2 Your Privacy

Northiam & Broad Oak Surgeries Privacy Notices

Our practice has always provided security around your personal information and how it is used to deliver the care and services you need.

All of the data we hold about you is secured in line with legislation and complies with the General Data Protection Regulations (GDPR) which came into force in May 2018.

The data collected about you

Records which this GP Practice will hold or share about you will include the following:

  • Personal Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Special Categories of Personal Data – this term describes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
  • Confidential Patient Information – this term describes information or data relating to their health and other matters disclosed to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence. Including both information ‘given in confidence’ and ‘that which is owed a duty of confidence’. As described in the Confidentiality: NHS code of Practice: Department of Health guidance on confidentiality 2003.
  • Pseudonymised – The process of distinguishing individuals in a dataset by using a unique identifier which does not reveal their ‘real world’ identity.
  • Anonymised –  Data in a form that does not identify individuals and where identification through its combination with other data is not likely to take place
  • Aggregated – Statistical data about several individuals that has been combined to show general trends or values without identifying individuals within the data.

Your rights under GDPR legislation?

Under the General Data Protection Regulations (GPDR), any organisation using your personal data must have your explicit consent.

However, in the legislation GP practices have a legal basis for processing your confidential health data for the provision of your Direct Care and consent is implied by registering with the practice.

In our policies you will find detailed the specific circumstances in which your personal data is used within the Health Service.

Details of the important subsections of the legislation are listed in the following pages.

Your rights to see your information

You have a right to access your medical records and these can be accessed either directly online or in the surgery by appointment (details are in the Patient Registration Pack).

You may give permission to third parties (for example a solicitor or insurance company) to be provided with copies of your records.

Your rights as a Parent or Guardian

In Article 8, the GDPR introduces specific protections for children by limiting their ability to consent to data processing without parental authorisation.

The age of consent in the UK is 16.

What do you need to do?

Please read the following sections detailing how your personal data is managed and used within this practice and the wider health service.

Each section will describe how and why your data is used along with your consent options.

Your right to opt-out of sharing data – National Opt-out scheme/Type 1 Opt-out

The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning.

Registering an opt-out is managed centrally with the National Data Opt-out Scheme or with a Type 1 Opt-out recorded on your medical record. See Privacy Notice for details of how to register an opt-out.

Your opt-out can be changed at any time.

If you wish to discuss your options please make an appointment with reception or call 0300 3035678 for more details.