The Practice is working to ensure compliance with the new National Data Sharing For Planning And Research Purposes requirements.
Your health records contain a type of data called confidential patient information. This data can be used to help with research and planning. You can choose to stop your confidential patient information being used for research and planning. You can also make a choice for someone else like your children under the age of 13. Your choice will only apply to the health and care system in England. This does not apply to health or care services accessed in Scotland, Wales or Northern Ireland. For more information about this and how to opt out, please read our privacy notice below or visit digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/transparency-notice
The practice is currently working with East Lancashire CCG to digitise patient records where these still exits in paper format (Lloyd George notes). Please access the document below for more information:
DPIA notification for patients digitisation of Lloyd George notes (DOCX, 14KB)
Introduction
The Data Protection Act 1998 (DPA & subsequent Data Protection Regulations GDPR) requires a clear direction on Policy for security of information within the Practice.
Various policies in the Practice provide direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information.
The following is a Statement of Policy applies:
- The Practice is committed to security of patient and staff records.
- The Practice will display a poster in the waiting room, explaining the practice policy to patients.
- The Practice will make available a brochure on Access to Medical Records and Data Protection for the information of patients.
- The Practice will take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant.This will include training on Confidentiality issues, DPA principles, working security procedures, and the application of Best Practice in the workplace
- The Practice will undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.
- The Practice will maintain a system of “Significant Event Reporting” through a no-blame culture to capture and address incidents which threaten compliance.
- DPA issues will form part of the Practice general procedures for the Management of Risk.
- Specific instructions will be documented within confidentiality and security instructions and will be promoted to all staff.
Our policies relating to GDPR, date security and Freedon of information are available for patients to view below (other policies are in place and these are available in line with our publication scheme upon request):
- Privacy Notice Full (DOCX, 75KB)
- Privacy Notice Easy Read (DOCX, 1.14MB)
- Information Governance Role Responsibilities (DOCX, 52KB)
- Freedom of information publication scheme (DOCX, 48KB)
- National Data Opt out Compendium of uses (DOCX, 87KB)
- Guidance relating to Voice and Video Recordings in Practice (DOCX, 41KB)
- GDPR Data Breach Policy and Procedure (DOCX, 34KB)
- National Data Opt out Data Uses and Disclosures Compendium (DOCX, 87KB)
- Privacy Notice Childrens under 13 (DOCX, 41KB)
- Privacy Notice COVID-19 (DOCX, 48KB)
- Subject Access Requests standard Operating Procedure (DOCX, 205KB)
- Surveillance Technology Policy (DOCX, 55KB)
- Voice and Video Recordings Policy (DOCX, 41KB)