Your Medical Information
Why we collect information about you and what records we keep
To provide you with the best quality care possible, we must keep health records about you. These contain information about the treatment and support you receive which is recorded by the professionals who have been involved in your care. This may include:
- basic details about you such as address, date of birth, next of kin;
- any contact we have had with you such as clinical visits;
- notes and reports about your health;
- details and records about your treatment and care;
- hospital letters;
- results of x-rays, laboratory tests etc.;
- any other relevant information from people who care for you and know you well such as health professionals and relatives.
How we keep your records confidential
Everyone working for the NHS has a legal duty to keep information about you confidential and secure. To help us protect your confidentiality, it is important to inform us about any relevant changes that we should know about, such as change of address, telephone, change of personal circumstance.
All staff working in the practice sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
Access to patient records by staff other than clinical staff is regulated to ensure they are only accessed when there is a genuine need to do so, such as when identifying and printing repeat prescriptions for patients, or when typing referral letters to hospital consultants.
How your information may be used
We will share information in your health record to allow health professionals to work together more effectively to ensure you receive the best quality care.
Summary Care Record
One of the ways of sharing your health information for your care is through the Summary Care Record (SCR). The SCR is available nationally to health professionals who may care for you. It contains important information about any medicines you are taking, any allergies you suffer from, and any bad reactions to medicines that you have had. Access to this information can prevent mistakes from being made when caring for you in an emergency, or when your GP practice is closed. If you are registered with a GP practice in England your SCR is created automatically, unless you have opted out.
You can also ask for your SCR to include additional information about you, such as your current health conditions. This is known as an Enhanced SCR.
Further information on the SCR can be viewed at: https://www.digital.nhs.uk/summary-care-records.
SystmOne - GP Clinical System
Another way of sharing your information for your care is through the confidential electronic record system that we use in our practice, called SystmOne. This is used widely across the NHS and care organisations to keep accurate medical records about you. These records store important information about your illnesses and the care you have received in the past. Your record may contain information from different health and social care organisations such as a hospital, a minor injuries unit, or from a community care service such as district nursing.
How does this work?
Local trusted organisations, including your local Primary Care Network, that we work with on a regular basis will be able to access your record immediately once they have asked for your permission.
Other local health and social care organisations close to your home (Dorset), but outside of our PCN, can only access your medical record if you give them permission.
For organisations that are further afield and that we do not work with on a regular basis, we can send you a verification (security code) which allows you to choose whether to let that organisation view your medical record or not. For example, you may be working or on holiday in another part of the country and need care from a hospital or a clinic. Having access to your whole medical record will improve the care they can provide you. We will use your preferred mobile phone number or email address recorded on your medical record, so remember to let us know if this changes.
If you already use the SystmOnline patient portal, then you can select organisations to allow or prevent them from accessing your records. If you do not have a phone or email address and don’t use SystmOnline, then we will be happy to record your choices about which organisations you are happy to share your whole record with.
Further information about SystmOnline and these sharing controls, can be viewed at: https://systmonline.tpp-uk.com/2/help/help.html.
If you are a carer and have a Lasting Power of Attorney for health and welfare then you can agree access to the record on behalf of the patient who lacks capacity. If you do not hold a Lasting Power of Attorney then you can raise any specific concerns with the patient’s doctor.
If you have parental responsibility and your child is not able to make an informed decision for themselves, then you can make a decision about information sharing on behalf of your child. If your child is competent then this must be their decision.
Can I access my records?
The Data Protection Act 2018 (DPA) and the General Data Protection Regulation gives every living person, or authorised representative, the right to apply for access to their health records. You have a right to ask for a copy of all records held about you. An audit log is maintained showing who has accessed your record, and when. You are also entitled to request a copy of this log.
You can view your own health record, change how your record is accessed, and view an audit trail of who has accessed your record by using the SystmOnline patient portal. Ask your practice for details on how to set up an online account. Alternatively, you can make a request in writing and we will respond within a month. You will be required to provide ID before any information is released to you.
If you think that anything in your record is factually inaccurate or incorrect or would like any further detail about your information rights under the General Data Protection Regulation, please inform us.
Other people who may view my record
Occasionally we may receive requests from insurance companies to have copies of your medical records. We will usually issue a medical report rather than releasing your medical records and will check that your insurance company has received your consent for us to do this.
We may also need to provide limited information to local authorities about some infectious diseases or if you have had food poisoning. We would not require your consent to do this.
Very rarely, doctors may be required to disclose information in order to detect a serious crime. Likewise, a court order can require doctors to disclose certain information during a court case.
Data sharing outside of this GP practice for non-care purposes
You can register a type 1 opt with us if you wish to prevent your personal information being shared outside this GP practice for purposes other than your direct care. This opt-out request can only be recorded by your GP practice.
Data sharing outside NHS Digital for other purposes such as research and planning
NHS England links information from all of the different places where you receive care, such as hospital, community service and your GP Surgery. This allows them to compare the care you receive in one area against the care you receive in another.
This information is held in a secure environment by NHS Digital. The role of NHS Digital is to ensure that high quality data is used appropriately to improve patient care. NHS Digital has legal powers to collect and analyse data from all providers of NHS care. They are committed, and legally bound, to the very highest standards of privacy and confidentiality to ensure that your confidential information is protected at all times.
This data can also be used, with permission from NHS England, for research purposes.
You can choose if you do not want your confidential patient information to be used outside NHS Digital for purposes beyond your individual care and treatment such as for research and planning. You can set your own opt-out choice by visiting www.nhs.uk/your-nhs-data-matters.
You will need to provide:
- your NHS number, or your postcode (as registered with your GP practice)
- your mobile phone number or email address provided previously at your GP practice or other NHS service.
The online service is available 24 hours a day, 7 days a week.
If you would like to view this information in an alternative format, for example large print or easy read, or, if you need help communicating with us, for example because you use British Sign Language, please let us know via email to email@example.com
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.
The regulation applies from 25th May 2018, and will apply even after the UK leaves the EU.