Pirbright Surgery – Privacy Notice
How we use your information
This document explains why we collect your information and how that information may be used.
Your personal data is handled in ways that are transparent and that you would reasonably expect. The Health and Social Care Act 2012 has altered the way that your personal confidential data is processed. You must be aware and understand these changes and that you have the opportunity to object and understand how to exercise that right.
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received with any NHS organisation. These records help to provide you with the best possible healthcare.
NHS health records may be processed electronically, on paper or a mixture of both, and through established working procedures and best practice coupled with technology we ensure your person data is kept confidential and secure. Records held by us may include the following:
• Your personal data such as next of kin
• Your history with us such as appointments, vaccinations, clinic visits, etc.
• Notes and reports about your health
• Details about your treatment and care
• Results of investigations and referrals such as blood tests, x-rays etc. and
• Relevant information from other health professionals, relatives or carers
We obtain and hold data for the sole purpose of providing healthcare services to our patients and we will ensure that the information is kept confidential. We can disclose your personal information if:
1. It is required by law
2. You consent – either implicitly or for the sake of your own care or explicitly for other
3. It is justified in the public interest
Some of this information is held centrally and used for statistical purposes. Where we hold data centrally, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the Practice will always endeavour to gain your consent before releasing the information.
You may choose to withdraw your consent to personal data being used in this way. If we are to participate in a new data sharing project we will make patients aware by displaying prominent notices in the Practice and on our website at least four weeks before the scheme is due to start. Instructions will be provided to explain how to “opt out” of each new scheme.
A patient can object to their personal information being shared with other healthcare providers bu
if this limits the treatment that you can receive then the doctor will explain this to you at the
Risk Stratification is a process that helps your doctor to help you manage your health. By using selected information from your health records, a secure NHS computer system will look at any recent treatments you have had in hospital or in the surgery and any existing health condition that you have. This will alert your doctor to the likelihood of a possible deterioration of your health. The clinical team at the surgery will use the information to get early care and treatment where it is needed. North West Surrey CCG supports Practices with this work. NHS security systems will protect your health information and patient confidentiality at all times.
Please be aware that you have the right to opt out of Risk Stratification.
Should you have any concerns about how your information is managed, or wish to opt out of any data collection at the Practice please contact us to discuss how the disclosure of your personal data can be limited. Patients have the right to change their minds and reverse a previous decision. Please contact us if you change your mind regarding any previous choice.
We may process your information to ensure that you benefit from good quality medicines and so you may make choice related to better health. This work is always done with your doctor in the practice. We sometimes ask other partners to support in identification of groups of patients who would benefit from a clinical review. We will make it very clear when a piece of work involving processing your information is being undertaken however when we believe you could be at a high risk of ill health by not acting quickly your doctor will act in your best interest and may allow your data to be processed. This is to ensure that you receive the care you may need as soon as possible.
Our Partner Organisations
We may need to share your information, subject to agreement on how it will be used, with the
• NHS Trusts
• Health & Social Care Information Centre (HSCIC)
• Specialist Trusts
• Independent Contractors such as dentists, opticians or pharmacists
• Private Sector Providers
• Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups
• Commissioning Support Units
• Social Care Services Local Authorities
• Education Services
• Fire & Rescue Services
• Other “data” Processors
Access to personal information held about you
Under the Data Protection Act 1998 you have the right to access/view information we hold about you, and to have it amended or removed should it be inaccurate. If we do hold information about you we will:
1. Give you a description of it
2. Tell you why we are holding it
3. Tell you who it could be disclosed to and
4. Let you have a copy of the information in an intelligible form
If you would like to make a “subject access request” please contact the Practice Manager in writing. There MAY be a charge for this service.
Any changes to this notice will be published on our website and in the Practice.
How we keep your personal information confidential
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioners Office) Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.
All our staff operate in accordance with the NHS Constitution and NHS Care Record Guarantee.
All our staff receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable where appropriate through disciplinary procedures. Only a limited number of staff have access to person information where it is appropriate to their role and strictly on a need to know basis.
When someone visits our website we collect standard internet log information and details of
behaviour patterns. We do this to find out things such as the number of visitors to the various part of the site. We collect this information in a way which does not identify anyone. We collect identifiable information from visitors to our site who register in order to receive particular services or to receive information on specific topics. This information is held securely and only used for the purposes provided.
We do not make any other attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from an source. If we do want to collect personally identifiable information through our website, we will make it clear when we collect the personal information and will explain what we intend to do with
Links to other websites
This Fair Processing Notice does not cover the links within this site linking to other websites.