Your Data


Banchory Group Practice aims to ensure the highest standard of medical care for our patients.  To do this we keep records about you, your health and the care we have provided or plan to provide to you.

This Privacy Notice does not provide exhaustive details of all aspect of the collection and use of personal information by Banchory Group Practice.  However, we are happy to provide any additional information or explanation needed.  If you wish to request further information please contact the Practice Manager by:

Telephone: 0345 013 0750
Letter: Banchory Group Practice, Bellfield, Banchory, Kincardineshire AB31 5XS

How We Use Your Information
In order to provide for your care, we need to collect and keep information about you and your health.  Your information is used to:

• Provide a basis for all health decisions made by care professionals with and for you;
• Make sure your care is safe and effective;
• Work effectively with others providing you with care;
• Send you text notifications to you about appointment reminders, flu clinics, health
promotion information, cancellation of clinics and changes in service provision. (You can opt out of the text notification service at any time by phoning the practice on 0345 013 0750).

We may also use, or share, your information for the following purposes:

• Looking after the health of the general public;
• Making sure that our services can meet patient needs in the future;
• Auditing - Using patient health information to review and improve the quality of healthcare.  Patient identifiable information is only used within the practice. (Patients have the right to request that their health information is not included in audits);

• Preparing statistics on NHS performance and activity (where steps will be taken to ensure
you cannot be identified;

• Investigating concerns, complaints or legal claims;
• Helping staff to review the care they provide to make sure it is of the highest standards;
• Training and educating staff;
• Research approved by the Local Research Ethics Committee.  (If anything to do with the
research would involve you personally, you will be contacted to provide consent).

Disclosure of Information to Other Health and Social Professionals
We work with a number of other NHS and partner agencies to provide healthcare services to you.  Below is a list of organisations that we may share your information with:

Our Partner Organisations:

• NHS hospitals
• Relevant GP Practices
• Dentists, Opticians and Pharmacies
• Private Sector Providers (private hospitals, care homes, hospices, contractors providing
  services to the NHS)
• Voluntary Sector Providers who are directly involved in your care
• Ambulance Service
• Specialist Services
• Health and Social Care staff
• Out of Hours Medical Service
• NHS Scotland

We may also share your information with your consent, and subject to strict sharing protocols, about how it will be used, with:

• Police and Fire Services

Risk Prediction
Risk prediction data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive information.  Information about you is collected from a number of sources in NHS Scotland including this GP Practice.  A risk score is then arrived at through an analysis of your
de-identifiable information by ISD Scotland and is only provided back to your GP’s Data Controller in an identifiable form.  Risk prediction enables your GP to focus on preventing ill health and not just the treatment of illness.  If necessary, your GP may be able to offer you additional services.

Scottish Primary Care Information Resource (SPIRE)
NHS Scotland uses information from GP patient records to help plan and improve health and care services in Scotland.  You have a choice about the information from your GP records being used in this way.  You can opt out from this at any time by contacting the Practice.

For further information of SPIRE contact NHS Inform on 0800 22 44 88 or visit

Participation in research

As a practice, we feel that research is essential for progress in healthcare and is of considerable benefit to individual patients and the public as a whole. We regularly take part in research studies with the help of experienced NHS staff who search medical records for people who might be suitable so that we can write to them asking if they are interested in taking part.

No personal identifiable data is removed from the NHS or provided to any researchers without specific consent from patients.

Patients have the right to opt out of being contacted about research studies. Please let the reception staff or your GP know if you wish to opt out.

Emergency Care Summary (ECS)
Emergency care information such as your name, date of birth, the name of your GP, any medicines which your GP has prescribed, any medicines you are allergic to or react badly to, is shared with Out of Hours as this might be important if you need urgent medical care when the GP surgery is closed.
NHS staff (Doctors, Nurses, Accident and Emergency, Ambulance control and crews) can look at your ECS if they need to treat you when the surgery is closed. They will ask for your consent before they look at your records.
In an emergency and if you are unconscious, staff may look at your ECS without your agreement to let them give you the best possible care.
Whenever NHS staff looks at your ECS, a record will be kept so we can always check who has looked at your information.

Key Information Summary (KIS)
Key information summary (KIS) has been designed to support patients who have complex care needs or long term conditions.
KIS allows important information to be shared with health care professionals, with your consent, in unscheduled care in the NHS 24, A&E, Scottish Ambulance Service, Out of Hours, hospital and pharmacy environments.
Information contained in KIS summary includes, future care plans, medications, allergies, diagnosis, your wishes, carer and next of kin details.

Online Registration for Booking Appointments and Ordering Repeat Prescriptions
This service allows you to book a routine GP appointment 24 hours a day, cancel appointments no longer needed, check your repeat medication, order repeat prescriptions and make changes to your email and mobile contact number where appropriate.
You will need to register to use this service and can de-register at any time.

When you complete an ‘eConsult’ online consultation, the software sends the report directly to us via secure email. Any sensitive personal data inputted by you is then removed from their server, leaving only the name of our practice, the type of consultation, the time of submission of the E-Consult Template and an obscured version of the User’s name, e.g. “Banchory Group Practice, Hay Fever Consultation for S L****** submitted on 24-11-2017 at 22:04:23”.

For more information visit

Mail to Patients
We use a printing company called Docmail to send letters to our patients.  Data sent is encrypted and the Company puts it in a format to print the letter, despatch via Royal Mail, and then delete the information we send.


All clinical letters that are received as hard copies are scanned into your medical notes by our Multi-function photocopy machine. An encrypted copy is stored on the hard drive, which cannot be accessed from the device menu or networked PC. Letters that are sent via its ‘scan and send’ function are automatically deleted from the email account on the device when they are sent and are only ever sent to a secure NHSmail account.

Medicine Management
The Practice may conduct Medicines Management Reviews of medications prescribed to its patients.  This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost effective treatments.  This service is provided by our clinicians, our employed Pharmacist and Pharmacists provided by NHS Grampian.

Computer System
This Practice operates a Clinical Computer System on which NHS Staff record information securely.  This information can then be shared with other Clinicians so that everyone caring for you is fully informed about your relevant medical history.

To provide around the clock safe care, unless you have asked us not to, we will make information available to trusted organisations.  Wherever possible, their staff will ask your consent before information is viewed.

We consider patient consent as being the key factor in dealing with your health information.

How We Keep Your Information Confidential and Secure
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 2018, Article 8 of the Human Rights Act, the Common Law of Confidentiality, The General Data Protection Regulation and the NHS Codes of Confidentiality and Security.  Everyone working in, or for the NHS must use personal information in a secure and confidential way.

We will only ever use or pass on your information if there is a genuine need to do so.  We will not disclose information about you to third parties without your permission unless there are exceptional circumstances, such as when the law requires.

To protect your confidentiality, we will not normally disclose any medical information about you over the telephone, or by fax, unless we are sure that we are talking to you.  This means that we will not disclose information to your family, friends, and colleagues about any medical matters at all, unless we know that we have your consent to do so.

Anyone Who Receives Information from us Is Also Under A Legal Duty to Keep It Confidential and Secure
All persons in the Practice sign a confidentiality agreement that explicitly makes clear, their duties in relation to personal health information and the consequences of breaching that duty.

Please be aware that your information will be accessed by non-clinical Practice staff in order to perform tasks enabling the functioning of the Practice.  These are, but not limited to:

• Typing referral letters to Hospital Consultants or allied Health Professionals
• Opening letters from hospitals and Consultants
• Scanning clinical letters, radiology reports and any other documents not available in
electronic  format
• Photocopying or printing documents for referral to Consultants
• Handling, printing, photocopying and postage of medico-legal and life assurance reports and other  associated documents.

Right of Access to Your Health Information
The General Data Protection Regulation allows you to find out what information about you is held on computer and in manual records.  This is known as “right of subject access” and applies to personal information held about you.  If you want to see or receive information that the Practice holds about you:

• You will need to make a request, preferably by completing our form, but you can also do so over the phone.
• There may be a charge for excessive requests for information held about you
• We are required to respond to you within one month
• You will need to give us adequate information (e.g.  full name, address, date of birth, NHS
Number etc, two forms of identification etc.,) to enable us to identify you and provide the
correct information.

Who Else May Ask to Access Your Information

• The Court can insist that we disclose medical records to them;
• Solicitors often ask for medical reports.  We will require your signed consent for us to
disclose information.  We will not normally release details about other people that are contained in your records (e.g. wife, children parents etc.) unless we also have their consent;

• Social Services - The Benefits Agency and others may require medical reports on you from time to time.  We will need your signed consent to provide information to them.

• Life Assurance Companies/Employers/Occupational Health Doctors frequently ask for medical reports on individuals.  These are always accompanied by your signed consent form.

We will only disclose the relevant medical information as per your consent. You have the right, should you request it, to see reports prepared for Insurance Companies, employers or occupational Health doctors before they are sent.

Sharing Your Information without Consent
We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:

• Where there is a serious risk of harm or abuse to you or other people
• Where a serious crime, such as assault, is being investigated or where it could be prevented
• Where we encounter infectious diseases that may endanger the safety of others, such as
meningitis or measles (but not sensitive information such as HIV/AIDS)

• Where a formal Court Order has been issued
• Where there is a legal requirement, e.g. if you had committed a Road Traffic Offence

Changes to This Privacy Notice
We will monitor and improve our policies and GDPR approach as new guidelines become available, and to ensure they are as easy to understand as possible.

Concerns about Sharing Your Information
If you have any concerns about how we use or share your information, or you do not wish us to share your information, please contact the Practice Manager on 0345 013 0750

If you have a complaint about how your information is managed at the practice, please contact the Practice Manager.  If you remain unhappy with the Practice’s response, you can complain to the Information Commissioner Office

Change of Details
It is important that you tell us if any of your details such as your name, address or telephone number has changed or if any of your details such as date of birth is incorrect in order for this to be amended.   You have a responsibility to inform us of any changes so our records are kept accurate and up to date at all times.

NHS ScotlandThis site is brought to you by My Surgery Website