Your Data

PRIVACY STATEMENT

Banchory Group Practice aims to ensure the highest standard of medical care for our patients.  To do this we keep records about you, your health and the care we have provided or plan to provide to you.

This Privacy Notice does not provide exhaustive details of all aspect of the collection and use of personal information by Banchory Group Practice.  However, we are happy to provide any additional information or explanation needed.  If you wish to request further information please contact the Practice Manager by:

Telephone: 0345 013 0750
Letter: Banchory Group Practice, Bellfield, Banchory, Kincardineshire AB31 5XS
Email:  gram.banchoryadministrator@nhs.scot


How We Use Your Information
In order to provide for your care, we need to collect and keep information about you and your health.  Your information is used to:

• Provide a basis for all health decisions made by care professionals with and for you;
• Make sure your care is safe and effective;
• Work effectively with others providing you with care;
• Send you text notifications to you about appointment reminders, flu clinics, health
promotion information, cancellation of clinics and changes in service provision. (You can opt out of the text notification service at any time by phoning the practice on 0345 013 0750).

We may also use, or share, your information for the following purposes:

• Looking after the health of the general public;
• Making sure that our services can meet patient needs in the future;
• Auditing - Using patient health information to review and improve the quality of healthcare.  Patient identifiable information is only used within the practice. (Patients have the right to request that their health information is not included in audits);

• Preparing statistics on NHS performance and activity (where steps will be taken to ensure
you cannot be identified;

• Investigating concerns, complaints or legal claims;
• Helping staff to review the care they provide to make sure it is of the highest standards;
• Training and educating staff;
• Research approved by the Local Research Ethics Committee.  (If anything to do with the
research would involve you personally, you will be contacted to provide consent).


Disclosure of Information to Other Health and Social Professionals
We work with a number of other NHS and partner agencies to provide healthcare services to you.  Below is a list of organisations that we may share your information with:

Our Partner Organisations:

• NHS hospitals
• Relevant GP Practices
• Dentists, Opticians and Pharmacies
• Private Sector Providers (private hospitals, care homes, hospices, contractors providing
  services to the NHS)
• Voluntary Sector Providers who are directly involved in your care
• Ambulance Service
• Specialist Services
• Health and Social Care staff
• Out of Hours Medical Service
• NHS Scotland

We may also share your information with your consent, and subject to strict sharing protocols, about how it will be used, with:

• Police and Fire Services

Risk Prediction
Risk prediction data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive information.  Information about you is collected from a number of sources in NHS Scotland including this GP Practice.  A risk score is then arrived at through an analysis of your
de-identifiable information by ISD Scotland and is only provided back to your GP’s Data Controller in an identifiable form.  Risk prediction enables your GP to focus on preventing ill health and not just the treatment of illness.  If necessary, your GP may be able to offer you additional services.


PHS Primary Care Intelligence Service (PCIS)
NHS Scotland uses information from GP patient records to help plan and improve health and care services in Scotland.  You have a choice about the information from your GP records being used in this way.  You can opt out from this at any time by contacting the Practice.

For further information of PCIS contact NHS Inform on 0800 22 44 88 or visit the PCIS website.

Participation in research

As a practice, we feel that research is essential for progress in healthcare and is of considerable benefit to individual patients and the public as a whole. We regularly take part in research studies with the help of experienced NHS staff who search medical records for people who might be suitable so that we can write to them asking if they are interested in taking part.

No personal identifiable data is removed from the NHS or provided to any researchers without specific consent from patients.

Patients have the right to opt out of being contacted about research studies. Please let the reception staff or your GP know if you wish to opt out.


Emergency Care Summary (ECS)
Emergency care information such as your name, date of birth, the name of your GP, any medicines which your GP has prescribed, any medicines you are allergic to or react badly to, is shared with Out of Hours as this might be important if you need urgent medical care when the GP surgery is closed.
NHS staff (Doctors, Nurses, Accident and Emergency, Ambulance control and crews) can look at your ECS if they need to treat you when the surgery is closed. They will ask for your consent before they look at your records.
In an emergency and if you are unconscious, staff may look at your ECS without your agreement to let them give you the best possible care.
Whenever NHS staff looks at your ECS, a record will be kept so we can always check who has looked at your information.


Key Information Summary (KIS)
Key information summary (KIS) has been designed to support patients who have complex care needs or long term conditions.
KIS allows important information to be shared with health care professionals, in unscheduled care in the NHS 24, A&E, Scottish Ambulance Service, Out of Hours, hospital and pharmacy environments.
Information contained in KIS summary includes, future care plans, medications, allergies, diagnosis, your wishes, carer and next of kin details.


Online Registration for Booking Appointments and Ordering Repeat Prescriptions
This service allows you to book a routine GP appointment 24 hours a day, cancel appointments no longer needed, check your repeat medication, order repeat prescriptions and make changes to your email and mobile contact number where appropriate.
You will need to register to use this service and can de-register at any time.

eConsult
When you complete an ‘eConsult’ online consultation, the software sends the report directly to us via secure email. Any sensitive personal data inputted by you is then removed from their server, leaving only the name of our practice, the type of consultation, the time of submission of the E-Consult Template and an obscured version of the User’s name, e.g. “Banchory Group Practice, Hay Fever Consultation for S L****** submitted on 24-11-2017 at 22:04:23”.

For more information visit https://banchorygrouppractice.webgp.com/staticLegalContent/privacyPolicy

Mail to Patients
We use a printing company called Docmail to send letters to our patients.  Data sent is encrypted and the Company puts it in a format to print the letter, despatch via Royal Mail, and then delete the information we send.


Scanning/Photocopying

All clinical letters that are received as hard copies are scanned into your medical notes by our Multi-function photocopy machine. An encrypted copy is stored on the hard drive, which cannot be accessed from the device menu or networked PC. Letters that are sent via its ‘scan and send’ function are automatically deleted from the email account on the device when they are sent and are only ever sent to a secure NHSmail account.


Medicine Management
The Practice may conduct Medicines Management Reviews of medications prescribed to its patients.  This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost effective treatments.  This service is provided by our clinicians, our employed Pharmacist and Pharmacists provided by NHS Grampian.


Computer System
This Practice operates a Clinical Computer System on which NHS Staff record information securely.  This information can then be shared with other Clinicians so that everyone caring for you is fully informed about your relevant medical history.

To provide around the clock safe care, unless you have asked us not to, we will make information available to trusted organisations.  Wherever possible, their staff will ask your consent before information is viewed.

We consider patient consent as being the key factor in dealing with your health information.


How We Keep Your Information Confidential and Secure
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 2018, Article 8 of the Human Rights Act, the Common Law of Confidentiality, The General Data Protection Regulation and the NHS Codes of Confidentiality and Security.  Everyone working in, or for the NHS must use personal information in a secure and confidential way.

We will only ever use or pass on your information if there is a genuine need to do so.  We will not disclose information about you to third parties without your permission unless there are exceptional circumstances, such as when the law requires.

To protect your confidentiality, we will not normally disclose any medical information about you over the telephone, or by fax, unless we are sure that we are talking to you.  This means that we will not disclose information to your family, friends, and colleagues about any medical matters at all, unless we know that we have your consent to do so.


Anyone Who Receives Information from us Is Also Under A Legal Duty to Keep It Confidential and Secure
All persons in the Practice sign a confidentiality agreement that explicitly makes clear, their duties in relation to personal health information and the consequences of breaching that duty.

Please be aware that your information will be accessed by non-clinical Practice staff in order to perform tasks enabling the functioning of the Practice.  These are, but not limited to:

• Typing referral letters to Hospital Consultants or allied Health Professionals
• Opening letters from hospitals and Consultants
• Scanning clinical letters, radiology reports and any other documents not available in
electronic  format
• Photocopying or printing documents for referral to Consultants
• Handling, printing, photocopying and postage of medico-legal and life assurance reports and other  associated documents.

Right of Access to Your Health Information
The General Data Protection Regulation allows you to find out what information about you is held on computer and in manual records.  This is known as “right of subject access” and applies to personal information held about you.  If you want to see or receive information that the Practice holds about you:

• You will need to make a request, preferably by completing our form, but you can also do so over the phone.
• There may be a charge for excessive requests for information held about you
• We are required to respond to you within one month
• You will need to give us adequate information (e.g.  full name, address, date of birth, NHS
Number etc, two forms of identification etc.,) to enable us to identify you and provide the
correct information.

Who Else May Ask to Access Your Information

• The Court can insist that we disclose medical records to them;
• Solicitors often ask for medical reports.  We will require your signed consent for us to
disclose information.  We will not normally release details about other people that are contained in your records (e.g. wife, children parents etc.) unless we also have their consent;

• Social Services - The Benefits Agency and others may require medical reports on you from time to time.  We will need your signed consent to provide information to them.

• Life Assurance Companies/Employers/Occupational Health Doctors frequently ask for medical reports on individuals.  These are always accompanied by your signed consent form.

We will only disclose the relevant medical information as per your consent. You have the right, should you request it, to see reports prepared for Insurance Companies, employers or occupational Health doctors before they are sent.

Sharing Your Information without Consent
We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:

• Where there is a serious risk of harm or abuse to you or other people
• Where a serious crime, such as assault, is being investigated or where it could be prevented
• Where we encounter infectious diseases that may endanger the safety of others, such as
meningitis or measles (but not sensitive information such as HIV/AIDS)

• Where a formal Court Order has been issued
• Where there is a legal requirement, e.g. if you had committed a Road Traffic Offence


Changes to This Privacy Notice
We will monitor and improve our policies and GDPR approach as new guidelines become available, and to ensure they are as easy to understand as possible.


Concerns about Sharing Your Information
If you have any concerns about how we use or share your information, or you do not wish us to share your information, please contact the Practice Manager on 0345 013 0750


Complaints
If you have a complaint about how your information is managed at the practice, please contact the Practice Manager.  If you remain unhappy with the Practice’s response, you can complain to the Information Commissioner Office www.ico.gov.uk


Change of Details
It is important that you tell us if any of your details such as your name, address or telephone number has changed or if any of your details such as date of birth is incorrect in order for this to be amended.   You have a responsibility to inform us of any changes so our records are kept accurate and up to date at all times.

-

Information Governance – Data Protection

Back Scanning of Paper GP Records in Banchory Group Practice

 

What is happening and how is my data being used?

Banchory Group Practice are back scanning all GP paper records including the Lloyd George Wallets (LGW) to store them in a digital format.

Personal data and Special categories of personal data

All paper records and LGWs will be scanned which contain your personal data and health data which is recorded in your GP records.

This will include but not limited to your full name, DOB, CHI, address, previous addresses and names, contact details such as telephone numbers and email addresses, NOK & emergency contact name(s) and contact details, details of your family along with potentially family history, social history, health information, imaging and photography, any other data received from other organisations such as NHS Boards, private healthcare, local authority, other health organisations or voluntary organisations.

Data controller         

Banchory Group Practice is the data controller for the data to be digitised.

The scanning of your paper health records will be undertaken by a company called NEC Software Solutions UK Limited (NEC).

NEC are providing a complete end-to-end solution with records being digitised and automatically filed within the GP Practice’s Docman application by suppliers Microtech.

NEC are also supported by other organisations they have contracted with to deliver the end-to-end solution. They use Freight-port as their couriers for transportation of the records from the GP practice to NEC, and they use Shred-it for the secure destruction of the patient records after they have been scanned and instruction provided to NEC by the Practice to destroy the physical records.

The Practice have a signed an Agreement with NEC setting out instructions and standards on how your information is processed by them and their sub-processors.

Personal data which the Practice is data controller for, is retained in the same way as the other medical information we hold about you. Please see our full privacy notice above

 

NHS Inform also provides information how NHS Scotland uses and retains your data; please see the link below:

https://www.nhsinform.scot/care-support-and-rights/health-rights/confidentiality-and-data-protection/how-the-nhs-handles-your-personal-health-information

A specific Information Sharing Agreement has been put in place to document the sharing of personal data by the participating health organisations, including GP Practices. This is supported by a high level Agreement known as the Intra NHS Scotland Information Sharing Accord (2020) which enables participating health organisations share your personal data for specific purposes.

Lawful processing

We assert that it is lawful for us to process your personal data in this way as:

  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;

We assert that it is lawful for us to process special categories of your personal data in this way as:

  • processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards … ;

AND

DPA 2018 Schedule 1 Condition:

2(1) Health & Social Care Purposes

  • processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
  • processing is necessary for the establishment, exercise or defence of legal claims.
  • processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;

Your rights

We respect your rights and preferences in relation to your data. If you wish to update, access, erase, limit, or complain about the use of your information, please let us know by emailing gram.banchoryadministrator@nhs.scot in the first instance and we will consider your questions. You may also wish to contact the Health Board under which your care is being delivered or the Information Commissioner’s Office.

 

 

                                                         



NHS ScotlandThis site is brought to you by My Surgery Website