Confidentiality & GDPR
What is GDPR?
GDPR stands for General Data Protection Regulations and is a piece of legislation that superseded the Data Protection Act 1998 on Friday 25th May 2018. It not only applies to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access requests.
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous.
- There are new, special protections for patient data.
- The Information Commissioner’s Office must be notified within 72 hours of a data breach.
- Higher fines for data breaches – up to 20 million euros.
- PLEASE SEE BELOW DOCUMENTS FOR FURTHER INFORMATION
- Basic Patient Leaflet - Your personal Information
- Comprehensive Patient Information Leaflet
- Freedon of Information Policy
- GDPR Patient Leaflet
- GDPR Subject Access Request Form
- GDPR Subject Access Request Policy
- Data Security and Protection Information
- Information Governance Policy
- Online Services Form
- Practice Privacy Notice
- Simple Practice Privacy Notice
Health & Care Records (HIE) (Health Information Exchange)
We are joining up your health and care records to improve the local services you receive. What does this mean for you? Being able to see your health and social care records at any time and in different places means health and care professionals can make quicker and safer decisions about your care
Health and care professionals have shared information on paper for many years – we now plan to do this using digital technology. GP practices and other health and care organisations are joining up the electronic records of all adults and children across Barnet, Camden, Islington, Enfield and Haringey (north central London) so that those delivering care can understand all your needs and make the best decisions about your care with you.
If you do not want to be part of this, you can opt out by clicking this link /media/content/files/GDPR 2020 PROTOCOLS/Health Information Exchange Opt Out Form.pdf Complete this form and send back to: FREEPOST NLP - JOINED UP CARE RECORD (no postcode required . You can read more about this programme at: https://www.northlondonpartners.org.uk/ourplan/Areas-of-work/Digital/Info-residents/
We have updated our privacy notice, which can be seen on our website - SEE BELOW DOCUMENT
Health Information Exchange (HIE) Privacy Notice
CQRS DATA EXTRACTION
This practice is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital. For more information about this see the General Practice Transparency Notice for GPES Data for Pandemic Planning and Research (COVID-19). See link below for further information
NATIONAL DATA OPT OUT OF INFORMATION SHARING
You can choose whether your confidential patient information is used for research and planning. You do not need to do anything if you are happy about how your confidential patient information is used, but you can change your choice at any time by looking at the options available to you below.
Type 1 opt-out: Medical records held at your GP practice
You can tell us, your GP practice if you do not want your confidential patient information that is held in your GP medical record to be used for purposes other than your individual care. This is commonly called a TYPE 1 OPT-OUT. This opt-out request can only be recorded by your GP practice. Should you wish to opt out of data collection, please register a Type 1 opt-out by completing the attached form (TYPE 1 OPT-OUT FORM) and sending it back to the practice by either email or post, to be coded to your medical records in order to prevent your information from being shared outside this Practice. If you have any queries, you can also contact a member of staff who will be able to advise you further.
Type 2 opt-out: Information held by NHS Digital
Previously you could tell your GP practice if you did not want us, NHS Digital, to share confidential patient information that we collect from across the health and care service for purposes other than your individual care. This was called a type 2 opt-out.
The type 2 opt-out was replaced by the national data opt-out. If you have previously opted-out of any data sharing arrangements, your opt-out will continue to be valid as Type 2 opt-outs recorded on or before 11 October 2018 have been automatically converted to national data opt-outs.
National data opt-outs are not recorded at the GP practice - You can ONLY change your national data opt-out choice by using the online service or by calling our contact centre. Their phone number is 0300 303 5678 – Monday to Friday, 9am to 5pm
Read more about the collection and conversion of type 2 opt-outs. To find out more visit nhs.uk/your-nhs-data-matters. Patient Leaflet - Your Data Matters
Useful Links
- For more detailed information see the Information Commissioner’s Office (ICO) website.
- Understanding Patient Data - An Introduction to the GDPR – and what it means for patient data.