GDPR, Your Medical Records, Data Sharing Schemes
On 25th May 2018, new data protection regulations were introduced. Keeping your data safe and secure is our top priority. The changes haven't altered the way we use and protect your personal information, but it will have made it easier for you to find out how we use it.
The surgery has produced 'Privacy Notices' to give you more information on how we use your information. This is available here:
A poster is also displayed in the reception waiting areas of both surgeries.
If you want to make a request to access your medical record, please fill in a Subject Access Request form and return it to the surgery:
To help us ensure we are keeping your information safe, we will now need your name, DOB and address before you can collect any document or prescription from the surgery.
Please also make sure we have your up-to-date contact details
Summary Care Record
The Summary Care Record (SCR) is an electronic record of important patient information, created from GP medical records. It can be seen and used by authorised staff in other areas of the health and care system involved in the your direct care.
Your Summary Care Record is a short summary of your GP medical records. It tells other health and care staff who care for you about the medicines you take and your allergies (and if you consent, to other aspects about your health). This means they can give you better care if you need health care to be given to you by someone other than our surgery. It can therefore be useful:
- in an emergency
- when you're on holiday
- when our surgery is closed
- at out-patient clinics
- when you visit a pharmacy
Your information will be extracted from practices such as ours and held on central NHS databases.
As with all new systems there are pros and cons to think about. Access to SCR will ensure medical staff have accurate information about your medical history and needs - this could be useful in case you were to overlook something when talking to them, or weren't sure of details about part of your medical history.
On the other hand, you may have strong views about sharing your personal information and you may prefer that only members of our practice team have access to it. It has been agreed that all new patients registering with this practice should be able to decide whether or not their information is uploaded to the Central NHS Computer System.
For existing patients it is different - it is assumed that you want your record uploaded to the Central NHS Computer System unless you actively opt out.
If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery.
Local data sharing scheme " My Care Record"
My Care Record allows health and care professionals working directly with you to access your medical and social care information.
Patient information and care records are usually made available through traditional methods such as secure post, fax or email. This can be slow and, at times, unreliable, and possibly prolong diagnosis and treatment.
My Care Record is accessed via secure but different health and care computer systems from different partner organisations. The information is requested from the original system and relayed to the health or care professional treating you.
By making your information available across the health and care system, your GP practice, hospital team or community nurse will be able to see the most up-to-date, accurate information about you.
This will lead to:
- Better co-ordinated and seamless care
- Quicker diagnosis and treatment
- More time to spend on clinical care
- Less paperwork and less repetition
- Fewer unnecessary clinical tests
- More accurate prescriptions
- Safe and secure decision-making
My Care Record will only be used by professionals involved in your care. The Government or external organisations such as insurance companies will not have access to your information via My Care Record.
My Care Record has been reviewed in line with legislation, including General Data Protection Regulations (GDPR). Full details on how My Care Record manage your information is available on their website www.mycarerecord.org.uk
Please visit www.mycarerecord.org.uk for more information including details of where My Care Record is in operation, the organisations taking part and answers to frequently asked questions.
You can opt out of this at any time. If you DO NOT want to be included in My Care Record, please fill out this form and present or send it to the surgery with proof of ID:
If you have previously objected but now wish to be included in My Care Record, please complete this form and bring it to the surgery with proof of ID:
Surgery Data Protection Policy
National Data Opt Out Scheme and Type 1 Opt out
NHS Digital launched the National Data Opt Out on 25th May 2018, to coincide with the EU GDPR. www.nhs.uk/your-nhs-data-matters
They have produced a brief fact sheet about it : Your data matters patient leaflet
What is the National Data Opt Out (NDOO)?
The NDOO is a mechanism by which individuals in England can control, to a limited degree, certain aspects of their confidential medical information and, in particular, what NHS Digital can do with it once in their possession.
The NDOO only applies to confidential information, that is medical information that can identify you, for example by containing your name, DOB, address, NHS number etc.
And the NDOO only applies to uses of your confidential medical information for secondary purposes, that is unrelated to, and beyond, the direct medical care that GP surgeries and other healthcare organisations provide you with when you are unwell, or to keep you well. Secondary purposes include healthcare planning, audit, population analytics, “risk stratification”, research, "commissioning", commercial and even political uses.
The NDOO is not limited to electronic data and so includes paper records. It simply replaces the Type 2 (9Nu4) opt-out that has been in force for some years, and which you were able to express, together with the Type 1 (9Nu0) objection, via your GP surgery.
A Type 1 (9Nu0) opt-out prohibits data (confidential and, in some cases, de-identified) from being extracted and uploaded from your GP record to NHS Digital. The NDDO allows data to be extracted from your GP record to NHS Digital, but put limits on the ways NHS Digital can then use your data.
If I set, or keep, my NDOO status at “do not allow”, what will this mean?
- Confidential medical information obtained by NHS Digital from GP surgeries, hospital trusts, mental health providers and social care, will not be released or disseminated by them in a format that can identify you.
- In addition, and in time, the NDOO will prohibit certain data extractions from your GP record, where this involves confidential medical information, such as where your permission or consent has not been sought before your data was released (so-called section 251 approval).
- The NDOO will, eventually, prevent confidential medical information leaving the Cancer Registry, certain other disease registries, the Clinical Practice Research Datalink (CPRD); and
- By 2020, hospitals and other healthcare providers.
What will the NDOO/Type 1 objection NOT do?
- They will in no way affect the sharing of information for the purposes of an individual’s care and treatment, e.g. where information is shared between a GP surgery and a hospital. It will not stop your GP using the Electronic Referral Service (eRS), the Electronic Prescription Service (EPS), or GP2GP transfers of medical records.
- They will in no way affect the National Summary Care Record (SCR). You can opt-out of the SCR via the surgery or links above
- They will in no way affect any local shared care record project or scheme, such as My Care record. You can opt-out of this via the surgery or form above.
- They will in no way prevent you from registering for secure online access to your GP record (Patient Online), so that you can book appointments, request repeat medication and view/download your GP medical record.
- They will in no way affect situations where the surgery, or other healthcare organisation, is legally required to share your information (such as a court order or when mandated under section 259 of the Health and Social Care Act – but see later).
- They will in no way affect you being invited, when appropriate, for any of the National Screening Programmes, such as cervical/breast/bowel/abdominal aortic aneurysm/diabetic eye screening. You can opt-out of these separately, if you wish.
- They will in no way stop information being provided to the National Disease/Cancer Registries (run by Public Health England). You can opt-out of this separately, if you wish.
- They will in no way affect situations where the surgery, or any other healthcare organisation, shares data in an anonymised or aggregate (numbers only) format, in other words where that data cannot identify an individual. Such as "open data".
The NDOO will not stop:
- Commercial sales of hospital data (HES) by NHS Digital
- Lifelong linked medical histories being disseminated by NHS Digital
- Onwards release of data by non-NHS bodies (once provided with your information by NHS Digital)
What about Research?
The NDOO/Type 1 objection will in no way prevent you from taking part in accredited medical research, at your GP surgery/local hospital/other health organisation, where you have given your explicit consent to be involved (i.e. you have been asked first).
They will in no way prevent you from:
- Giving blood
- Joining the NHS Organ Donor Register
- Signing up to the Anthony Nolan register to donate your blood stem cells or bone marrow
- Donating your DNA for medical research - with your permission
- “Donating your Data” for medical research - with your permission
- Contributing to UK Biobank - with your permission
- Joining the 100K Genomes project - with your permission
- Taking part in clinical drug trials
- Joining dementia research
- Donating your brain for medical research - with your permission
- Donating your body to medical science after your death
- Making a living donation (e.g. kidney, liver or bone)
- Donating your hair (to make a real wig for children/young adults)
- Giving money (in a tax-efficient way) to any medical charity of your choosing
- Being contacted by your GP to invite you to take part in any research
- Granting researchers access to your medical records, or information extracted from your medical records - with your permission
The National Data Opt Out doesn't stop you contributing to any research where you are asked first.
It only stops the use of your confidential medical information where you are not asked before your data is taken and used.
Will the NDOO stop my confidential GP information being uploaded to NHS Digital in the first place?
NHS Digital does not rely upon section 251 approval (anymore) for data gathering, preferring instead to make such data collections compulsory under section 259 of the Health and Social Care Act.
However, the existing secondary uses, Type 1 (9Nu0), opt-out that many people have in force on their GP record will prohibit data (confidential and, in some cases, de-identified) from being extracted and uploaded from your GP record to NHS Digital.
In addition, the Type 1 opt-out will also prohibit section 251 approved data extractions, for example for “risk stratification”, as well as the mandatory section 259 extractions.
So how do I maximally limit secondary uses of my medical records, beyond my direct medical care, should I wish to?
- Set your NDOO status to “do not allow”, see later for how to do this, and
- Make sure you have a secondary uses, Type 1 (9Nu0) objection in force on your GP record – do this via the surgery or via Universal opt out form below.
What about preventing NHS Digital releasing or disseminating anonymised and pseudonymised data about me?
You cannot – directly. And you have no control over why they are doing this, for what purpose(s), and to which organisation they are releasing your information to.
But you can limit how much information NHS Digital gathers about you from healthcare organisations, by maximally limiting the secondary uses of your medical records, as described above.
So how do I set, check, or update my National Data Opt Out status?
If you had previously requested a Type 2 objection to be in force, via the surgery, then this will have automatically have set your NDOO status to “do not allow”. You should have received a letter from NHS Digital, confirming this, in due course. Any children aged 13yrs or over will have received their own letter as well.
It is no longer possible to directly view, set or change your NDOO status at your GP surgery.
Anyone aged 13yrs or over can set their NDOO status via an online service at www.nhs.uk/your-nhs-data-matters
To opt out of Summary Care Record, My Care Record or for a Type 1 opt out, please complete our universal opt out form and return to the surgery: