Practice Policies


Medical Records and Confidentiality Privacy Notice


Locked blue folderWe are part of the Data Protection Register and your rights are protected under General Data Protection Regulations (Data Protection Act 2018).


The GP partners and NHS Tayside’s Medical Director are the Caldicott Guardians of patient records, with specific responsibility for reflecting patients’ interests regarding the use of patient identifiable information and ensuring this is shared in an appropriate and secure manner.


The personal information we use is on different groups of individuals including:

  • Patients
  • Staff
  • Contractors
  • Suppliers
  • Complainants, enquirers
  • Survey respondents
  • Professional experts and consultants


Personal identifiable information like your name, address, date of birth and postcode are used. We also use more sensitive types of personal information including racial or ethnic origin, genetic and biometric data, health, sex life or sexual orientation. Information can relate to personal and family details, education, training, employment, financial, lifestyle, social circumstances, visual images.


Personal information is used to enable NHS Tayside to fulfil its statutory responsibilities to provide or arrange healthcare, health improvement and health protection.


We protect personal information by ensuring:

· all staff undertake mandatory training in Data Protection and IT Security

· compliance with NHS Scotland Information Security Policy

· organisational policy and procedures on the safe handling of personal information

· access controls and audits of electronic systems


Depending on the situation, where necessary we will share appropriate, relevant and proportionate personal information in compliance with the law, with the following:

  • Our patients and their chosen representatives or carers
  • Staff
  • Current, past and potential employers
  • Healthcare social and welfare organisations
  • Suppliers, service providers, legal representatives
  • Auditors and audit bodies
  • Educators and examining bodies
  • Research organisations
  • People making an enquiry or complaint
  • Financial organisations
  • Professional bodies
  • Trade Unions
  • Business associates
  • Police forces.
  • Security organisations.
  • Central and local government.
  • Voluntary and charitable organisations.


It is sometimes necessary to transfer personal health information overseas, for example if you require urgent medical treatment abroad. Any transfers made will be in full compliance with our Information Governance and Security Policy.




Children aged 12-16 years in Scotland are legally able to provide consent and have the same rights as adults over their data. The following applies:

  • All online registrations must be in the child’s name, including email address.
  • All information including test results will only be provided to parents/guardians where there is specific consent.


Retention of data


NHS Tayside has adopted the minimum retention periods set out in the Scottish

Government Records Management: NHS Code of Practice (Scotland).

See for more details.


The practice retains staff information for no longer than 7 years after employment ends. This is then erased securely.


We record calls and retain them for no longer than 12 months. We do this for quality and training purposes, and to protect participants.


NHS Tayside is the Data Protection Officer. If you are concerned about a breach in your data, please contact the practice in the first instance. If you remain dissatisfied you can contact NHS Tayside at or the Information Commissioner’s office – see website for details.




Comments, Suggestions and Complaints

Customer service formWe strive to provide our patients with the highest possible standard of care and to act quickly if problems arise.  If you have any comments, suggestions or complaints on any aspect of the service we provide, please bring this to our attention as soon as possible to allow us the opportunity to address your concerns and, if necessary, conduct a full investigation.  The Practice Manager will deal with your concerns appropriately.  Further written information is available regarding the complaints procedure from reception.




Patients' Rights and Responsibilities

You will be treated as an individual and will be given courtesy and respect at all times.  You will receive the most appropriate care, given by suitably qualified people, and no care will be given without your informed consent.  In return we would ask you to treat all doctors and staff with courtesy and respect.  We would also ask that you try to follow the medical advice offered, and take any medication as advised. 

We strongly support the NHS policy of zero tolerance.  Any patient attending the practice who abuses the doctors, staff or other patients verbally, physically or in any threatening manner whatsoever, will risk immediate removal from the practice list. 

Please click on the link below for further information:





Freedom of Information

We have adopted the Model Publication Scheme 2014.  Please click on the link below to view this.

FOI 2019




NHS ScotlandThis site is brought to you by My Surgery Website