Medical Records and Confidentiality Privacy Notice
We are part of the Data Protection Register and your rights are protected under General Data Protection Regulations (Data Protection Act 2018).
The GP partners and NHS Tayside’s Medical Director are the Caldicott Guardians of patient records, with specific responsibility for reflecting patients’ interests regarding the use of patient identifiable information and ensuring this is shared in an appropriate and secure manner.
The personal information we use is on different groups of individuals including:
- Complainants, enquirers
- Survey respondents
- Professional experts and consultants
Personal identifiable information like your name, address, date of birth and postcode are used. We also use more sensitive types of personal information including racial or ethnic origin, genetic and biometric data, health, sex life or sexual orientation. Information can relate to personal and family details, education, training, employment, financial, lifestyle, social circumstances, visual images.
Personal information is used to enable NHS Tayside to fulfil its statutory responsibilities to provide or arrange healthcare, health improvement and health protection.
We protect personal information by ensuring:
· all staff undertake mandatory training in Data Protection and IT Security
· compliance with NHS Scotland Information Security Policy
· organisational policy and procedures on the safe handling of personal information
· access controls and audits of electronic systems
Depending on the situation, where necessary we will share appropriate, relevant and proportionate personal information in compliance with the law, with the following:
- Our patients and their chosen representatives or carers
- Current, past and potential employers
- Healthcare social and welfare organisations
- Suppliers, service providers, legal representatives
- Auditors and audit bodies
- Educators and examining bodies
- Research organisations
- People making an enquiry or complaint
- Financial organisations
- Professional bodies
- Trade Unions
- Business associates
- Police forces.
- Security organisations.
- Central and local government.
- Voluntary and charitable organisations.
It is sometimes necessary to transfer personal health information overseas, for example if you require urgent medical treatment abroad. Any transfers made will be in full compliance with our Information Governance and Security Policy.
Children aged 12-16 years in Scotland are legally able to provide consent and have the same rights as adults over their data. The following applies:
- All online registrations must be in the child’s name, including email address.
- All information including test results will only be provided to parents/guardians where there is specific consent.
Retention of data
NHS Tayside has adopted the minimum retention periods set out in the Scottish
Government Records Management: NHS Code of Practice (Scotland).
See http://www.scotland.gov.uk/Publications/2012/01/10143104/0 for more details.
The practice retains staff information for no longer than 7 years after employment ends. This is then erased securely.
We record calls and retain them for no longer than 3 months. We do this for quality and training purposes, and to protect participants.
NHS Tayside is the Data Protection Officer. If you are concerned about a breach in your data, please contact the practice in the first instance. If you remain dissatisfied you can contact NHS Tayside at email@example.com or the Information Commissioner’s office – see website www.ico.org.uk for details.
Inaccuracy of data
If the personal information we hold about you is inaccurate or incomplete you have the right to have this corrected.
If it is agreed that your personal information is inaccurate or incomplete we will aim to amend your records accordingly, normally within one month, or within two months where the request is complex. However, we will contact you as quickly as possible to explain this further if the need to extend our timescales applies to your request. Unless there is a risk to patient safety, we can restrict access to your records to ensure that the inaccurate or incomplete information is not used until amended.
If for any reason we have shared your information with anyone else, perhaps during a referral to another service for example, we will notify them of the changes required so that we can ensure their records are accurate.
If on consideration of your request we do not consider the personal information to be inaccurate then we will add a comment to your record stating your concerns about the information. If this is case we will contact you within one month to explain our reasons for this.
If you are unhappy about how we have responded to your request for rectification we will provide you with information on how you can complain to the Information Commissioner’s Office, or how to take legal action.
Provided we can demonstrate compelling legitimate grounds for processing your personal information, for instance; patient safety or for evidence to support legal claims, this right will not be upheld.
This refers to an individual’s right to request the deletion or removal of personal information where there is no compelling reason for us to continue using it. As with other rights, there are particular conditions around this right and it does not provide individuals with an absolute right to be forgotten. Individuals have the right to have their personal information deleted or removed in the following circumstances:
- When it is no longer necessary for the purpose for which it was collected.
- When we no longer have a legal basis for using your personal information.
- When you object to us using your personal information and there is no overriding legitimate interest for us to do so.
- If there is a legal obligation to erase your personal information for example by court order.
We can refuse to deal with your request for erasure when we use your personal information:
- to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
- for public health purposes in the public interest.
- for archiving purposes in the public interest, scientific research historical research or statistical purpose.
- to exercise or defend legal claims.
When using personal information our legal basis is usually that its use is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us under the NHS Scotland Act as noted previously. This means that in most circumstances we can refuse requests for erasure. However we will advise you of this as soon as possible following receipt of your request.
Comments, Suggestions and Complaints
We strive to provide our patients with the highest possible standard of care and to act quickly if problems arise. If you have any comments, suggestions or complaints on any aspect of the service we provide, please bring this to our attention as soon as possible to allow us the opportunity to address your concerns and, if necessary, conduct a full investigation. The Practice Manager will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from reception.
Patients' Rights and Responsibilities
You will be treated as an individual and will be given courtesy and respect at all times. You will receive the most appropriate care, given by suitably qualified people, and no care will be given without your informed consent. In return we would ask you to treat all doctors and staff with courtesy and respect. We would also ask that you try to follow the medical advice offered, and take any medication as advised.
We strongly support the NHS policy of zero tolerance. Any patient attending the practice who abuses the doctors, staff or other patients verbally, physically or in any threatening manner whatsoever, will risk immediate removal from the practice list.
Please click on the link below for further information:
Freedom of Information
We have adopted the Model Publication Scheme 2014. Please click on the link below to view this.