What is GDPR?
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access requests
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What is ‘patient data’
Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc.
What is consent?
Consent is permission from a patient - an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the GDPR Regulations.
The following notice reminds you of your rights in respect of the above legislation and how your GP Practice will use your information for lawful purposes in order to deliver your care and the effective management of the local NHS system.
This notice reflects how we use information for:
- The management of patient records;
- Communication concerning your clinical, social and supported care;
- Ensuring the quality of your care and the best clinical outcomes are achieved through clinical audit and retrospective review;
- Participation in health and social care research; and
- The management and clinical planning of services to ensure that appropriate care is in place.
As your registered GP practice, we are the data controller for any personal data that we hold about you.
Carnon Downs Surgery Privacy Notice, Leaflet & Quick Guide
Please click on the document below to see each version
Quick Guide - GDPR poster pdf.pdf
Privacy Notice for Patients 2019.docx
Patient Leaflet How we Use your records.doc
National Data Opt Out Programme
The 25th May 2018 also saw the introduction of the NHS ‘National data opt-out programme’; this is a service that enables data subjects to opt out of having their data shared for research and/or planning purposes. NHS Digital will be automatically converting patients’ existing type 2 objections to the new opt-out from 25 May 2018.
Our patients do not need to take any action, and this will not affect the way your information is used. We are continuing to respect yoiur original choice to not share confidential patient information beyond NHS Digital for research or planning, but your choice will be recorded as a national data opt-out rather than a type 2 objection.
Every patient who is now aged 13 or over with a type 2 objection recorded will receive a personal letter explaining the change. The letters will be issued from June 2018 and will include a handout which explains more about the national opt-out. The letter will ask our patients to contact NHS Digital should they have any questions.
Below is a useful link for patients from NHS Choices called 'Your NHS Data Matters' click on the logo for more information.