GDPR for Patients
The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.
The regulation applies from 25 May 2018, and will apply even after the UK leaves the EU.
What will GDPR mean for Patients?
The GDPR sets out the key principles about processing data, for staff or patients;
- Data must be processed lawfully, fairly and transparently
- It must be collected for specific, explicit and legitimate purposes
- It must be limited to what is necessary for the purposes for which it is processed
- Information must be accurate
- Data must be held securely
- It can only be retained for as long as is necessary for the reasons it was collected
There are also stronger rights for the patients regarding the information that practices hold about them. These include;
- Being informed about how their data is used
- Patients to have access to their own data
- Patients can ask to have incorrect information changed
- Restrict how their data is used
- Move their patient data from one health organisation to another
- The right to object to their patient information
GDPR and Crickhowell Group Practice
- what information we collect
- why we need to collect it
- how long we collect it for
- who has access to it
- how we use it
Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Freedom of Information
Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
Access to Records
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint please contact the practice manager who will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from reception.
Putting Things Right Leaflet
Please click here: Putting Things Right to view the information leaflet avaiable from NHS Wales.
For futher links to other formats for this information, please click here.
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.
Guidance on the use of email
At Crickhowell Group Practice we allow patients to contact us via email for any non-urgent communication. We endeavour to reply to all emails within 24 working hours.
As a practice we are limited to what information we can share through email and any personal information required we will have to follow our GDPR guidelines. Alternative methods are available and we would advise you to contact our main reception for more details. To comply with data protection we recommend that you use a private email account and not a family or shared account.
Please note it is the patient’s responsibility to ensure they have correct email settings, to enable a reply to be received in their email inbox. Please be advised that internet email accounts, such as those commonly used by individuals for private purposes, are not secure. Therefore please be aware that there is a risk (however small) of the email being intercepted or ‘hacked’.
Information governance is very important to us and all emails sent to our generic email account are accessed by our trained practice administration team and stored on our secure NHS Wales IT portal
We advise patients that we limit two-way dialogue via email which risks becoming a ‘virtual consultation’ instead we advise you make an appointment to seek further health advice