Other care providers with NHS contracts (e.g. services providing ultrasound scans, medical imaging; specialist providers such as those providing day surgery, other direct care tests / services)

There are circumstances when intervention is necessary in order to save or protect a patient’s life or to prevent them from serious immediate harm, for example, during a collapse or diabetic coma or serious injury or accident. In many of these circumstances the patient may be unconscious or too ill to communicate.

Medical professionals have a duty of care to share data in emergencies to protect their patients or other persons. In these circumstances, your GP medical record will be shared with emergency healthcare services, the police or fire service in order to enable you receive the best treatment or service.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (d) – the processing is necessary in order to protect the vital interests of the data subject;

Article 9 (2) (C) – the processing is necessary to protect the vital interests of the data subject

Related Legislation:

Data Protection Act 2018 Section 10

Section 251B Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• Make pre-determined decisions about the type and extent of care you will receive in an emergency, these are known as “Advance Directives” and are held in Univeral Care Plans (formerly called "Urgent Care Plans");
• access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You have the right to object to some or all of your personal information being shared with the recipients. You also have the right to have an “Advance Directive” placed in your records and brought to the attention of relevant healthcare workers or staff.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

GP Federations are groups of GPs (patient centred organisation), working collaboratively and developing closer integration with other partners across health, social and third sector partners to facilitate an enhanced delivery of health and care services.

Primary Care Networks (PCNs) are similar, but are led at the GP level and may involve a variety of other organisations also noted in this privacy notice.

North Central London Integrated Care Service are a wider grouping performing shared functions across health and care. From April 2026, this will be merged with North West London Integrated Care Service and will be called NHS West and North London Integrated Care Service.

In each case the Practice remains the data controller for the information about you.

Through various hubs in the community the GP Federations and PCNs provide direct health and care services such as continued extended access, home visits, universal offers, musculoskeletal service, GP at front door and other neighbourhood services across North Central London (which covers the boroughs of Barnet, Camden, Enfield, Haringey and Islington)

If you visit receive treatment/consultation on any of these services, personal data concerning your GP medical record may be shared with the GP Federation and Multidisciplinary Teams (MDT) in order to enable them make the best informed decision about your health/care needs, and provide you with the best possible care.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Section 251B Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: In line with the UK GDPR Article 21, you have a general right to raise an objection to the processing of your personal data in some particular circumstances. This right only applies where we cannot demonstrate compelling legitimate grounds for continued processing of your personal data for the purposes of direct provision of care, and compliance with a legal obligation to which we are subject.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Child Health Information Services (CHIS) collect, process and store data relating to children’s health. The service supports delivery of the Healthy Child Programme and other public health programmes for children.

Personal data concerning your child’s GP medical record may be shared with CHIS in order to support immunisation programmes, screening programmes and other child health initiatives.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Section 251B Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: In line with the UK GDPR Article 21, you have a general right to raise an objection to the processing of your personal data in some particular circumstances.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

We may share personal information with safeguarding services where there is a need to protect a child or vulnerable adult from harm, or where there is a concern about abuse or neglect.

Information may be shared with local authority safeguarding teams, social services, health visitors, school nurses, police and other relevant agencies where necessary to safeguard individuals.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Article 9(2) (g) – processing is necessary for reasons of substantial public interest.

Related Legislation:

Data Protection Act 2018 Section 10

Children Act 1989 and 2004

Care Act 2014

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: In certain circumstances you have the right to object to the processing of your personal data. However, where safeguarding concerns exist, we may continue to process and share information where there is a lawful basis to do so.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The NHS provides a number of national screening programmes (for example breast screening, cervical screening and bowel cancer screening).

Personal data concerning your GP medical record may be shared with organisations responsible for delivering screening programmes in order to invite you for screening, provide screening services and follow up results where necessary.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may choose not to take part in screening programmes. If you do not wish to be invited, you should contact the relevant screening service.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The NHS provides national and local vaccination and immunisation programmes (for example childhood immunisations, seasonal flu vaccination and COVID-19 vaccination).

Personal data concerning your GP medical record may be shared with organisations responsible for delivering vaccination and immunisation programmes in order to invite you for vaccination, administer vaccines and record outcomes.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may decline vaccination. However, relevant information may still be recorded in your GP medical record.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

If your GP refers you to a specialist, clinic or hospital for further treatment or investigation, relevant information from your GP medical record will be shared with the receiving organisation to support your care.

This may include details of your medical history, medications, allergies, test results and other relevant clinical information.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: In most cases, information sharing for direct care is necessary to provide safe and effective treatment. If you have concerns about a referral, please discuss them with your GP.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

If you are registered with the Practice but live outside of the Practice boundary, we may need to share relevant information with healthcare providers local to you in order to ensure you receive appropriate care.

This may include sharing information with local GP practices, community services or urgent care providers.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: In order to provide safe and effective care, it may be necessary to share information with providers local to you. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Your personal data may be shared with members of a multidisciplinary team (MDT) where this is necessary for the coordination and management of your care.

An MDT may include GPs, nurses, pharmacists, social workers, mental health professionals and other healthcare or social care professionals involved in your care.

The purpose of sharing information within MDTs is to ensure that all relevant professionals have a complete understanding of your health and care needs, and to support safe and effective decision-making.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: In some circumstances you may object to your information being discussed within an MDT. However, where this is necessary for the provision of safe and effective care, information may still be shared where there is a lawful basis to do so.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

In some cases, your GP may enter into a shared care arrangement with a specialist or other healthcare provider. Shared care allows aspects of your treatment to be managed jointly between your GP and another clinician.

Personal data concerning your GP medical record may be shared with the relevant healthcare provider in order to safely prescribe, monitor and manage your treatment.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Shared care arrangements are designed to support safe and effective treatment. If you have concerns about information sharing within a shared care arrangement, please discuss them with your GP.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

When you are prescribed medication, relevant personal data from your GP medical record will be shared with pharmacies and dispensing contractors in order to dispense your medication safely.

This may include your name, date of birth, NHS number, medication details and relevant clinical information.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

NHS Act 2006

Human Medicines Regulations 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: In order to dispense medication safely, it is necessary to share relevant information with pharmacies. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Electronic Prescription Service (EPS) allows your GP to send your prescription electronically to a pharmacy of your choice.

When you nominate a pharmacy, relevant personal data from your GP medical record will be transmitted electronically to that pharmacy in order to enable the safe dispensing of your medication.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

NHS Act 2006

Human Medicines Regulations 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may change or withdraw your pharmacy nomination at any time by informing the Practice or your chosen pharmacy.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Summary Care Record (SCR) is an electronic record of important patient information, created from GP medical records.

It may include details of your medications, allergies and adverse reactions.

The SCR is used in emergency care situations and when you are seen by healthcare professionals outside of your GP Practice.

Healthcare professionals will only access your SCR when it is necessary for your care and are required to have a legitimate relationship with you.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may opt out of having a Summary Care Record created or shared. If you wish to do so, please inform the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

When you are discharged from hospital or another healthcare setting, information about your treatment and ongoing care needs will be sent electronically to your GP Practice.

This ensures continuity of care and enables your GP to update your medical record and provide any necessary follow-up care.

The source of the information shared in this way is the discharging healthcare provider and is incorporated into your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Information received through Electronic Transfer of Care is necessary for your ongoing treatment. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

If you contact NHS 111 or use out of hours GP services, relevant information from your GP medical record may be shared with these services in order to provide you with appropriate advice, assessment and treatment.

Healthcare professionals working within 111 and out of hours services may also record information about the care they provide, which will be shared back with your GP Practice and incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record and the 111 or out of hours service provider.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with 111 and out of hours services is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Care Quality Commission (CQC) is the independent regulator of health and social care services in England.

The CQC may require access to personal data, including patient records, in order to carry out inspections and ensure that services are meeting required standards of quality and safety.

Where required by law, personal data may be shared with the CQC for regulatory and inspection purposes.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Article 9(2) (g) – processing is necessary for reasons of substantial public interest.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2008

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where information is required by law to be shared with the CQC, the Practice may not be able to prevent such sharing.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Integrated Care Boards (ICBs) are responsible for planning and commissioning healthcare services for their local population.

Personal data may be shared with the relevant ICB for purposes including service planning, quality monitoring, financial management and ensuring that appropriate healthcare services are commissioned to meet local needs.

Where possible, information used for these purposes will be anonymised or pseudonymised. However, identifiable information may be used where there is a lawful basis to do so.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Article 9(2) (g) – processing is necessary for reasons of substantial public interest.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: In certain circumstances you have the right to object to the processing of your personal data. Where processing is required by law or necessary for the performance of a task carried out in the public interest, this right may be limited.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The national data opt-out enables patients to opt out from the use of their confidential patient information for research and planning purposes.

Where we are required to share data for purposes beyond individual care, we will apply the national data opt-out in line with NHS guidance.

The national data opt-out does not apply to information used for direct care.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9(2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Article 9(2) (j) - processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You can register a national data opt-out to prevent your confidential patient information being used for research and planning. This does not affect your individual care.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Extended access services provide patients with appointments outside of normal GP Practice opening hours, including evenings and weekends.

Personal data concerning your GP medical record may be shared with extended access service providers in order to deliver appointments and ensure continuity of care.

Healthcare professionals working within extended access services may also record information about the care they provide, which will be shared back with your GP Practice and incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record and the extended access service provider.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with extended access providers is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Community services provide care to patients in community settings, including in their own homes.

Personal data concerning your GP medical record may be shared with community healthcare providers in order to coordinate and deliver your care.

This may include sharing information with district nurses, health visitors, physiotherapists, occupational therapists and other community-based professionals.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with community services is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Primary care mental health services provide assessment, treatment and support for patients experiencing mental health difficulties.

Personal data concerning your GP medical record may be shared with primary care mental health practitioners in order to assess your needs, provide treatment and coordinate care.

This may include sharing information with counsellors, psychological wellbeing practitioners and other mental health professionals working within primary care settings.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with primary care mental health services is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

First Contact Physiotherapists (FCPs) work within GP Practices to assess and manage musculoskeletal conditions without the need to see a GP first.

Personal data concerning your GP medical record may be shared with physiotherapists working as First Contact Practitioners in order to assess your condition, provide treatment advice and coordinate your care.

Information recorded by the physiotherapist will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with First Contact Physiotherapists is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Clinical pharmacists working within primary care support medication reviews, prescribing and optimisation of medicines.

Personal data concerning your GP medical record may be shared with clinical pharmacists in order to review your medications, ensure safe prescribing and improve health outcomes.

Information recorded by the clinical pharmacist will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with clinical pharmacists is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Social prescribing services support patients to access non-clinical services within the community to improve health and wellbeing.

Personal data concerning your GP medical record may be shared with social prescribing link workers in order to assess your needs and connect you with appropriate community services and support.

Information recorded by the social prescribing service will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with social prescribing services is necessary to provide coordinated support. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Care coordinators support patients with complex or long-term conditions to navigate health and care services and ensure coordinated support.

Personal data concerning your GP medical record may be shared with care coordinators in order to help manage appointments, referrals and ongoing care arrangements.

Information recorded by the care coordinator will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with care coordinators is necessary to provide coordinated and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Dietitians working within primary care provide assessment and advice on nutrition and dietary management for patients with a range of health conditions.

Personal data concerning your GP medical record may be shared with dietitians in order to assess your nutritional needs, provide dietary advice and support ongoing management of your condition.

Information recorded by the dietitian will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with dietitians is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Podiatry services within primary care provide assessment and treatment for foot and lower limb conditions.

Personal data concerning your GP medical record may be shared with podiatrists in order to assess your condition, provide treatment and coordinate ongoing care.

Information recorded by the podiatrist will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with podiatry services is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Occupational therapists working within primary care provide assessment and support to help patients maintain independence and carry out daily activities.

Personal data concerning your GP medical record may be shared with occupational therapists in order to assess your functional needs, recommend adaptations or interventions and coordinate ongoing care.

Information recorded by the occupational therapist will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with occupational therapy services is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Paramedics working within primary care assess and manage a range of acute and chronic conditions.

Personal data concerning your GP medical record may be shared with paramedics in order to assess your condition, provide treatment and coordinate your care.

Information recorded by the paramedic will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with paramedics working in primary care is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Advanced Nurse Practitioners (ANPs) working within primary care assess, diagnose and manage a range of health conditions.

Personal data concerning your GP medical record may be shared with Advanced Nurse Practitioners in order to assess your condition, prescribe medication where appropriate and coordinate your care.

Information recorded by the Advanced Nurse Practitioner will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with Advanced Nurse Practitioners is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Physician Associates working within primary care support GPs in the assessment, diagnosis and management of patients.

Personal data concerning your GP medical record may be shared with Physician Associates in order to assess your condition and support the delivery of care.

Information recorded by the Physician Associate will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with Physician Associates is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Health and wellbeing coaches working within primary care support patients to make lifestyle changes to improve health outcomes.

Personal data concerning your GP medical record may be shared with health and wellbeing coaches in order to support behaviour change, goal setting and self-management of long-term conditions.

Information recorded by the health and wellbeing coach will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with health and wellbeing coaches is necessary to provide safe and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Care navigators working within primary care support patients to access appropriate services and ensure they are directed to the most suitable healthcare professional.

Personal data concerning your GP medical record may be shared with care navigators in order to triage requests, arrange appointments and facilitate access to services.

Information recorded by the care navigator will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Sharing information with care navigators is necessary to ensure you are directed to the most appropriate service. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Primary Care Networks (PCNs) bring together GP Practices and other primary care providers to deliver integrated services to their local populations.

Personal data concerning your GP medical record may be shared within the Primary Care Network in order to coordinate services, improve access to care and deliver enhanced services.

Information recorded by professionals working within the PCN will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Article 9 (2) (g) – processing is necessary for reasons of substantial public interest.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Information sharing within a Primary Care Network is necessary to provide coordinated and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Primary Care Networks (PCNs) bring together GP Practices and other primary care providers to deliver integrated services to their local populations.

Personal data concerning your GP medical record may be shared within the Primary Care Network in order to coordinate services, improve access to care and deliver enhanced services.

Information recorded by professionals working within the PCN will be incorporated into your GP medical record.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or, the management of health or social care systems and services.

Article 9 (2) (g) – processing is necessary for reasons of substantial public interest.

Related Legislation:

Data Protection Act 2018 Section 10

Health and Social Care Act 2012

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Information sharing within a Primary Care Network is necessary to provide coordinated and effective care. If you have concerns, please discuss them with the Practice.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Public Health England (now part of the UK Health Security Agency) collects and processes personal data for the purposes of protecting public health, including the monitoring and control of infectious diseases.

The Practice may be required to share relevant personal data where there is a statutory duty to notify certain diseases or health protection incidents.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (i) - processing is necessary for reasons of public interest in the area of public health.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Related Legislation:

Health and Social Care Act 2012

Public Health (Control of Disease) Act 1984

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where there is a statutory duty to notify certain conditions, the Practice may not be able to prevent such sharing.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Department for Work and Pensions (DWP) may request medical information in connection with benefit claims, employment and support allowance assessments or other statutory functions.

Personal data may be shared with the DWP where there is a lawful basis to do so, including where you have provided consent or where disclosure is required by law.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (a) - consent (where applicable).

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Article 9 (2) (a) - explicit consent (where applicable).

Related Legislation:

Social Security Administration Act 1992

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where information is required by law to be shared with the DWP, the Practice may not be able to prevent such sharing. Where consent is the basis for sharing, you may withdraw your consent at any time.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

HM Revenue and Customs (HMRC) may request information in connection with statutory investigations, taxation matters or other legal obligations.

Personal data may be shared with HMRC where there is a lawful requirement to disclose information.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Related Legislation:

Taxes Management Act 1970

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where information is required by law to be shared with HMRC, the Practice may not be able to prevent such sharing.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may be required to disclose personal data in response to a court order, warrant, subpoena or other lawful request from a court or legal authority.

Personal data may also be shared where necessary for the establishment, exercise or defence of legal claims.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (f) - legitimate interests (the establishment, exercise or defence of legal claims);

Article 9 (2) (f) - processing is necessary for the establishment, exercise or defence of legal claims.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Related Legislation:

Data Protection Act 2018 Section 10

Civil Procedure Rules

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where disclosure is required by a court order or other legal obligation, the Practice may not be able to prevent such sharing.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may share personal data with police or other law enforcement agencies where there is a lawful basis to do so, including for the prevention or detection of crime, safeguarding concerns or where required by law.

Disclosure may take place where there is a court order, statutory requirement or where it is necessary to protect individuals from serious harm.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (f) - legitimate interests.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Article 9 (2) (f) - processing is necessary for the establishment, exercise or defence of legal claims.

Related Legislation:

Data Protection Act 2018 Section 10

Police and Criminal Evidence Act 1984

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where disclosure is required by law or necessary to prevent serious harm or crime, the Practice may not be able to prevent such sharing.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may share personal data with local authorities where there are safeguarding concerns relating to children or vulnerable adults, or where required for public protection purposes.

Disclosure may take place where there is a statutory duty, court order or where it is necessary to protect an individual from abuse or serious harm.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (f) - legitimate interests.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or the management of health or social care systems and services.

Related Legislation:

Children Act 1989 and 2004

Care Act 2014

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where disclosure is required to safeguard individuals or is required by law, the Practice may not be able to prevent such sharing.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Care Quality Commission (CQC) is the independent regulator of health and social care services in England.

The Practice may be required to share personal data with the CQC in order to demonstrate compliance with regulatory requirements, investigate concerns or support inspections.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Related Legislation:

Health and Social Care Act 2008

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where disclosure is required by the regulator under statutory powers, the Practice may not be able to prevent such sharing.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights.

The Practice may share personal data with the ICO where required to do so in connection with investigations, complaints or regulatory oversight.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Related Legislation:

Data Protection Act 2018

UK General Data Protection Regulation (UK GDPR)

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Where disclosure is required for regulatory purposes, the Practice may not be able to prevent such sharing.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Integrated Care Boards (ICBs) are responsible for planning and commissioning health services to meet the needs of their local populations.

The Practice may share personal data with the ICB for the purposes of commissioning, service evaluation, quality improvement and financial management.

Where possible, data will be anonymised or pseudonymised. However, in some circumstances identifiable data may be required where there is a lawful basis.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (c) - processing for legal obligation.

Article 9 (2) (h) - processing is necessary for the management of health or social care systems and services.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Related Legislation:

Health and Care Act 2022

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

National Data Opt-Out applies where identifiable data is used for planning and research purposes.

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may register a national data opt-out to prevent your confidential patient information being used for research and planning purposes, where applicable.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Risk stratification tools are used to identify patients who may be at high risk of unplanned hospital admission or who may benefit from additional support.

Personal data may be processed and shared with authorised healthcare organisations for the purposes of identifying patients who may benefit from preventative interventions or enhanced care.

Where possible, data will be pseudonymised. Identifiable data will only be used where there is a lawful basis.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (c) - processing for legal obligation.

Article 9 (2) (h) - processing is necessary for the management of health or social care systems and services.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Related Legislation:

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

National Data Opt-Out applies where identifiable data is used for planning and research purposes.

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may register a national data opt-out to prevent your confidential patient information being used for research and planning purposes, where applicable.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may participate in research studies approved by appropriate ethics committees and regulatory bodies.

Personal data may be shared with research organisations where there is a lawful basis to do so. Wherever possible, information will be anonymised or pseudonymised. Identifiable data will only be shared where you have provided explicit consent or where there is another lawful basis.

Participation in research is voluntary and you will be informed where your identifiable information is required.

The source of the information shared in this way is your electronic GP record and, where applicable, information provided directly by you.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (a) - consent (where applicable);

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (a) - explicit consent (where applicable);

Article 9 (2) (j) - processing is necessary for scientific or historical research purposes or statistical purposes.

Related Legislation:

Data Protection Act 2018 Section 10

UK General Data Protection Regulation (UK GDPR)

Common Law of Duty of Confidentiality

National Data Opt-Out applies where identifiable data is used for planning and research purposes.

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may register a national data opt-out to prevent your confidential patient information being used for research and planning purposes, where applicable. Where consent is the basis for processing, you may withdraw your consent at any time.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may process and share personal data for the purposes of service evaluation, clinical audit and quality improvement.

These activities are undertaken to monitor and improve the quality and effectiveness of healthcare services.

Where possible, data will be anonymised or pseudonymised. Identifiable data will only be used where there is a lawful basis.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (c) - processing for legal obligation.

Article 9 (2) (h) - processing is necessary for the management of health or social care systems and services.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Related Legislation:

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

National Data Opt-Out applies where identifiable data is used for planning and research purposes.

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may register a national data opt-out to prevent your confidential patient information being used for research and planning purposes, where applicable.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Population health management involves analysing data to understand health trends and improve outcomes for defined populations.

Personal data may be processed and shared with authorised organisations for the purposes of identifying patterns, reducing health inequalities and improving service planning.

Where possible, data will be anonymised or pseudonymised. Identifiable data will only be used where there is a lawful basis.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (c) - processing for legal obligation.

Article 9 (2) (h) - processing is necessary for the management of health or social care systems and services.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Article 9 (2) (j) - processing is necessary for statistical purposes.

Related Legislation:

Health and Care Act 2022

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

National Data Opt-Out applies where identifiable data is used for planning and research purposes.

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may register a national data opt-out to prevent your confidential patient information being used for research and planning purposes, where applicable.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may be required to submit data to national clinical audits which aim to improve patient care and outcomes across the NHS.

National clinical audits collect and analyse data to evaluate clinical performance against agreed standards and identify areas for improvement.

Where possible, data will be anonymised or pseudonymised. Identifiable data will only be used where there is a lawful basis.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for the management of health or social care systems and services.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Article 9 (2) (j) - processing is necessary for scientific or statistical purposes.

Related Legislation:

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

National Data Opt-Out applies where identifiable data is used for planning and research purposes.

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may register a national data opt-out to prevent your confidential patient information being used for research and planning purposes, where applicable.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may be required to submit data to national clinical audits which aim to improve patient care and outcomes across the NHS.

National clinical audits collect and analyse data to evaluate clinical performance against agreed standards and identify areas for improvement.

Where possible, data will be anonymised or pseudonymised. Identifiable data will only be used where there is a lawful basis.

The source of the information shared in this way is your electronic GP record and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for the management of health or social care systems and services.

Article 9 (2) (g) - processing is necessary for reasons of substantial public interest.

Article 9 (2) (j) - processing is necessary for scientific or statistical purposes.

Related Legislation:

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

National Data Opt-Out applies where identifiable data is used for planning and research purposes.

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may register a national data opt-out to prevent your confidential patient information being used for research and planning purposes, where applicable.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Summary Care Record (SCR) is an electronic record of important patient information created from GP medical records.

It may contain details of current medications, allergies and adverse reactions and, where agreed, additional information.

The SCR is used in other healthcare settings to support safe and effective care.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or the management of health or social care systems and services.

Related Legislation:

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: You may choose to opt out of having a Summary Care Record created or shared. Please contact the Practice if you wish to discuss your options.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Electronic Prescription Service (EPS) allows prescriptions to be sent electronically from GP practices to pharmacies.

Personal data is processed and shared with NHS Digital and community pharmacies to enable prescriptions to be dispensed safely and efficiently.

The source of the information shared in this way is your electronic GP record and prescribing systems.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or the management of health or social care systems and services.

Related Legislation:

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: The Electronic Prescription Service is used to provide safe and efficient prescribing. Please speak to the Practice if you have concerns.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

GP Connect allows authorised healthcare professionals to access relevant information from GP records to support direct patient care.

This may include access to appointments, medications, allergies and other clinical information where appropriate.

Personal data is shared securely through NHS digital systems to ensure continuity and safety of care.

The source of the information shared in this way is your electronic GP record.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or the management of health or social care systems and services.

Related Legislation:

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: GP Connect supports safe and effective direct care. Please speak to the Practice if you have concerns.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

Shared Care Records enable authorised healthcare professionals across different organisations to access relevant patient information for direct care.

These systems support joined-up care by allowing appropriate sharing of information between GP practices, hospitals, community services and other healthcare providers.

Personal data is shared securely via NHS approved systems.

The source of the information shared in this way is your electronic GP record and other NHS systems involved in your care.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or the management of health or social care systems and services.

Related Legislation:

Health and Social Care Act 2012

Data Protection Act 2018 Section 10

NHS Act 2006

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Shared Care Records are used to support safe and effective care. Please contact the Practice if you wish to discuss your options.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice uses third-party IT system suppliers to provide and maintain clinical systems, appointment systems, document management and other digital services.

These suppliers act as data processors and only process personal data on behalf of the Practice under written contracts which include data protection obligations.

They are not permitted to use your personal data for their own purposes.

The source of the information processed in this way is your electronic GP record and Practice administrative systems.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (c) - processing for legal obligation.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or the management of health or social care systems and services.

Article 28 UK GDPR - Processor obligations.

Related Legislation:

Data Protection Act 2018

UK General Data Protection Regulation (UK GDPR)

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Data processors act on behalf of the Practice and are necessary to deliver healthcare services safely and effectively.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice uses external payroll and human resources providers to administer staff salaries, pensions, statutory payments and employment records.

These providers act as data processors and process personal data on behalf of the Practice under contractual agreements which include confidentiality and data protection obligations.

They are not permitted to use personal data for their own purposes.

The source of the information processed in this way is Practice employment records and administrative systems.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care and relevant employment legislation.

Article 6(1) (c) - processing for legal obligation;

Article 6(1) (e) - public interest or in the exercise of official authority.

Article 9 (2) (b) - processing is necessary for carrying out obligations in the field of employment and social security law.

Article 28 UK GDPR - Processor obligations.

Related Legislation:

Data Protection Act 2018

UK General Data Protection Regulation (UK GDPR)

Employment Rights Act 1996

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: Payroll and HR processing is necessary to meet legal and contractual employment obligations.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may use external providers to securely store, scan or dispose of paper records in accordance with NHS records management requirements.

These providers act as data processors and process personal data on behalf of the Practice under contractual agreements which include strict confidentiality and data protection obligations.

They are not permitted to access or use personal data except as instructed by the Practice.

The source of the information processed in this way is paper medical records and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (c) - processing for legal obligation.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or the management of health or social care systems and services.

Article 28 UK GDPR - Processor obligations.

Related Legislation:

Data Protection Act 2018

UK General Data Protection Regulation (UK GDPR)

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: External storage and scanning providers are used to ensure secure handling of records in line with NHS requirements.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.

The Practice may use external providers to securely store, scan or dispose of paper records in accordance with NHS records management requirements.

These providers act as data processors and process personal data on behalf of the Practice under contractual agreements which include strict confidentiality and data protection obligations.

They are not permitted to access or use personal data except as instructed by the Practice.

The source of the information processed in this way is paper medical records and Practice administrative records.

All records held by the Practice will be kept for the duration specified in the Records Management Codes of Practice for Health and Social Care.

Article 6(1) (e) - public interest or in the exercise of official authority;

Article 6(1) (c) - processing for legal obligation.

Article 9 (2) (h) - processing is necessary for medical or social care treatment or the management of health or social care systems and services.

Article 28 UK GDPR - Processor obligations.

Related Legislation:

Data Protection Act 2018

UK General Data Protection Regulation (UK GDPR)

Common Law of Duty of Confidentiality

You have the right to:

• To access, view or request copies of your personal information;
• request rectification of any inaccuracy in your personal information;
• restrict the processing of your personal information where:
  • accuracy of the data is contested,
  • the processing is unlawful or,
  • where we no longer need the data for the purposes of the processing.

Right to object: External storage and scanning providers are used to ensure secure handling of records in line with NHS requirements.

If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.

Right to complain: If you are dissatisfied with the way the Practice processes your data, you have the right to appeal/complain. You may raise the issue with the Practice’s Data Protection Officer, contact details are given at section 6, or if not satisfied, with the Information Commissioner (ICO), whose contact details are given at section 8.