All information held about patients is completely confidential. The Practice is registered under the Data Protection Act 1984. This Act protects data held on the computer system.
CONFIDENTIALITY
In order to ensure that you get the best possible continuity of medical care we keep records of every consultation. Your written records are locked away when the surgery is shut and your computer records can only be accessed via unique passwords. Your records are managed in accordance with the Data Protection Act. All doctors and their staff are governed by strict rules of confidentiality about patient information. No information given to us can be divulged to anyone outside the surgery unless you give us written permission to do so. We cannot give out any information about you to friends, family, partners, employers, police, social services, Benefits Agencies, insurance companies, solicitors etc without your agreement or unless we are legally obliged to do so (e.g. under a Court Order).
Unfortunately, at times this may mean that the receptionist might appear to be withholding information, but they are following the guidelines and are not trying to be obstructive. Your understanding of this matter would be appreciated.
You have a right of access to your own records should you wish to read them and you are also entitled to see any written reports about you before they are sent.
Guide to the General Data Protection Regulation (GDPR)
For More Information - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Or https://ico.org.uk/for-the-public/
Data Protection impact Assessments
At a Glance
- A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project.
- You must do a DPIA for processing that is likely to result in a high risk to individuals. This includes some specified types of processing. You can use our screening checklists to help you decide when to do a DPIA.
- It is also good practice to do a DPIA for any other major project which requires the processing of personal data.
- Your DPIA must:
- describe the nature, scope, context and purposes of the processing;
- assess necessity, proportionality and compliance measures;
- identify and assess risks to individuals; and
- identify any additional measures to mitigate those risks.
- To assess the level of risk, you must consider both the likelihood and the severity of any impact on individuals. High risk could result from either a high probability of some harm, or a lower possibility of serious harm.
- You should consult your data protection officer (if you have one) and, where appropriate, individuals and relevant experts. Any processors may also need to assist you.
- If you identify a high risk that you cannot mitigate, you must consult the ICO before starting the processing.
- If you are processing for law-enforcement purposes, you should read this alongside the Guide to Law Enforcement Processing.
- The ICO will give written advice within eight weeks, or 14 weeks in complex cases. If appropriate, we may issue a formal warning not to process the data, or ban the processing altogether.
For more information please visit https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) went live on 25th May 2018.
At Dr Aru and Partners Surgery, we send you texts and emails to remind you of your appointments, tell you about your normal test results, and invite you to participation groups or self-care initiatives. We feel this is important and part of our job looking after your health, and we take our obligation to manage your information very seriously. We do not and never will share or use your contact details for marketing or commercial purposes. Ever. But if you still feel uncomfortable allowing us to contact you for health purposes, please let our admin staff or your GP know, and we will make sure we respect your wishes.
London Care Record
This practice uses a shared record system called the London Care Record. The London Care Record is a secure view of your health and care information and lets health and care professionals involved in your care see important details about your health when and where they need them. Having a single, secure view of your information helps speed up communication between care professionals across London, improves the safety of care and can save lives.
London Care Record can only be lawfully looked at by staff who are directly involved in your care. Your information isn’t available to anyone who doesn’t need it to provide treatment, care and support to you. Your details are kept safe and won’t be made public, passed on to a third party who is not directly involved in your care, used for advertising or sold. For more information please read the London Care Record privacy notice for South East London here: The London Care Record - South East London ICS (selondonics.org)
Opting out of the London Care Record
You have the right to object to your information being available through London Care Record. Although patients have the right to object and request restrictions on sharing their records, there may be instances where this request will not be upheld due to a clinical need as determined by the direct care giver. Please discuss this with your GP/ health and social care worker and you can find further information in this London Care Record leaflet (EXTERNAL LINK).
For further information and advice about data protection or your right to object to sharing your data you can contact the team at Lewisham and Greenwich Trust who manage the London Care Record for South East London www.lewishamandgreenwich.nhs.uk/london-care-record or you can call 020 3192 6011 and leave your name and number for someone to contact you. Alternatively visit https://www.nhs.uk/using-the-nhs/about-the-nhs/opt-out-of-sharing-your-health-records/
If you have already requested to stop sharing on ConnectCare/Local Care Record in South East London, then you will not have to request this again for London Care Record.