May 2018: General Data Protection Regulation (GDPR) - Information for Patients
The GDPR is a new EU Regulation and the biggest shake up in Data Protection for 20 years and came into force on 25th May 2018 replacing the Data Protection Act (DPA) 1998
The GDPR strengthens existing data protection law, by providing individuals with more control over their information and takes into account an evolving technological landscape.
Because it is an EU Regulation, UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will still apply.
- The practice handles medical records according to the laws on data protection and confidentiality.
- We share medical records with health professionals who are involved in providing you with care and treatment. This is on a need to know basis and event by event.
- Some of your data is automatically copied to the Shared Care Summary Record/ECS.
- We may/do share some of your data with local out of hours/urgent or emergency services.
- Data about you is used to manage national screening campaigns such as flu, cervical cytology and diabetes prevention.
- Data about you, usually de-identified, is used to manage the NHS and make payments.
- We share information when the law requires us to do so, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable patients.
- Your data is used to check the quality of care provided by the NHS.
- We may also share medical records for medical research.
- The Rookery complies with NHS Retention Periods.
If you are unhappy with the data we retain or who we share it with, please contact the surgery. If you are still dissatisfied then you can contact the Information Commissioners Office helpline Tel: 0303 123 1113 (local rate) or 01625 545745 (national rate).
Download our Privacy Notice if you would like to know more about what information we keep about you, how it is used and how you can gain access to your health records.
The Practice shares your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England). This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.
For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.eadesp.co.uk