In line with Department of Health Guidelines, The Caldicott Report and the Data Protection Act we wish to advise you of how we handle information we hold about our patients.
- We ask you for information to allow us to provide you with appropriate care and treatment
- We keep this information, together with your details of care, because it may be needed if we need to contact you or if we see you again
- We may use some of this information for other reasons: for example to help us protect the health of the public generally and to see that the NHS runs efficiently; to plan for the future; to train staff, and account for actions taken.
- Sometimes the law requires us to pass on information: for example to notify a birth.The NHS Central Register for England and Wales contains basic personal information of all patients who are registered with a General Practitioner. The Register does not contain clinical information.
You have the right of access to your health records.
Everyone working for the NHS has a legal duty to keep information about you confidential.
You may be receiving care from other people as well as the NHS. So that we can all work together for your benefit, we may need to share some information about you.
We only ever use or pass on information about you if people have a genuine need that is in yours and everyone’s interest. Whenever we can we shall remove details which identify you. The sharing of some types of very sensitive personal information is strictly controlled by law.
Anyone who receives information from us is also under a legal duty to keep it confidential.
The Data Protection Act
A brief overview of the Data Protection Act and The Caldicott Report which govern the way we process and store personal information is outlined overleaf.
The Data Protection Act 1998 was revised in 1998 to include:
- Manually held data as well as computerised
- Health Records
- Almost any type of personal data, and the handling of this information
- A condition that the person to whom the information is about has consented for it to be held
The 1998 Data Protection Act has 8 basic principals and applies to everyone who handles personal data and to the way in which the data is stored and used. They are;
- Information must be processed fairly and lawfully and only when the criteria for doing so are met
- Information is obtained for specified and lawful; purposes only
- Data collection is adequate, relevant and not excessive for the purpose it is intended
- Data is accurate and, where necessary, updated regularly
- Data is not kept for longer than necessary
- Data is processed in accordance with the rights of the data subjects
- Data is protected by appropriate security measures
- Data is not transferred without adequate level of protection
The staff at Weston Lane and Harefield Surgeries are subject to the confidentially and security recommendations of the “Caldicott” Report which in conjunction with the Data Protection Act combine to advise and monitor the staff in the handling of patient identifiable confidential information
The 6 Caldicott principals are:
- To be able to justify the purpose of every proposed use or transfer
- Not to use it unless absolutely necessary
- Use the minimum necessary
- Access to be on a strict need-to-know basis
- Everyone with access to it should be aware of their responsibilities and
- Understand and comply with the law
We have practice policies for Information Governance, Computer Security and Confidentiality which can be obtained on request from our Practice Manager.