, commissioning organisations, medical research organisations and some specific non-NHS organisations for the purposes of direct and indirect care delivery of care.

We are required under the law to provide you with the following information how we process your personal data, the purpose of proposing, recipient/categories of your personal data, the identity of our Data Protection Officer (DPO), how long we retain personal information about you, the legal basis and justification for the processing, and your right to view, request access copies of your personal information, or object to the processing.

In all cases, the data controller and Data Protection Officer (DPO) are as listed as above.

 

Direct Medical Care and Administration

Recipients or categories of recipients of the personal or special categories of personal data

NHS Trusts – Hospitals, Community or Mental Health Trusts.

 

Purpose of the processing

Personal data concerning your GP medical record may be shared with NHS Trusts in order to enable their healthcare professionals make the best informed decision about your health needs, and provide you with the best possible care if you visit the hospital for routine care and referrals.

Your personal information may also be processed for local administrative purposes such as:

  • Waiting list management;
  • local clinical audit;
  • Performance against local targets;
  • activity monitoring;
  • production of datasets to submit for commissioning purposes and national collections.

The source of the information shared in this way is your electronic GP record.

 

Data Retention Period

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

 

Lawful basis UK General Data Protection Regulation - Article 6 - - Article 9

The processing of personal data is permitted under the following paragraphs: Article 6(1) (c) - processing for legal obligation; Article 6(1) (e) - public interest or in the exercise of official authority. The processing of special categories of personal data concerning health is permitted under the following paragraphs: Article 9(2) (b) – processing necessary in the field of employment, social security and social protection law. Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

 

Your Rights

You have the right to
  • To access, view or request copies of your personal information;
  • request rectification of any inaccuracy in your personal information;
  • restrict the processing of your personal information where:
    • accuracy of the data is contested,
    • the processing is unlawful or,
    • where we no longer need the data for the purposes of the processing.
 
Right to object

In line with the UK GDPR Article 21, you have a general right to raise an objection to the processing of your personal data in some particular circumstances. This right only applies where we cannot demonstrate compelling legitimate grounds for continued processing of your personal data for the purposes of direct provision of care, and compliance with a legal obligation to which we are subject. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain

If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, or if not satisfied, with the Information Commissioner (ICO).

The ICO can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

Recipients or categories of recipients of the personal or special categories of personal data

Emergency Services (Ambulance trusts, police, A&E departments, out of hours services, 111)

 

Purpose of the processing

There are circumstances when intervention is necessary in order to save or protect a patient’s life or to prevent them from serious immediate harm, for example, during a collapse or diabetic coma or serious injury or accident. In many of these circumstances the patient may be unconscious or too ill to communicate.

Medical professionals have a duty of care to share data in emergencies to protect their patients or other persons. In these circumstances, your GP medical record will be shared with emergency healthcare services, the police or fire service in order to enable you receive the best treatment or service. The source of the information shared in this way is your electronic GP record.

 

Data Retention Period

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

 

Lawful basis UK General Data Protection Regulation - Article 6 - - Article 9 –

The processing of personal data is permitted under the following paragraphs:

Article 6(1) (c) - processing for legal obligation; Article 6(1) (d) – the processing is necessary in order to protect the vital interests of the data subject The processing of special categories of personal data concerning health is permitted under the following paragraph: Article 9 (2) (C) – the processing is necessary to protect the vital interests of the data subject

Related Legislation:

 

Your Rights

You have the right to
  • Make pre-determined decisions about the type and extent of care you will receive in an emergency, these are known as “Advance Directives”;
  • access, view or request copies of your personal information;
  • request rectification of any inaccuracy in your personal information;
  • restrict the processing of your personal information where:
    • accuracy of the data is contested,
    • the processing is unlawful or,
    • where we no longer need the data for the purposes of the processing.
 
Right to object

You have the right to object to some or all of your personal information being shared with the recipients. You also have the right to have an “Advance Directive” placed in your records and brought to the attention of relevant healthcare workers or staff. We will notify you at the earliest opportunity where we have shared your personal data in an emergency situation. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain

If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, or if not satisfied, with the Information Commissioner (ICO).

The ICO can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

If you would like to request the our full privacy notice please contact us