We would like to assure our patients that we are compliant with the new General Data Protection Regulations 2018. For further information please read our privacy notices and policies attached. If you would like to discuss any aspect of this further please contact the Practice Manager Helen Stacey on 01278 732696 or email email@example.com or our Data Protection Officer at Somerset Primary Healthcare Ltd Email : firstname.lastname@example.org
| PRIVACY NOTICE
THE RECORDS WE KEEP TO ENABLE US TO LOOK AFTER YOU
This practice keeps data on you relating to who you are, where you live, what you do, your family, possibly your friends, your employers, your habits, your problems and diagnoses, the reasons you seek help, your appointments, where you are seen and when you are seen, who by, referrals to specialists and other healthcare providers, tests carried out here and in other places, investigations and scans, treatments and outcomes of treatments, your treatment history, the observations and opinions of other healthcare workers, within and without the NHS as well as comments and aide memoires reasonably made by healthcare professionals in this practice who are appropriately involved in your health care.
When registering for NHS care, all patients who receive NHS care are registered on a national database, the database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS
GPs have always delegated tasks and responsibilities to others that work with them in their surgeries, on average an NHS GP has between 1,500 to 2,500 patients for whom he or she is accountable. It is not possible for the GP to provide hands on personal care for each and every one of those patients in those circumstances, for this reason GPs share your care with others, predominantly within the surgery but occasionally with outside organisations.
If your health needs require care from others elsewhere outside this practice we will exchange with them whatever information about you that is necessary for them to provide that care. When you make contact with healthcare providers outside the practice but within the NHS it is usual for them to send us information relating to that encounter. We will retain part or all of those reports. Normally we will receive equivalent reports of contacts you have with non NHS services but this is not always the case.
Your consent to this sharing of data, within the practice and with those others outside the practice is assumed and is allowed by the Law.
People who have access to your information will only normally have access to that which they need to fulfil their roles, for instance admin staff will normally only see your name, address, contact details, appointment history and registration details in order to book appointments, the practice nurses will normally have access to your immunisation, treatment, significant active and important past histories, your allergies and relevant recent contacts whilst the GP you see or speak to will normally have access to everything in your record.
You have the right to object to our sharing your data in these circumstances but we have an overriding responsibility to do what is in your best interests. Please see below.
Quantock Medical Centre – Your information, what you need to know
(If you want to speak to us about your data, please see our ‘contact’ page or email email@example.com or telephone 01278 732696)
This notice describes why we collect information about you, how your information will be used and your rights in respect of your data.
Why we collect information about you
Your records are used to ensure you get the best possible care. Your information helps them to make the best decisions about your care and helps provide you with proactive advice and guidance. Important information is also collected to help us to remind you about specific treatment which you might need, such as health checks, immunisations for children and reminders for screening appointments. We work with other NHS services to co-ordinate these.
Information held about you may be used to help protect the health of the public and to help us to improve NHS services. Information may be used within the GP practice to monitor the quality of the service provided (known as ‘clinical audit’).
What data do we collect and receive about you?
Records are stored electronically and on paper and include personal details about you such as your address, carers, legal representatives, emergency contact details, as well as:
We also receive information from other organisations that are caring for you that we hold in your record. This will include letters and test results.
How we use your information: For providing your care
Where you have agreed we will send information on your prescriptions to pharmacies, either by electronic systems or by paper.
Test requests and results
Where we undertake tests on you, such as blood tests, we will send the sample and details of the tests we are requesting to the most appropriate pathology laboratory. The data shared with the laboratory will include your NHS number, name, the type of test requested and any health information relevant to doing the test and producing the result or report. We will receive the test results back from the laboratory electronically and these will be stored in your patient record.
Extended services and out of hours
We work closely with neighbouring practices and ‘out of hours’ providers including NHS 111 to ensure that if you need care from a doctor outside of normal hours that they have access to your records when needed to give you the best possible care. This may be delivered over the phone or via video consultation as appropriate. Services may be run by ‘GP Federations’ and ‘Primary Care Networks’.
With your agreement, your GP or Nurse may refer you to other services not provided by the practice, or they may work with other services to provide your care in the practice. Information will be shared by letters, emails and shared record systems.
Once you have been seen, the other care agency will tell us about the treatment they have provided for you and any support which your GP needs to provide. This information is then included in your record. Referrals can be to lots of different services, such as smoking cessation services, social prescribers, voluntary services and other health and care agencies, as appropriate, for your care.
Hospital, Community or Social Care Services
Sometimes the staff caring for you need to share some of your information with others who are also supporting you. This could include hospital or community based specialists, nurses, health visitors, therapists or social care services. Information will be shared to organisations where you receive care, whether that is local or further away, if you need specialist care or emergency care in another.
Shared computer systems
Health and Social care services are developing shared systems to share data efficiently and quickly. It is important for anyone treating you to be able to access your shared record so that they have all the information they need to care for you. This will be during your routine appointments and also in urgent situations such as going to A&E, calling 111 or going to an Out of hours appointment. It is also quicker for staff to access a shared record than to try to contact other staff by phone or email.
Only authorised staff can access the systems and the information they see is carefully checked so that it relates to their job. Systems do not share all your data, just data which services have agreed is necessary to include.
For more information about shared care records, please go to https://www.somersetccg.nhs.uk/about-us/digital-projects/sider/
Safeguarding of children or vulnerable adults
If we have significant concerns or hear about an individual child or vulnerable adult being at risk of harm, we may share relevant information with other organisations, such as local authorities and the Police, involved in ensuring their safety.
Ensuring medicines work well
We work with the local Medicines Management team of the Clinical Commissioning Group to help get the best out of medicines for patients and ensure they are effective in managing conditions. This generally uses anonymous data, but occasionally they will assist in reviews of medication for patients with complex needs. Doctors may also seek advice and guidance on prescribing queries.
Identifying health risks
Systems known as ‘risk stratification tools’ are used to help determine a person’s risk of suffering particular conditions and enable us to focus on preventing ill health before it develops. Information in these systems comes from a number of sources, such as hospitals and the practice. This can help us identify and offer you additional services to improve your health.
Multi-disciplinary team meetings
For some long term conditions, such as diabetes, the practice participates in meetings with staff from other agencies involved in providing care, to help plan the best way to provide care to patients with these conditions.
National Services (including screening programmes)
There are some national services like National Diabetes Audit and the National Cancer Screening Programmes that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cervical, breast or bowel cancer screening.
You can find out more about how the NHS holds and shares your information for national programmes on the NHS screening website (https://www.nhs.uk/conditions/nhs-screening/)
Data may also be shared on anyone who contracts a ‘communicable disease’, such as Covid 19, in order to manage public health and safety.
How we use your information: beyond providing your care
The information collected about you when you use our services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
Wherever possible data used for these purposes is anonymised so that you cannot be identified. If information cannot be completely anonymous, then this may only take place when the law allows the information to be used. All these uses help to provide better health and care for you, your family and future generations.
Sometimes we are duty bound by laws to disclose information to organisations such as the Care Quality Commission, the Driver and Vehicle Licencing Agency, the General Medical Council, Her Majesty’s Revenue and Customs and Counter Fraud services. In these circumstances we will always try to inform you before we are required to disclose and we only disclose the minimum information that the law requires us to do so.
Objecting to the of use of data for purposes beyond your care
The NHS Constitution states ‘You have a right to request that your personal and confidential information is not used beyond your own care and treatment and to have your objections considered’. For further information please visit: The NHS Constitution
National data opt-out
The national data opt-out enables patients to opt-out from the use of their personal confidential data for research or planning purposes. To find out more or to register to opt out, please visit www.nhs.uk/your-nhs-data-matters.
If you have any concerns about use of your data not covered by the National Data Opt out, please contact the practice.
How long do we hold information for?
Records are kept for the lifetime of the patient. If you move to a new practice, your record will be transferred. If the practice you have left need to access your record, for example to deal with a historic complaint, they will let you know. When information has been identified for destruction or deletion it will be disposed of using approved confidential disposal procedures.
Data Protection laws give you a number of rights, including access to your data, correction, erasure, objection and restriction of use of your data. Details on how to request access to your data are set out below. If you have any concerns about the accuracy and use of your records, please contact us.
Right of Access to your information (Subject Access Request)
You have the right to have a copy of the information we hold about you. There are some safeguards regarding what you will have access to and you may find information has been removed for the following reasons.
You can make a request by asking or writing to the practice. We may ask you to complete a form so that we have a record of your request. You will need to provide proof of identity.
If you would like to access your GP record online click here quantockmedicalcentre.gpsurgery.net
Lawful basis for processing:
The use of personal data for providing care is supported under the following Article 6 and 9 conditions of the GDPR:
Change of Details
It is important that you tell us as soon as you can if any of your details such as your name or address, email address or mobile number have changed. This is to make sure no information about you is sent to an old address.
Mobile telephone number
If you provide us with your mobile phone number, we may use this to send you text reminders about your appointments or other health screening information. Please let us know if you do not wish to receive text reminders on your mobile.
Where you have provided us with your email address we will use this to send you information relating to your health and the services we provide. If you do not wish to receive communications by email, please let us know.
Any changes to this notice will be published on our website and in a prominent area at the Practice.
Data Protection Officer
Should you have any questions or concerns about your data, please contact our Data Protection Officer:
Telephone: 01278 732696
Right to complain
If you have concerns or are unhappy about any of our services, please contact the Practice Manager.
For independent advice about data protection, privacy and data-sharing issues, you can contact:
The Information Commissioner
Phone: 0303 123 1113 Website: https://ico.org.uk/global/contact-us
The following table builds upon the information in our Fair Processing notice and is published to ensure transparency. This list is not exhaustive. Where the offering of a service to a patient will inform them about the sharing of their data, e.g. support from smoking cessation services, it is not necessarily included here. This list does not set out uses of anonymous data where identity has been completely removed (such as anonymised data to the Department for Work and Pensions on provision of ‘fit notes’).
Reviews of and Changes to our Privacy Notice
We will keep our Privacy Notice under regular review. This notice was last reviewed 29 October 2020
We are required by Articles in the General Data Protection Regulations to provide you with the information linked below.
What is CVDPREVENT?
CVDPREVENT is a national primary care audit that will automatically extract routinely held GP data covering diagnosis and management of six high risk conditions that cause stroke, heart attack and dementia: atrial fibrillation (AF), high blood pressure, high cholesterol, diabetes, non-diabetic hyperglycaemia and chronic kidney disease.
CVDPREVENT will provide a foundation for professionally led quality improvement in individual GP practices across Primary Care Networks (PCNs). It will support primary care in understanding how many patients with the high-risk conditions are potentially undiagnosed, under treated or over treated.
The audit will provide data to highlight gaps, identify inequalities and monitor improvement and impact on inequalities, as well as enabling and guiding opportunities for improvement. It will generate quarterly, anonymised data at national, regional, PCN and CCG practice level, across a broad range of metrics. Locally based QI audit tools based on the CVDPREVENT business rule set will enable practices and primary care networks to systematically identify individuals whose clinical risk factors are sub-optimally managed so that they can be offered treatment that will minimise their risk of life changing heart attack or stroke.
When will CVDPREVENT be available?
A first data extraction using NHS Digital’s GP Extraction Services (GPES) is planned for summer 2020 with initial analysis being undertaken in 2020/2021.
The CVDPREVENT Implementation Steering Group
A number of partner organisations are involved in the work, including RCGP, NHS Digital, NICE, Public Health England, NHS England and NHS Improvement, British Heart Foundation, Royal Pharmaceutical Society, Primary Care Cardiovascular Society and GP representatives.
Working with PRIMIS, and funded by the British Heart Foundation, the group has developed a draft business rule set for condition specific metrics. The final business rule set will be published by NHS Digital.
PRIMIS has also conducted a feasibility report which concluded that the audit is feasible and that the optimal route for extraction of the audit dataset would be via the NHS Digital GP Extraction Service (GPES).
If you would like any more information on CVDPREVENT, please email firstname.lastname@example.org
CVDprevent frequently asked questions
Who will deliver the audit?
NHS England and NHS Improvement funding has been secured via the NHS Long Term Plan initially for three years (Year 1 2020/21), they have agreed a partnership model as follows:
- NHS Digital will be directed by NHS England under section 254 of the Health and Social Care Act 2012 to establish and operate a system for the collection and analysis of the information specified for this service. The Direction is progressing through the appropriate channels to gain agreement and is provisional until accepted by NHS Digital.
- NCVIN-PHE will be commissioned to deliver the analytical work package.
- The Healthcare Quality Improvement Partnership (HQIP) will seek a national audit “preferred” provider through a tender process who will provide the strategic oversight and clinical leadership.
What data will be extracted?
Data extraction will be limited to routinely recorded primary care data and will require no additional data input from GPs.
The General Practice Extraction Service (GPES) will extract data according to the agreed CVDprevent business rule set which will be published via NHS Digital, on their website. The business rule set has been developed with a wide range of national and clinical partners to ensure that only the necessary data is extracted for three clearly defined cohorts: those with one or more of the high-risk conditions for CVD, those with pre-existing CVD and those with clinical records that flag the possibility of an undiagnosed high-risk condition.
How often will the extract occur?
The extracts will occur on a quarterly basis.
What data will PHE receive, will they be able to identify individuals?
The data extracted by NHS Digital will include full identifiers to support data linkage. The dataset shared with PHE will be pseudonymised, record level data with all patient identifiers removed in line with the Information Commissioner’s Office (ICO) Anonymisation Code of Practice. Individuals will not be identifiable. Data on demographics, ethnicity and gender etc. will allow the assessment of the impact of quality improvement on health inequalities, particular important as CVD contributes to the disparity in health outcomes between rich and poor, accounting for 25% of the total gap in life expectancy. The use of pseudonymisation will allow future linkage of CVDPREVENT to other datasets including Hospital Episode (HES) statistics to give a more complete picture of cardiovascular disease and its progression. Any data linkage will be governed by strict information governance procedures. All requests for linked data will need to be reviewed by the Independent Group for Review of Data Requests (IGARD) and if approved will be updated in the relevant PHE Data Sharing Agreement via the Data Access Request Service (DARS).
When will CVDPREVENT publish regular reports?
Subject to information governance procedures and the data extraction timetable it is anticipated that audit reporting will begin in early 2021.
What will the outputs of the analysis include?
The detail of the analysis and reporting will be agreed by NHS England’s national audit preferred provider and PHE working with an expert reference group but the likely focus will be to understand the variation of detection and management of CVD high risk conditions across different geographical areas; highlight populations whose high-risk conditions are sub-optimally managed, either through non-diagnosis, under treatment or over treatment and assess the impact of the wider CVD prevention quality improvement activity within the NHS Long Term Plan. The analysis and reporting will support systematic quality improvement to reduce health inequalities and improve outcomes for individuals and populations.
Who will be able to have access to any part of the data extract?
NHS Digital will be responsible for assessing and fulfilling the applications for access to any part of the data extract. These applications will only be successful if they pass the appropriate ethical, legal and Information Governance requirements to ensure that data is only shared where it is secure, lawful and appropriate to do so. NHS Digital will do this through the Data Access Request Service (DARS) with advice on requests for data from this collection from the Independent Group Advising on the Release of Data (IGARD) where appropriate.
All data approved for release through DARS and IGARD are subject to robust data sharing agreements between NHS Digital and the Controller requesting the data. More detail on the DARS process, standards and the data sharing agreements used are available here.
More information on NHS Digital’s Directions and Data Provision Notices is available on their website.
FAQs for colleagues working in primary care:
When will data collection start?
The first extraction is scheduled for Autumn 2020 and will include data up to the end of March 2020.
Will there be a burden to general practice?
The data will be extracted without any additional burden to practices. The core principles of CVDPREVENT are that the audit should support professionally led quality improvement, should not impose a data burden on general practice and should facilitate practices to work together across networks.
How does CVDPREVENT align to the wider CVD prevention activity proposed within the new GP contract?
NHS England and NHS Improvement has been working with wider partners to develop a QOF Quality Improvement domain. There will also be a CVD prevention specification as part of the PCN DES for implementation in 2021/22. It is envisaged that CVDPREVENT will provide the necessary measurement and audit mechanisms to support practices and PCNs drive the planned quality improvement activity such as determining local need and directing resources.
Will general practices need to do anything to facilitate the data extraction for CVDPREVENT? Do practices need to opt in?
Yes, practices will be required to opt in or “participate” in order to be included in the extract. This is an established process that practices are familiar with and it is not considered burdensome. An offer of participation will be sent to practices in the CQRS system after a Data Provision Notice (DPN) is published. In line with the DPN, practices will be required to log in to Calculating Quality Reporting Service (CQRS) in order to take a positive action and either accept or reject the offer of participation. A practice can change their participation status if required, so if they initially reject the offer but later decide to participate, the offer can be reissued. There is no new data recording burden on general practice as a result of this extract.
Will CVDPREVENT provide practices with identifiable data for case finding and other quality improvement initiatives?
CVDPREVENT will provide aggregate level reporting at different geographies eg. practices; PCNs; STPs/ICS. Existing and new patient level case finder tools will continue to support local quality improvement activity and local systems will be encouraged to adopt the CVDPREVENT business rule set once it is published – provisionally August 2020. Discussions have also commenced with GPIT Futures to see if there’s potential to mandate the CVDPREVENT business rule set and case finder functionality within existing GPIT systems through template development. This work has been placed on pause temporarily in light of COVID-19 but further updates will be provided as this work progresses.
How will CVDPREVENT affect the patients concerned?
There will be no impact on patients from sharing the data, as no one can be identified from the information shown in our reports.
The National Data Opt-Out does not apply to the submission of data to NHS Digital for this collection as a Data Provision Notice, that will be published, imposes a legal requirement on the participating General Practices once they agree to participate. However, all requests to NHS Digital for dissemination of the submitted data will be handled in accordance with the National Data Opt-Out Policy by the Data Access Request Service (DARS).
Patient online Access Form
Please hand this in to reception and bring a form of photo identification with you.