Your Medical Records

Information We Collect about You

At Streatham Hill Group Practice, we only collect relevant information “data” that we need to help us keep you healthy, such as; your name, address, next of kin, records of visits, telephone calls, treatments and medicines, investigations such as; results, X-rays and any other information that would enable us to care for you better.

Processors of Personal Data

In order to deliver the best possible service, the practice contracts Processors to process personal data, including patient data on our behalf.

When we use a Processor to process personal data we will always have an appropriate legal agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by a Processor include:

• Companies that provide IT services & support, including our core clinical systems; systems that manage patient-facing services (such as our website and service accessible through the same); data hosting service providers; systems that facilitate appointment bookings or electronic prescription services; document management services etc.
• Delivery services (for example if we were to arrange for delivery of any medicines to you).
• Payment providers (if for example, you were paying for a prescription or a service such as travel vaccinations).

How We use Your Information

We share your medical records with other healthcare professionals who are involved in providing you with care and treatment and on a need-to-know basis. Some of your data is automatically copied to the shared Summary Care Record. We share some of your data with local out-of-hours providers: Lambeth Hubs or Seldoc. data about you is used to manage national screening campaigns such as cervical screening, diabetes prevention, bowel screening and flu.

We share information when the law requires us to, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable adults and children.

Your data is used to check the quality of care provided by the NHS. We may also share medical records for medical research. The data about you is used to manage the NHS and make payments.

How to Access Your Records

We encourage patients to sign up to patient online services (Patient Access) where you can access your medical records, results, request repeat medication and book appointments. Please ask at reception for more details.

If you want to see what is written about you, you have a right to access the information we hold on you, but you will need to complete a form called Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. You may request to view all or only certain parts of your records if you prefer. Moreover, should you identify information in your record that may be incorrect you have the right to have the data corrected.

Don’t Want to Share?

All patients can choose not to share their information.

Should you wish to opt out of data collection, please contact a member of the admin staff, alternatively, you can set your opt-out preferences by visiting www.nhs.uk/your-nhs-data-matters.

You will need your NHS number and a valid email address or telephone number which is on the GP record or on the Personal Demographics Service database to register their decision to opt out.

Patients who are unable to use the online facility can use a phone helpline to manage their choice on 0300 303 5678. A paper print-and-post form is also available by visiting www.nhs.uk/other-ways-to-manage-your-choice.

Alternatively, please contact a member of our admin staff for support by calling 020 3829 0800.

Have a Question?

If you have any questions, you can contact the practice’s data controller via email at lamccg.streathamhillgrouppractice@nhs.net. GP practices are data controllers for the data they hold about their patients. Ask to speak to the practice manager, Mr Holicka, Data Protection Champion and Controller.

If You are not Pleased with how Your Information is Managed

We understand that sometimes things can go wrong. If you are not pleased with any part of our data-processing methods, you can make a complaint by visiting the Information Commissioner’s Office. For more information, please visit www.ico.org.uk/raising-concerns.

We always make sure the information we give you is up-to-date. Any updates will be published on our website, in our and leaflets, and on our posters. For more information, please visit www.ourhealthiersel.nhs.uk/privacy-notice.

Local Care Records

Local Care Records enables real time sharing and viewing of patient information with local Hospitals: Kings College Hospital, Guys and St. Thomas’ Hospital and mental health trust Maudsley Hospital that delivers huge benefits to GPs and patients.

NHS Digital

NHS Digital has a statutory role to collect and process health and social care information which is set out in the Health and Social Care Act 2012.

NHS Digital’s fair processing materials, available by visiting www.content.digital.nhs.uk/patientconf, explains and provide further information on:

• What NHS Digital collects – the types of information the NHS Digital collects and what it’s used for
• Personal information choices – people’s rights regarding care information
• Information requests from organisations – how organisations can ask NHS Digital to collect or provide access to care information
• Assurance bodies and processes – how the information requests NHS Digital receive are carefully looked at
• Examples of benefits that have been realised through the provision of such information including case studies involving breast cancer and diabetes that are available by visiting www.content.digital.nhs.uk/extracts

The NHS Digital is absolutely committed to keeping all of the data it handles safe and secure and applies the same principle to any data that is released outside of the organisation. Information is only ever shared with organisations that have gone through a strict application process, who can demonstrate they have a legitimate reason to access the data to use it for the benefit of health and care purposes, as per the new protections introduced as part of the Care Act 2014, and who have signed a legally binding agreement. So for instance, third party or commercial companies cannot receive information for insurance or marketing purposes.

As part of the application process the Data Access Advisory Group, an independent group, hosted by the NHS Digital, considers all applications for data that are identifiable or de-identified for limited access. The NHS Digital also regularly publishes a register of data releases that you can view by visiting www.content.digital.nhs.uk/dataregister. These show where data has been released, to which organisation and for which purposes.

If patients do require any further information that is not already covered within NHS Digitals web pages, they can be contacted by emailing enquiries@nhsdigital.nhs.uk or telephoning them on 0300 303 5678.

Information about the GPs and the practice required for disclosure under the Freedom of Information Act 2000 can be made available to the public.

There are seven classes of information:

• Who we are and what we do
• What we spend and how we spend it
• What our priorities are and how we are doing
• How we make decisions
• Our policies and procedures
• Lists and registers
• Services the practice offers

This covers any recorded organisational information such as reports, policies or strategies, that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland, however, it does not cover personal information such as patient records which are covered by the Data Protection Act 2018.

Public authorities include government departments, local authorities, the NHS, state schools and police forces.

This is enforced by the Information Commissioner who regulates both the Freedom of Information Act 2000 and the Data Protection Act 2018.

All requests for such information should be made to the reception.

The practice complies with the Data Protection Act 2018. All information about patients is confidential: from the most sensitive diagnosis to the fact of having visited the surgery or being registered at the practice. All patients can expect that their personal information will not be disclosed without their permission except in the most exceptional of circumstances when somebody is at grave risk of serious harm.

All members of the primary health care team (from reception to doctors) in the course of their duties will have access to your medical records. They all adhere to the highest standards of maintaining confidentiality.

As our reception area is a little public, if you wish to discuss something of a confidential nature please mention it to one of the receptionists who will make arrangements for you to have the necessary privacy.

Under 16s

The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person. Young people aged under 16 years can choose to see health professionals, without informing their parents or carers. If a GP considers that the young person is competent to make decisions about their health, then the GP can give advice, prescribe and treat the young person without seeking further consent.

However, in terms of good practice, health professionals will encourage young people to discuss issues with a parent or carer. As with older people, sometimes the law requires us to report information to appropriate authorities in order to protect young people or members of the public.

Useful Websites

• Confidentiality NHS Code of Practice
• Confidentiality and Mental Health
• Confidentiality Guidance

Streatham Hill Group Practice is committed to providing a safe, comfortable environment where patients and staff can be confident that best practice is being followed at all times and the safety of everyone is of paramount importance.

All patients are entitled to have a chaperone present for any consultation, examination or procedure where they feel one is required. This chaperone may be a family member or friend.

On occasions, you may prefer a formal chaperone to be present, i.e. a trained member of staff. Wherever possible we would ask you to make this request at the time of booking the appointment so that arrangements can be made and your appointment is not delayed in any way. Where this is not possible we will endeavour to provide a formal chaperone at the time of the request.

However, occasionally it may be necessary to reschedule your appointment. Your healthcare professional may also require a chaperone to be present for certain consultations in accordance with our chaperone policy. If have any questions or comments regarding this please contact the manager.