Introduction to GDPR
How We Use your Medical Records
The General Data Protection Regulation (GDPR) aims to give control to individuals over their personal data. Any processor of personal data must clearly disclose any data collection, declare the lawful basis and purpose for data processing, how long data is being retained, and if it is being shared with any third-parties.
On this page and the links below we have tried to include all of the information that you need to know about the data that we keep about you, how you can access it and how you can decide who it is shared with.
There are a number of different NHS schemes involving medical records and we have included information on them all below.
- This practice handles medical records in-line with laws on data protection and confidentiality.
- We share medical records with those who are involved in providing you with care and treatment.
- In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill.
- We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.
- You have the right to be given a copy of your medical record.
- You have the right to object to your medical records being shared with those who provide you with care.
- You have the right to object to your information being used for medical research and to plan health services.
- You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office.
Please see the practice privacy notices below or speak to a member of staff for more information about your rights.
Privacy-notice - National Screening Services
Privacy-notice - Share of Data
Privacy-notice - Provision of healthcare
Privacy-notice - Medical Research
Patient Leaflet How we use your personal health records
Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Freedom of Information
Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
Access to Records
Our Computer System
SystmOne is a computer system that GPs and other people looking after patients can use to record medical information and other relevant information discussed at your time of contact. Not everyone uses this particular system, but many GPs and Community Health services in this area use this system to record patient notes.
What is in my Medical Record?
Your medical record contains notes taken during every consultation you have had with a doctor or nurse at your practice or community service. Your record is also likely to include copies of any letters you have written and notes relating to any phone calls made with the service that you have been in contact with. Your record will also contain copies of letters from other hospitals and departments, including mental health assessments if you have ever had one. The time period covered by your electronic medical record can vary from one GP practice to another, but detailed information extending right the way back into your childhood may be included. All of this information is sometimes known as "Your Detailed Care Record."
How to access your Medical Records – terms used in this section
Data Controller - This is the controller of the data and the system, as defined in the Data Protection Act. In this case the Controller is the GP Partnership.
Data Subject - This is the person whose information is within the system, and who has rights of access as determined under the Act.
Third Party - A person or body other than the Data Subject who requests access, or to whom information may be provided.
Access - Data Subject
The General Data Protection Regulations specify the rights of access of the Data Subject.
All requests for access must be in writing on a Data Access form which will be provided on request.
The form must be fully completed.
A response will be provided as soon as possible and in any event within 28 days. Where an application is declined, a reason will be given. In some circumstances, some parts of your record may be withheld.
Making an Access Request
Upon receipt of a fully completed Data Access form, the practice will transfer the Electronic Health Record, excluding any irrelevant third party information, to an encrypted CD. This will be given directly to the Data Subject to hand deliver to the appropriate recipient.
If the Data Subject has been registered elsewhere, a summary of their history will be included.
Access to your Medical Records Online
It is now possible to access some elements of your medical records online. For more information please click on the Online Services tab on our website.
Choices on how you want us to share your Information
The Enhanced Data Sharing Model
The EDSM is designed to make it easier for patients to have greater control over their own records. By recording two different sharing consents in the patient record, 'sharing in' and 'sharing out', the decision not to share sits with the patient. 'Sharing out' controls the information recorded at the practice that is shared to other organisations. 'Sharing in' controls the information that can be viewed by the practice that has been recorded at another SystmOne organisation. The model works on a patient-by-patient basis, which means that if you move to a different area, you will remain on the EDSM model.
At this practice your GP records are made available for other health care professionals involved in your care to access. We feel this is in your best interest. Please be assured that no one outside of this practice will access your records without your verbal consent each time you are seen.
If you do not wish this to happen then it is important that you contact the practice to let us know.
Summary Care Record
There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.
Why do I need a Summary Care Record?
Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.
This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.
Who can see it?
Only healthcare staff involved in your care can see your Summary Care Record.
How do I know if I have one?
Over half of the population of England now have a Summary Care Record. You can find out whether Summary Care Records have come to your area by looking at our interactive map or by asking your GP
Do I have to have one?
No, it is not compulsory. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery. You can use the form at the foot of this page.
For further information visit the NHS Care records website or HSCIC Website or, alternatively, view the below documents:
FAQs - Electronic Record Sharing
What is a Summary Care Record?
SCRv2 Patient Leaflet.pdf
Information about you and the care you receive is shared, in a secure system, by healthcare staff to support your treatment and care.
It is important that we, the NHS, can use this information to plan and improve services for all patients. We would like to link information from all the different places where you receive care, such as your GP, hospital and community service, to help us provide a full picture. This will allow us to compare the care you received in one area against the care you received in another, so we can see what has worked best.
Information such as your postcode and NHS number, but not your name, will be used to link your records in a secure system, so your identity is protected. Information which does not reveal your identity can then be used by others, such as researchers and those planning health services, to make sure we provide the best care possible for everyone.
You have a choice. If you are happy for your information to be used in this way you do not have to do anything. If you have any concerns or wish to prevent this from happening, please speak to practice staff or download the opt out form below, complete it and return it to the practice
We need to make sure that you know this is happening and the choices you have.
You can find out more on the NHS England Care Data website
What is risk stratification?
There are two kinds of risk stratification:
The first kind is a process for identifying some patients within a Practice who might benefit from extra assessment or support with self-care because of the nature of their health problems. The process is a mixture of analysis of information by computer followed by review of the results by a clinical team at the Practice.
The analysis can, for example, help predict the risk of an unplanned hospital admission so that preventative measures can be taken as early as possible to try and avoid it. In the end, it is the clinical team of the GP Practice that will decide how your care is best managed.
The second kind is a process for identifying patterns of ill health and needs across our local population. This will be done by pulling together all the information in an anonymised file (where your identity has been removed) to look at patterns and trends of illness across Leicester, Leicestershire and Rutland as a whole. This will help our Public Health Department and those in the NHS who are responsible for planning and arranging health services across Leicester, Leicestershire and Rutland (known as commissioners) better understand the current and possible future health needs of the local population. This will help them make provision for the most appropriate health services for the people of this area. This group of staff will not be able to identify you as an individual under any circumstances.
In both cases secure NHS systems and processes will protect your health information and patient confidentiality at all times.
What information about me will be analysed?
The minimum amount of information about you will be used. The information included is:
- GP Practice and Hospital attendances and admissions
- Medications prescribed
- Medical conditions (in code form) and other things that may affect your health such as height, weight for example.
How will my information be kept secure and confidential?
Information from your GP record will be sent via a secure computer connection to a special location called a ‘safe haven’ at NHS Arden and Greater East Midlands Commissioning Support Unit (NHS Arden & GEM CSU) in Leicester This safe haven carries special accreditation from the NHS. It is designed to protect the confidentiality of your information. There are strict controls in place. It enables information to be used in a way that does not identify you. The GP Practice remains in control your information at all times.
Before any analysis starts, any information that could identify you will be removed and replaced by a number. The analysis is done by computer. The results are returned to the GP Practice. Only your GP Practice can see the results in a way that identifies you.
What will my GP Practice do with the analysis?
The results can help the clinical team decide on some aspects of your future care. For example, if the clinical team at the Practice think that you might benefit from a review of your care, they can arrange this. You may then be invited in for an appointment to discuss your health and treatment. If the Practice thinks you might benefit from referral to a new service, this will be discussed with you firstly.
What should I do if I have further questions about risk stratification?
Please ask the Practice staff if you can speak to someone in more detail.
What if I want to opt out?
If you do not wish this to happen then it is important that you let us know by telephone, in writing or by using the contact us tab on our website so that we can mark it on your record.
Health services in Leicester, Leicestershire and Rutland are introducing a new system of sharing medical records between a GP practice and other NHS organisations.
The system will allow the healthcare professional who provide you with care, to view information in your GP medical record. Viewing your record will help to improve the quality of your care and potentially save lives.
Who will be able to view my medical record and what will they use it for?
A qualified healthcare professional who has obtained your consent will be able to view your GP medical record. This will only ever be done for the specific problem you are presenting with. This will allow the clinician assessing you to have faster, easier access to relevant information about you, to help provide you with safer and better care.
Please ask reception for the Practice Business Manager for further details.
What information can be viewed?
- personal information such as name date of birth and gender
- attendances, hospital admission and referral dates
- vaccinations and immunisations
- test results, including measurements such as blood pressure
- diagnoses (current and post problems)
- treatment and medical procedures
What will happen when the healthcare professionals want to view my GP medical record?
You will be asked directly to give your explicit consent, at the point of contact, for your GP medical record to be viewed. You can say yes or no; the Consultant/Doctor will only view your record if you say yes.
You will be asked beforehand for permission by the assessing healthcare professional each time your medical record is viewed. Your healthcare professional is only viewing your record. They are not downloading and storing any of your data. This means that when they close your record it is no longer accessible outside of your surgery.
If you are unable to give consent, for example if you are unconscious and it is deemed to be vital for your survival, then a healthcare professional may view your GP medical record in order to be able to provide appropriate care for you.
If I give permission to view my GP medical record, how long does this permission last?
Your GP medical record will only be viewed while you are currently being treated. When you are discharged back to the care of your GP, electronic access to your medical record will stop until someone asks you again.
Can I refuse to allow my GP to share my medical record?
If you are concerned about sharing your GP medical record you can opt out of allowing it to be shared. If you do not wish for your information, or even part of it, to leave your GP practice clinical system then please ask at the surgery reception for the Practice Business Manager who will be able to arrange this for you.
Can I change my mind?
Yes you can change your mind about opting-in or opting-out at any time by asking to speak to the Practice Business Manager.
How will my information be kept secure and confidential?
A secure system will be used to allow access to your GP Practice System by another organisation. All organisations involved must sign an Agreement to confirm that they will adhere to the strict controls in place around the computer system itself and around any staff who are allowed to access the system. Everyone working for the NHS has a legal and contractual duty to keep information about you secure and confidential.
How can I find out who has viewed my GP medical record?
Every time your GP record is accessed by another organisation, a message is sent back to your GP Practice system and stored in an audit log
Is there a danger someone else could hack into my record or that my information could be lost?
The NHS has the strongest security measures available and there is strong protection to prevent any information from being accessed without permission. As the organisations are only viewing your record, it is not possible for them to delete any information or for it to be lost.
For further information
Please see our leaflet “How we use your medical records. It explains how you can access your own health records, how you can get further information and what to do if you have any concerns about your information.
For further information you can discuss the sharing of your medical records with your GP or you can contact the NHS Leicester, Leicestershire and Rutland IM&T Strategic Projects Team on the following should require more detail; Tel: 0116 295 0756 Email: firstname.lastname@example.org.
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint please contact the practice manager who will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from reception.
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.