Practice Policies & Patient Information
Complaint Procedure
If you have a complaint or concern about the service you have received from the doctors or any of the staff working in this GP surgery, please let us know. This includes Primary Care Network staff working as part of our GP surgery. We operate a complaints procedure as part of an NHS system for dealing with complaints. Our complaints system meets national criteria.
How to make a complaint
We hope that most problems can be sorted out easily and quickly when they arise and with the person concerned. For example, by requesting a face-to-face meeting to discuss your concerns.
If your problem cannot be sorted out this way and you wish to make a complaint, we would like you to let us know as soon as possible. By making your complaint quickly, it is easier for us to establish what happened. If it is not possible to do that, please let us have details of your complaint:
- Within 6 months of the incident that caused the problem; or
- Within 6 months of discovering that you have a problem, provided this is within 12 months of the incident.
Complaints should be addressed to the GP surgery team verbally or in writing. Alternatively, you may ask for an appointment with the GP surgery to discuss your concerns. They will explain the complaints procedure to you and make sure your concerns are dealt with promptly. Please be as specific as possible about your complaint.
What we will do
We will acknowledge your complaint within three working days. We will aim to have investigated your complaint within ten working days of the date you raised it with us. We will then offer you an explanation or a meeting with the people involved, if you would like this. When we investigate your complaint, we will aim to:
- Find out what happened and what went wrong.
- Make it possible for you to discuss what happened with those concerned, if you would like this.
- Make sure you receive an apology, where this is appropriate.
- Identify what we can do to make sure the problem does not happen again.
Complaining on behalf of someone else
We take medical confidentiality seriously. If you are complaining on behalf of someone else, we must know that you have their permission to do so. A note signed by the person concerned will be needed unless they are incapable (because of illness) of providing this.
Complaining to NHS England
We hope that you will use our Practice Complaints Procedure if you are unhappy. We believe this will give us the best chance of putting right whatever has gone wrong and an opportunity to improve our GP surgery.
However, if you feel you cannot raise the complaint with us directly, please contact NHS England. You can find more information on how to make a complaint at https://www.england.nhs.uk/contact-us/complaint/complaining-to-nhse/.
Unhappy with the outcome of your complaint?
If you are not happy with the way your complaint has been dealt with by the GP surgery and NHS England and would like to take the matter further, you can contact the Parliamentary and Health Service Ombudsman (PHSO). The PHSO makes final decisions on unresolved complaints about the NHS in England. It is an independent service which is free for everyone to use.
To take your complaint to the Ombudsman, visit the Parliamentary and Health Service Ombudsman website or call 0345 015 4033
Need help making a complaint?
If you want help making a complaint, Healthwatch Hounslow can help you find independent NHS complaints advocacy services in your area.
Alternatively, POhWER is a charity that helps people to be involved in decisions being made about their care. Call POhWER’s support centre on 0300 456 2370 for advice.
Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Freedom of Information
Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
Access to Records
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.
Data Protection Act 2018 + GDPR
Data Protection Act 2018 + GDPR
Please click on data protection link above for information on new data protection regulations as applied to the Surgery.
Data Regulations
Addison House Surgery – Patient Privacy and Data Procedures
How Addison House Surgery uses your information to provide you with healthcare
This practice keeps medical records confidential and complies with the General Data Protection Regulation.
We hold your medical record so that we can provide you with safe care and treatment.
We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
- We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
- Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see: https://digital.nhs.uk/summary-care-records or alternatively speak to the practice.
- You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.
Other important information about how your information is used to provide you with healthcare
Registering for NHS care
|
Identifying patients who might be at risk of certain diseases
|
Safeguarding
|
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details |
Dr John Onuorah, Addison House Surgery, Hamstel Road, Harlow, Essex CM20 1DS. Telephone 01279 621900
|
Data Protection Officer contact details |
Renier van Zyl, Stellar Healthcare, Building 1, Spencer Close, St Margaret’s Hospital, The Plain, Epping, Essex, CM16 6TN, telephone: 01992 660272 |
Purpose of the processing
|
|
Lawful basis for processing
|
These purposes are supported under the following sections of the GDPR:
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence. |
Recipient or categories of recipients of the processed data
|
The data will be shared with:
|
Rights to object
|
|
Right to access and correct |
|
Retention period
|
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016or speak to the practice. |
Right to complain
|
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link ico.org.uk/global/contact-us
or call the helpline 0303 123 1113 |
Data we get from other organisations | We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service. |
How your information is used for medical research and to measure the quality of care
Medical research
Addison House Surgery shares information from medical records:
This is important because:
We share information with the following medical research organisations with your explicit consent or when the law allows: e.g. RCGP Research You have the right to object to your identifiable information being used or shared for medical research purposes. Please speak to the practice if you wish to object |
Checking the quality of care – national clinical audits
|
We are required by law to provide you with the following information about how we share your information for medical research purposes.
Data Controller contact details |
Dr John Onuorah, Addison House Surgery, Hamstel Road, Harlow, Essex CM20 1DS. Telephone 01279 621900 |
Data Protection Officer contact details |
Renier van Zyl, Stellar Healthcare, Building 1, Spencer Close, St Margaret’s Hospital, The Plain, Epping, Essex CM16 6TN
Telephone: 01992 660272
|
Purpose of the processing
|
Medical research and to check the quality of care which is given to patients (this is called national clinical audit). |
Lawful basis for processing
|
The following sections of the GDPR mean that we can use medical records for research and to check the quality of care (national clinical audits)
Article 6(1)(e) – ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’. For medical research: there are two possible Article 9 conditions. Article 9(2) (a) – ‘the data subject has given explicit consent…’ OR Article 9(2) (j) – ‘processing is necessary for… scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member States law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject’. To check the quality of care (clinical audit): Article 9(2) (h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’ |
Recipient or categories of recipients of the processed data
|
For medical research the data will be shared with e.g. RCGP Research
For national clinical audits which check the quality of care the data will be shared with NHS Digital. |
Rights to object and the national data opt-out
|
You have a right to object under the GDPR and the right to ‘opt-out’ under the national data opt-out model. The national data opt-out model provides an easy way for you to opt-out of:
Please contact the practice if you wish to opt-out. To opt-out of your identifiable information being shared for medical research or to find out more about your opt-out choices please go to NHS Digital’s website: digital.nhs.uk/ |
Right to access and correct |
|
Retention period
|
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016Or speak to the practice. |
Right to complain
|
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link:
or call the helpline 0303 123 1113 |
How your information is shared so that this practice can meet legal requirements
The law requires Addison House Surgery to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:
We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information. We must also share your information if a court of law orders us to do so. |
NHS Digital
|
Care Quality Commission (CQC)
|
Public Health
|
We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data.
Data Controller contact details |
Dr John Onuorah, Addison House Surgery, Hamstel Road, Harlow, Essex CM20 1DS. Telephone 01279 621900 |
Data Protection Officer contact details |
Renier van Zyl, Stellar Healthcare, Building 1, Spencer Close, St Margaret’s Hospital, The Plain, Epping, Essex CM16 6TN
Telephone: 01992 660272 |
Purpose of the processing
|
Compliance with legal obligations or court order. |
Lawful basis for processing
|
The following sections of the GDPR mean that we can share information when the law tells us to.
Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’ Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’ |
Recipient or categories of recipients of the processed data
|
|
Rights to object and the national data opt-out
|
There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.
NHS Digital
The national data op-out model provides you with an easy way of opting-out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons. To opt-out or to find out more about your opt-out choices please go to NHS Digital’s website: https://digital.nhs.uk/
NHS Digital sharing with the Home Office
Public health
Care Quality Commission
Court order
|
Right to access and correct |
|
Retention period
|
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016or speak to the practice. |
Right to complain
|
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113 |
National screening programmes
|
We are required by law to provide you with the following information about how we handle your information in relation to our legal obligations to share data.
Data Controller contact details |
Dr John Onuorah, Addison House Surgery, Hamstel Road, Harlow, Essex CM20 1DS. Telephone 01279 621900 |
Data Protection Officer contact details |
Renier van Zyl, Stellar Healthcare, Building 1, Spencer Close, St Margaret’s Hospital, The Plain, Epping, Essex CM16 6TN
Telephone: 01992 660272 |
Purpose of the processing
|
|
Lawful basis for processing
|
The following sections of the GDPR allow us to contact patients for screening.
Article 6(1) (e) – ‘processing is necessary…in the exercise of official authority vested in the controller…’’ Article 9(2) (h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’ |
Recipient or categories of recipients of the processed data
|
The data will be shared with those who provide bowel screening, breast screening, cervical screening and retinal eye screening services |
Rights to object
|
For national screening programmes: you can opt so that you no longer receive an invitation to a screening programme.
See: www.gov.uk/government/publications/opting-out-of-the-nhs-population-screening-programmes Or speak to the practice. |
Right to access and correct |
|
Retention period
|
GP medical records will be kept in line with the law and national guidance.
Information on how long records can be kept can be found at: Or speak to the practice. |
Right to complain
|
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link ico.org.uk/global/contact-us/
Or call the helpline 0303 123 1113 |
Data we get from other organisations | We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service. |
GP Net Earnings
2022/23 Publication of Earnings – Addison House Surgery
All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice.
The average pay for GPs working in Addison House Surgery in the last financial year was £66,358 before tax and National Insurance. This is for 2 full time GPs, 2 part-time GPs and 4 GP locums who worked in the practice for more than six months.
However it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice, and should not be used to form any judgement about GP earnings, nor to make any comparison with any other practice.
2021/22 Publication of Earnings – Addison House Surgery
All GP practices are required to declare the mean earnings (e.g., average pay) for GPs working to deliver NHS services to patients at each practice.
The average pay for GPs working in Addison House Surgery in the last financial year was £83,287 before tax and National Insurance. This is for 3 full time GPs, 2 part time GPs and 3 locum GPs who worked in the practice for more than six months.
However, it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice and should not be used to form any judgement about GP earnings, nor to make any comparison with any other practice.
2020/21 Publication of Earnings – Addison House Surgery
All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice.
The average pay for GPs working in Addison House Surgery in the last financial year was £116,632 before tax and National Insurance. This is for 4 full time GPs, 2 part-time GPs and 1 locum who worked in the practice for more than six months.
However, it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice, and should not be
Home Visiting Policy
Our home visiting policy is based on RCGP guidelines. You cannot insist that a GP visits you at home.
A GP will only visit you at home if they think that your medical condition requires it. A GP can also decide how urgently a visit is needed.
Due to increasing demand GPs can no longer automatically visit any patient who requests a home visit. All visits must now be triaged and dealt with according to clinical need.
GPs are better able to assess patients in the surgery where they have access to specialist equipment, good lighting and examination facilities and therefore it is always the preferable site for any consultation.
GPs having to visit inappropriate house call patients are delayed from visiting those patients who are in genuine need of a visit and therefore this poses an unacceptable clinical risk.
GPs are not responsible for ensuring that a patient has financial means to attend the surgery nor that the patient chooses to register with a practice that is difficult for them to get to in bad weather or without a car.
GPs are not obliged to visit a patient if they have assessed the patient’s clinical need on the telephone and found them to be suitable for an alternative method of healthcare.
As long as the GP has provided a plan for a patient (which may be an appointment the same day, a future day, telephone advice or attendance at other healthcare site such as A&E, a message communicated via reception) then the partners of The Addison House Surgery will support any such decision made.
All telephone calls are recorded. Admin and clinical staff are expected to make good records of all patient contact within the clinical record.
The Surgery has weekly MDT (multidisciplinary team) meetings with community clinical staff where relevant clinical management matters including home visit requests/feedback are discussed.
Privacy Policy
Privacy Policy
- Introduction
Addison House Surgery is the data controller for the information it holds about its patients.
The ICO defines a data controller as a person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Controllers are responsible for the compliance of their processor(s). A data controller is the organisation that makes decisions about the personal data that is being collected and processed and we are ultimately in charge of and responsible for the processing.
As the data controller, the organisation must ensure and be able to demonstrate compliance with Article 5 of the UK GDPR which lays out seven key principals of processing personal data.
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
You can contact us in relation to this policy and any queries about it and/or to access your rights by contacting us using the below details.
Address: The Doctors Surgery, Addison House, Hamstel Rd, Harlow CM20 1DS
Phone: 01279 621900
Email: [email protected]
Please use these details, should you wish to speak to our Data Protection Officer.
We are registered with the Information Commissioners Office (ICO) and our registration number is: Z625470X
At Addison House Surgery, we are committed to protecting and respecting your privacy, informing you of your rights under Data Protection legislation and giving you access to these rights.
This Privacy Policy sets out important details about information that Addison House Surgery and staff responsible for your care and treatment may collect and hold about you, how that information may be used and your legal rights.
We will review this Privacy Policy on a regular basis, and we advise you to check back on our website for the latest version.
- Who has information about me?
For your healthcare, several care providers hold and share information about you, in order to provide safe and effective care. These include but are not limited to:
- NHS 111, Ambulance Service and Out of Hours service
- Herts and West Essex ICB, Secondary care services including Hospitals, Psychological Wellbeing Services, CMHTs, CRHTs or any other service a patient is referred to.
- Local GP Practices in order to deliver extended primary care services.
- Local Community care services and Social services
- Voluntary support organisations commissioned to provide services Herts and Essex ICB.
- Diabetic Eye Screening Programme
Information is shared for your direct care purposes. There may be instances where we are required under legislation to share information, but we will only do so if we have a legal basis.
While we may share your information with the aforementioned organisations, we might also receive information from them. This ensures that your medical records are kept current, allowing your General Practice to provide appropriate care.
- Information we hold about you
We hold 2 types of data about you.
- a) Personal data (data which identifies you)
- Personal data only includes information relating to natural persons, i.e. name, phone number, email address, address, date of birth, etc.
- Personal data may also include special categories of personal data or criminal conviction and offences data. These are more sensitive, and Addison House Surgery may only process them in more limited circumstances.
- Pseudonymised data can help reduce privacy risks by making it more difficult to identify individuals, but it is still personal data.
- b) Special Category (sensitive data)
This sort of data could include:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data (where used for identification purposes)
- health
- sex life
- sexual orientation
- How we collect your information
The information we collect and process about you has either been provided by you or by others involved in your care and treatment (i.e., hospital, community, employers).
This is likely to include your personal data (see 3. a))
We may also hold more sensitive information about you (see 3.b)))
We may collect information from you when:
- You contact us via telephone calls which may be recorded and retained for a limited period for training and monitoring purposes and to help improve our services.
- You communicate with us via email, social media or our website.
- You visit the practice for an appointment.
Sometimes we obtain information about you from:
- other health care providers,
- credit reference agencies,
- debt collection agencies, and
- government agencies such as HMRC or the Home Office.
- How we use your information
We use information about you in connection with
- treatment and/or care,
- tests or assessments, and
- medical examinations
We may use your phone number (or email address where you have provided it to us) to contact you in advance of an appointment for reasons connected with your care or treatment. Where you have provided us with your mobile number or email address, we may send you confirmations/reminders of your appointments via text message or email and we may respond to your email enquiries via email.
We may also use information about you for:
- quality assurance,
- maintaining our business records,
- developing and improving our products and services, and
- monitoring outcomes where we believe there is a business need to do so and our use of information about you does not cause harm to you.
This may include our staff planning and workload management systems to help support our staff and clinicians to develop and plan the most appropriate levels of care to our patients and to ensure we have got the right levels of productivity and efficiency and good outcomes for patients.
We may also use information about you where there is a legal or regulatory obligation on us to do so (such as the prevention of fraud or safeguarding) or in connection with legal proceedings.
We may also use information about you where you have provided your consent to us doing so.
- Staff access to your personal and sensitive data.
We carefully control who has access to your information. Staff only have access where they are required to do so to provide direct care or support (i.e., receptionist and secretary). Where possible we limit the access that staff have on our clinical systems. We also carry out spot checks and audits to see if there has been any inappropriate access. Where that occurs, disciplinary action may be taken against the staff, and in serious cases court action. If a data breach includes access to your information, we will contact you. We also have an obligation if it is a serious data breach to inform the Information Commissioners Office.
In order to reduce risk of a data breach we have in place robust policies and procedures, and we carry out training for all staff on an annual basis.
All clinical staff providing direct care are registered with the appropriate professional and regulatory bodies, i.e., GMC, NMC, CSP and have a responsibility to uphold the highest standards when handling patient/client information.
- How we keep your information safe and secure
- Addison House Surgery is required to complete the NHS Digital Data Security & Protection Toolkit. This is a tool that provides assurance that we are meeting standards on handling patient/client information.
- We have Data Protection Policies in place to ensure staff understand the ‘must’ or ‘must not do’ with patient/client data.
- Staff are required to complete induction training in Information Governance and to complete annual update training.
- Spot checks are carried out across the practice.
- Our IT is managed by NHS Arden & GEM CSU IT Team who ensure that all safeguards are in place to protect data held on IT systems are protected and secure from unauthorised access, loss or damage and hold a Cyber Security Plus certification.
- Passwords are changed on a regular basis.
- Where incidents do happen, our investigations will include actions we take and lessons learnt.
- Sharing your information
We set out these reasons for sharing your information below and assure you that in each case, we share only such information as is appropriate, necessary and proportionate.
- We will share your medical information with those involved in your health assessment, care or treatment (such as doctors, nurses and physiotherapists) for direct care purposes. Some of our nursing staff and the resident doctors in our practice are provided by specialist staffing agencies. We ensure there is a single patient record for each patient who is seen at our practice.
- We will also share information about you with other members of staff involved in the delivery of your direct care for administration purposes (such as our, medical secretaries, GPA’s, receptionists). This will be limited to what is required for them to fulfil their role.
- Local NHS hospitals and independent pathology/clinical laboratory services provide Addison House Surgery with support services (such as blood tests) and we may share information about you with these hospitals where required in connection with your care.
- We may also share relevant parts of your medical information with your dentist, other private organisations and the organisation paying for your treatment (for example your insurance company). For our health assessment clients who come to us through their employer’s health assessment benefit scheme, please be assured that we will not share your medical information with your employer without your consent.
- We may share information about you with anyone you have asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin).
- Sharing information with third parties who are not involved in your health assessment, care or treatment
We may share information about you with external organisations such as:
- our lawyers,
- auditors,
- Insurance companies
- NHS organisations, and
- regulatory bodies such as the CQC and ICO.
We will only do this where we have a legal basis to do so or with your consent.
We may also share information about you with third party suppliers, which provide us with
- electronic patient record systems
- radiology imaging archiving and reporting systems.
We may also share information about you with those providing us with information technology systems, this includes:
- an incident management and recording system, and
- a system for electronic prescribing as well as
- other clinical and non-clinical software applications (and related services)
In each case, we would share only such information as was relevant, necessary and proportionate.
- Sharing with regulators or because of a legal obligation
We may share information about you with our regulators, including the
- Care Quality Commission.
- Medicines and Healthcare products Regulatory Agency (which ensures medicines and medical devices used in the UK work and are acceptably safe).
- NHS England (which leads the NHS in England) and the Department of Health (the government department responsible for health and adult social care policy).
- Health & Safety Executive.
- Public Health England.
Sometimes, we are required to disclose information about you because we are legally required to do so. This may be because of a:
- court order
- regulatory body has statutory powers to access patients’ or health assessment clients’ records as part of their duties to investigate complaints, accidents, or health professionals’ fitness to practise.
Before any disclosure will be made, we will satisfy ourselves that any disclosure sought is required by law or can be justified in the public interest.
Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime. On occasion, this may include the Home Office and HMRC.
- Audits, surveys, and initiatives
In common with all healthcare providers (both NHS and private), we also look at the quality of the care we provide:
- to patients and health assessment clients and participate in national audits and initiatives,
- to ensure that patients are getting the best possible outcomes from their treatment and care, and
- to help patients make informed choices about the care they receive.
We can assure you that your personal information always remains under our control. Any information we provide for national audits and initiatives outside of Addison House Surgery will not contain any information in which any patient can be identified unless it is required by law. Any publishing of this data will be in anonymised statistical form. The Practice may partake in local audits where there has been a Serious Incident in order to identify any potential clinical risks to yourself or other patients.
- Legal basis for using your information
Data protection law requires that we set out the legal basis for holding and using information about you. We have set out the various reasons we use information about you and alongside each, the legal basis for doing so. Given that some information we hold about you is particularly sensitive (as described above), we need an additional legal basis which we have set out in the third column (entitled ‘legal basis for more sensitive information’) explaining our reason for this.
Processing shall be lawful only if and to the extent that at least one of the following applies:
- a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- b) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
- c) processing is necessary for compliance with a legal obligation to which the controller is subject.
- d) processing is necessary to protect the vital interests of the data subject or of another natural person.
- e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, where the data subject is a child.
For the purpose of delivering your direct health care within the practice and sharing your information we use Article 6 of the UK GDPR (11. e)) above.
Where we have to share your information because we are required to do so under law, we use Article 6 of the UK GDPR (11. c)) above.
Where we process any more sensitive (special category data) we do this on and additional legal basis under article 9 of the UK GDPR:
- g) Health or social care (with a basis in law).
- Where and for how long we store your information
The information about you that we hold, and use is held securely in the United Kingdom and stored electronically and in paper format and on secure servers.
No records are stored outside the EEA.
We retain your records for certain periods (depending on the record) under our retention of records policy. Addison House Surgery follows the recommend best practice contained in the NHS Records Management Code of Practice. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including:
- to support patient care and continuity of care.
- to support evidence-based clinical practice.
- to assist clinical and other audits.
- to support our public task
- to meet legal requirements.
Your records may not be retained in hard copy form where a digital copy exists.
If you would like more detailed information on this, please contact our Practice Manager (contact details above).
- Your information rights
Under certain circumstances, you have rights under data protection laws in relation to any personal information that we hold about you. Please note that for some purposes, especially within health and care, some of your rights under UK GDPR have applicable exemptions. You can find out more about your rights and exemptions on the ICO website.
If you wish to exercise any of the rights set out below, please contact the Practice using the contact details set out above.
You have:
- a) The right to be informed. This privacy notice forms part of that, but we also aim to keep you fully informed during your consultations, via posters in the practice and leaflets when appropriate.
- b) The right to access your personal information. You are usually entitled to a copy of the personal information we hold about you and details about how we use it.
Your information will usually be provided to you in the form you request, if we are unable to do that, we will inform you. If you have made the request electronically (e.g. by email) the information will be provided to you by electronic means where possible.
Under data protection law we must usually confirm whether we have personal information about you. If we do hold personal information about you, we usually need to explain to you:
- The purposes for which we use your personal information.
- The types of personal information we hold about you.
- Who your personal information has been or will be shared with.
- Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for.
- If the personal data we hold about you was not provided by you, where we obtained the information from.
- Your right to ask us to amend or delete your personal information (if appropriate).
- Your right to ask us to restrict how your personal information is used or to object to our use of your personal information (if appropriate).
- Your right to complain to the Information Commissioner’s Office.
- We also need to provide you with a copy of your personal information.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity (this will be proportionate) and ensure your right to access your personal information (or to exercise any of your other rights). We may also contact you to ask you for further information in relation to your request to speed up our response.
We respond to all requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
- c) The right to request correction of your personal information
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete and up to date. However, if you do not believe this is the case, you can ask us to update or amend it.
- d) The right to request erasure of your personal information
In some circumstances, you have the right to request the erasure of the personal information that we hold about you. This is also known as the ‘right to be forgotten’. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question.
- e) The right to object to the processing of your personal information
In some circumstances, you have the right to object to the processing of your personal information. This would usually apply to processing for other purposes other than your direct health care i.e., research
- f) The right to request a transfer of your personal information
In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.
- g) The right to object.
You can ask us to stop sending processing your information for any other purposes other than your health care.
- h) The right not to be subject to automatic decisions (i.e., decisions that are made about you by computer alone)
You have a right to not be subject to automatic decisions (i.e., decisions that are made about you by computer alone) that have a legal or other significant effect on you.
- i) The right to withdraw your consent
You have the right to withdraw your consent where we rely upon this as a legal ground for processing your information.
To apply any of the Individual Rights above please contact the Practice Manager.
- CCTV
We have installed CCTV to:
- ensure the security of our and your property and the security of our patients and staff
- monitor the security of our premises.
All CCTV is maintained and overseen by our assistant practice manager.. They are responsible for carrying out compliance audits and reviewing the need for CCTV. CCTV footage may be shared for the detection and/or prevention of crime or fraud.
- General Practice Data for Research
The data held in the GP medical records of patients is used to support health research in England, helping to find better treatments and improve patient outcomes for everyone. Any data that could directly identify you (such as NHS Number, date of birth, full postcode) is replaced with unique codes which are produced by de-identification software before the data is shared with NHS England.
This process is called pseudonymisation and means that patients will not be identified directly in the data.
If you do not want your patient data to be shared for purposes except your own care, you can opt-out of this process.
For further information please access the website here https://digital.nhs.uk/services/national-data-opt-out or contact the practice.
- My Care Record
My Care Record enables health and care professionals to access the information they need to look after you, even if they work for different organisations or in different locations.
Addison House Surgery is part of My Care Record, an approach to improving care by joining up health and care information. Health and care professionals from other services will be able to view information from the records we hold about you when it is needed for your care. Please see www.mycarerecord.org.uk for more information.
- Health Information Exchange Gateway
Joining up health and care information via the HIE (Health Information Exchange) used across the region to enable heath and care professionals to access up-to-date information held by different organisations or in different locations. This will result in it more effective care and secure information sharing for direct care purposes.
Each organisation will determine the content of their own information feed into the Shared Care Record. This will be based on the nature of the records that the organisation holds.
The Cerner HIE (Shared Care Record) system displays the feeds from partner organisations in a single user accessible dashboard, in real time.
- Recordings
- Telephone calls are being recorded for training and monitoring purposes only.
- When the Surgery carries out video consultations. The consultation is not stored or recorded within the system; the clinical staff member is required to record observations and outcomes of the consultation directly into your patient’s record in the same way as during a face-to-face consultation.
- Primary Care Network (PCN)
We are a member of Herts and West Essex Primary Care Network (PCN). This means we will be working closely with several other GP Practices and health and care organisations to provide healthcare services to you. No health data is automatically shared. Patient records remain with the practice that the patient is registered with, the record would only be accessed by another practice if the patient has booked and agreed an extended access appointment or clinical services delivered in a GP Practice, the patient is advised of this at the time of accepting the appointment.
Other Practices in our PCN are:
- Nuffield House Surgery
- Old Harlow Health Centre
- Sydenham House Surgery
- Integrated Care Systems (ICS)
As the country moves to an integrated care system based on geographical areas (East & North Herts, Herts Valleys and West Essex) Information may be available to other care providers in order to provide safe, effective and cost-efficient care. Robust training, policies, procedures, controls, audits and technical measures will be in place to safeguard against inappropriate access and disclosure.
- Integrated Care Board (ICB)
The Integrated Care Boards are responsible for securing, planning, designing and paying for your NHS services, including planned and emergency hospital care, mental health, rehabilitation, community and primary medical care (GP) services. This is known as commissioning. We do share data with Herts and West Essex ICB who is working with GP practices, local hospitals and other providers, generating Population Health Management information and link all the information together but then remove information that identifies you. The linked and pseudonymised information will help the ICB learn to use the data. The information will be reviewed and decisions made about the whole population.
As part of the review, a group of individuals or a single individual might be identified that could benefit from some additional care or support. The information will be sent back to the us (your GP) and we will use the unique code to identify you and offer you relevant services (direct care).
The ICB are legally obliged to protect your information and maintain confidentiality in the same way as us (your GP) or hospital provider.
- Using your data to plan and support better care
Your GP data, including age, gender and medications prescribed, is used to plan health and care services for the local area, as well as help your GP provide better personalised care.
This process is called risk stratification and is a statutory (legal) requirement.
If however you don’t want your data to be used in this way, you can opt-out, but need to be aware that this can affect the proactive provision of your care.
What is risk stratification?
In Hertfordshire and West Essex, we take part in two types of risk stratification:
- Risk stratification for case-finding
- Risk-stratification for commissioning
In both cases risk stratification tools use patient data, such as age gender, diagnoses, hospital attendance and admissions, which is collected by NHS Digital from NHS hospitals and community care services. This is then linked to data from GP practices and analysed. It is important to note that your name is not used when the data is being analysed. Only your NHS number is used during this process. GP practices will then be able to view your name when it is appropriate to do so to improve the services available to you.
Risk stratification for case-finding
This is a process GPs use to help them spot and support patients with long-term conditions and help prevent unplanned hospital admissions or reduce the risk of developing other diseases.
Your GP will use computer calculations to pick out registered patients who are at the most risk.
Your GP will do this on a routine basis. It will be done electronically and will produce a report that will be reviewed by a clinical team at your practice. You might then be contacted if changes to your care are identified.
Risk stratification for commissioning
This is a process Hertfordshire and West Essex Integrated Care Board (HWE ICB) use to understand the needs of the local population so they can commission the right care services.
Data is sent by NHS England and/or GP practices directly into a risk stratification tool provided by an NHS England-approved supplier.
ICB staff only have access to anonymised or aggregated data. You will not be personally identifiable nor will any ICB staff have access to your personal or confidential data.
Your rights
It is a statutory requirement for NHS England to collect identifiable information.
There is Section 251 of the NHS Act 2006 which allows the Secretary of State, to set aside the common law duty of confidentiality for defined medical purposes. Approval is obtained through the Confidentiality Advisory Group of the Health Research Authority, that means HWE ICB can receive this data in line with specific technical and security measures in place.
Opt-out
If you are happy for your data to be used in this way, you don’t need to do anything.
However, if you don’t want your data included, you can choose to opt out. You can get further information regarding this by visiting Opt out of sharing your health records – NHS (www.nhs.uk) or by contacting your GP Practice who will advise on how to opt out of local specific projects. You may also wish to opt out of your information being used for research or planning purposes nationally by visiting: https://www.nhs.uk/your-nhs-data-matters/ .
To find out more about which risk stratification tools are used, how your personal data is handled and your rights, you can view the HWE ICB Privacy Notice available at the web address provided below or your GP Practice privacy notice available on the GP practice website or as a leaflet in the reception area.
https://hertsandwestessex.icb.nhs.uk/website/privacy-notice-1
- The right to complain to the Information Commissioner’s Office
In the event that you feel your GP Practice has not complied with the current data protection legislation, either in responding to your request or in our general processing of your personal information, you should raise your concerns in the first instance in writing or by email (as detailed above) to the Practice Manager.
You have the right to complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations under data protection law.
Making a complaint will not affect any other legal rights or remedies that you have.
More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/ and the Information Commissioner’s Office can be contacted by post, phone, or email as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (if you prefer to use a national rate number)
Fax: 01625 524 510
Email: [email protected]
For further questions or to exercise any rights set out in this Privacy Policy, please contact us on the contact details provided above to request to speak to the Data Protection Officer.
Please note that this privacy policy applies to our practice and the information we collect about you only. For any services, other parties or websites mentioned in this privacy policy or on our website, we do not accept liability and we advise you to read their privacy policies.
Summary Care Record
There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.
Why do I need a Summary Care Record?
Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.
This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.
Who can see it?
Only healthcare staff involved in your care can see your Summary Care Record.
How do I know if I have one?
Over half of the population of England now have a Summary Care Record. You can find out whether Summary Care Records have come to your area by looking at our interactive map or by asking your GP
Do I have to have one?
No, it is not compulsory. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery. You can use the form at the foot of this page.
More Information
For further information visit the NHS Care records website.
Violence Policy
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.