Data Protection GDPR

CONFIDENTIALITY

Confidentiality is the cornerstone of health care and central to the work of everyone working in general practice. All information about patients is confidential; from the most sensitive diagnosis to the fact of having visited the Surgery or being registered as a patient. All patients can expect that their personal information will not be disclosed without their permission, except in the most exceptional circumstances, when somebody is at grave risk of serious harm. The duty of confidentiality owed to a person under the age of sixteen is as great as the duty owed to any other person.

YOUR DATA

Whitley House Surgery collects, stores and processes your personal data in line with the General Data Protection Regulation 2018 which is implemented in the UK via the Data Protection Act 2018. You will find a poster about how we use your medical records in the waiting room or you can view our full Privacy Notice for adults Full Privacy Notice-Feb24 and a simpler version for adults or children Summary Privacy Notice Feb 19. Please ask reception for a copy if you need one.

The following IT systems are in use at the practice:

  • Referral Management (using NHS numbers in referrals)
  • Electronic Appointment Booking (the facility to book routine appointments online and, similarly, to cancel appointments
  • Online booking of repeat prescriptions
  • Summary Care Record (uploading details of your current medication and allergies to the national “spine” so that these are available for doctors involved in your care elsewhere)
  • GP to GP transfers (the electronic transfer of records from practice to practice when you re-register
  • Patient Access to records (the facility to view your medical records online).

If you are not already registered for online access and would like to be please complete our online form.

If you would like access to your medical records enabled or would like to opt out of the local or national summary care record, please contact reception.

IT SECURITY

This practice is committed to preserving, as far as is practical, the security of data used by our information systems. This means that we will take all reasonable actions to;

Maintain the Confidentiality of all data within the practice by:

  • Ensuring that only authorised persons can gain access to our systems
  • Not disclosing information to anyone who has no right to see it

Maintain the integrity of all data within the practice by:

  • Taking care over input
  • Ensuring that all changes are reported and monitored
  • Checking that the correct record is on the screen before updating
  • Reporting all apparent errors and ensuring that they are resolved

Maintain the availability of all data by:

  • Ensuring that all equipment is protected from intruders
  • Ensuring that backups are taken at regular, predetermined intervals
  • Ensuring that contingency is provided for possible failure or equipment theft and that any such contingency plans are tested and kept up to date

Additionally we will take all reasonable measures to comply with our legal responsibilities under: