COVID-19 Privacy Notice
(This Privacy Notice is to run alongside our standard Practice Privacy Notice)
Due to the unprecedented challenges that the NHS and we, Stony Medical Centre face due to the worldwide COVID-19 pandemic, there is a greater need for public bodies to require additional collection and sharing of personal data to protect against serious threats to public health.
In order to look after your healthcare needs in the most efficient way we, Stony Medical Centre may therefore need to share your personal information, including medical records, with staff from other GP Practices including Practices within our Primary Care Network, as well as other health organisations (i.e. Clinical Commissioning Groups, Commissioning Support Units, Local authorities etc.) and bodies engaged in disease surveillance for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure.
The Secretary of State has served notice under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI) to require organisations to process confidential patient information in the manner set out below for purposes set out in Regulation 3(1) of COPI.
Purpose of this Notice
The purpose of this Notice is to require organisations such as Stony Medical Centre to process confidential patient information for the purposes set out in Regulation 3(1) of COPI to support the Secretary of State’s response to Covid-19 (Covid-19 Purpose). “Processing” for these purposes is defined in Regulation 3(2) and includes dissemination of confidential patient information to persons and organisations permitted to process confidential patient information under Regulation 3(3) of COPI. This Notice is necessary to require organisations such as Stony Medical Centre to lawfully and efficiently process confidential patient information as set out in Regulation 3(2) of COPI for purposes defined in regulation 3(1), for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure.
Requirement to Process Confidential Patient Information
The Secretary of State has served notice to recipients under Regulation 3(4) that requires Stony Medical Centre process confidential patient information, including disseminating to a person or organisation permitted to process confidential patient information under Regulation 3(3) of COPI.
Stony Medical Centre is only required to process such confidential patient information:
- where the confidential patient information to be processed is required for a Covid-19 Purpose and will be processed solely for that Covid-19 Purpose in accordance with Regulation 7 of COPI
- from 20th March 2020 until 30th September 2020.
A Covid-19 Purpose includes but is not limited to the following:
- understanding Covid-19 and risks to public health, trends in Covid-19 and such risks, and controlling and preventing the spread of Covid-19 and such risks
- identifying and understanding information about patients or potential patients with or at risk of Covid-19, information about incidents of patient exposure to Covid-19 and the management of patients with or at risk of Covid-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from Covid-19
- understanding information about patient access to health services and adult social care services and the need for wider care of patients and vulnerable groups as a direct or indirect result of Covid-19 and the availability and capacity of those services or that care
- monitoring and managing the response to Covid-19 by health and social care bodies and the Government including providing information to the public about Covid-19 and its effectiveness and information about capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services
- delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with Covid-19, including the provision of information, fit notes and the provision of health care and adult social care services
- research and planning in relation to Covid-19.
Recording of processing
A record will be kept by Stony Medical Centre of all data processed under this Notice.
Sending Public Health Messages
Data protection and electronic communication laws will not stop Stony Medical Centre from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.
It may also be necessary, where the latest technology allows Stony Medical Centre to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
Visitors to The Practice
We have an obligation to protect our staff and employees’ health, so it is reasonable for staff at Stony Medical Centre to ask any visitors to our practice to tell us if they have visited a particular country, or are experiencing COVID-19 symptoms. This must only be in pre-approved circumstances and we would also ask all patients to consider government advice on the NHS 111 website and not attend the practice.
Where it is necessary for us to collect information and specific health data about visitors to our practice, we will not collect more information than we need, and we will ensure that any information collected is treated with the appropriate safeguards.
Review and Expiry of this Notice
This Notice will be reviewed on or before 30 September 2020 and may be extended by The Secretary of State. If no further notice is sent to Stony Medical Centre by The Secretary of State this Notice will expire on 30 September 2020.
Stony Medical Centre Patient Briefing – How we use your information
Updated for the GDPR 2016 and Data Protection Act 2018
General Data Protection Regulations (GDPR)
Why we collect information about you
In the Practice we aim to provide you with the highest quality of health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
These records may include:
- Basic details about you, such as address, date of birth, next of kin
- Contact we have had with you such as clinical visits
- Details and records about your treatment and care
- Results of x-rays, laboratory test etc.,
- Relevant information from people who care for you and know you well, such as health professionals and relatives
It is good practice for people in the NHS who provide care to:
- Discuss and agree with you what they are going to record about you
- Give you a copy of letters they are writing about you; and
- Show you what they have recorded about you, if you ask
We will only store your information in identifiable form for a long as in necessary in and in accordance with the NHS England’s Rules found here: -
How your records are used
The people who care for you use your records to:
- Provide a good basis for all health decisions made by you and care professionals
- Allow you to work with those providing care
- Make sure your care is safe and effective, and
- Work effectively with others providing you with care
Others may also need to use records about you to:
- Check the quality of care (such as clinical audit)
- Protect the health of the public
- Keep track of NHS spending
- Manage the health service
- Help investigate any concerns or complaints you or your family have about your health care
- Teach health workers and
- Help with research
Some information will be held centrally to be used for statistical purposes. In these instances, we take strict measures to ensure that individual patients cannot be identified.
We use anonymous information, wherever possible, but on occasions we may use personally confidential information for essential NHS purposes such as research and auditing. However, this information will only be used with your consent, unless the law requires us to pass on the information.
The Legal Part
You have a right to privacy under the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act. The Practice needs your personal, sensitive and confidential data in order perform our statutory health duties, in the public interest or in the exercise of official authority vested in the controller in compliance with Article 6 (e) of the GDPR and for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the in compliance with Article 9, (h) of the GDPR.
You have the right to ask for a copy of all records about you.
- Your request should be made in writing to the practice holding your information
- We are required to respond to you within one Month
- You will need to give adequate information (for example full name, address, date of birth NHS number etc.)
To access your record contact
If you think anything is inaccurate or incorrect, please inform the Practice as soon as possible. For other rights about the use of your information please see our website.
How we keep your records confidential
Everyone working for the NHS has a legal duty to keep information about you confidential.
We have a duty to:
- Maintain full and accurate records of the care we provide to you
- Keep records about you confidential, secure and accurate
- Provide information in a format that is accessible to you (i.e., in large type if you are partially sighted).
We will not share information that identifies you for any reason, unless:
- you ask us to do so;
- we ask, and you give us specific permission;
- we must do this by law;
- we have special permission for health or research purposes or
- we have special permission because the interests of the public are thought to be of greater importance than your confidentiality
Our guiding principle is that we are holding your records in strict confidence
Who are our partner organisations?
We may share information with the following main partner organisations:
- NHS England
- Our Commissioners
- NHS Trusts / Organisation (Hospitals, CCG’s)
- Specialist Trusts
- Ambulance Service
- Social Services
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Social Care Services
- Fire and Rescue Services
We may also share your information, with your consent and subject to strict sharing protocols about how it will be used, with:
- Education Services
- Local Authorities
- Voluntary Sector Providers
- Private Sector
Anyone who receives information from us also has a legal duty to keep it confidential
What if I think there has been a breach of my Data Protection Rights?
If you believe there has been a breach of any of your Data Protection Rights you have a right to complain to the UK supervisory Authority as below.
Tel: 01625 545745
Privacy Notice May 20 COVID-19
GDPR Privacy Statement
How we use your information leaflet
GDPR S1 Privacy Notice (June 19)