Northern Moor Medical Practice GDPR Privacy Notice
Northern Moor Medical Practice fully appreciates the importance of protecting and managing your data and maintaining your privacy. To ensure that we comply with these requirements all our data management and clinical processes fully recognise the data protection law in force in the UK (e.g. the Data Protection Act 2018, the Data Protection Act 2018 includes relevant Articles from the EU General Data Protection Regulation (GDPR)
Please read the following information carefully to understand how we process your personal data.
For the purpose of the Data Protection Laws, the Data Controller is Northern Moor Medical Practice who’s address is 216 Wythenshawe Road, Northern Moor, Manchester M23 0PH
When we refer to ‘we’, ‘us’ and ‘our’, we mean Northern Moor Medical Practice
Use of Your Personal Information +
Legal Basis for Processing +
Maintaining the Confidentiality of Your Records +
Partner Organisations +
Access to Personal Information and Your Rights +
National Data Opt-out +
Retention of your Data +
Withdrawal of Consent +
Updating Personal Details +
Mobile and Email Addresses +
Use of Your Personal Information
This privacy notice explains why we collect information about you and how that information may be used.
Our health care professionals who provide you with our services maintain records about your health and any treatment or care you have received previously. These records help to provide our clients with the best possible healthcare.
Your records may exist in several formats including electronic, paper or a mixture of both, and we deploy many working organisations and approaches to ensure that suchinformation is maintained within a confidential and secureenvironment. The records which we could hold about you may include the following information: –
To ensure you receive the highest levels of care, your records will be used to facilitate the care that we provide. Anonymised information held about could, on occasions, be used to help protect the health and wellbeing of the generalpublic and to help us manage our contracts with commissioners. Information could also be used within our organisation for the purposes of clinical audits which in turnwill provide monitoring of the quality of the services we provide.
Some of this information will be used for statistical purposesand we will ensure that individuals cannot be identified. For situations where we may contribute to research projects, wewill always gain your explicit consent before releasing any relevant information.
Legal basis for Processing
Our ability to process your personal and healthcare data is covered by GDPR article 6 and for the processing of personal sensitive data by Article 9(2)h which indicates that processing of data is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.
Maintaining the Confidentiality of Your Records
We will take all possible care to protect your privacy and will only use information collected with the law including: –
Our staff are all trained and briefed in data protection principles and understand they have a legal obligation to keep information about you confidential. They also understand that information about you will only be shared with other parties if there is an agreed need to do so or a legal reason. We will only share your data without your permission if there are very exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the Caldicot Principle 7 e.g. to share or not to share. This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott Principles. Whilst the Caldicott Principles were originally developed for NHS purposes, we have adopted the underlying principles in order to align with best practice.
All personal information that we manage is stored within the UK within a secure environment and we always use suitably protected methods and systems to transfer your personal information.
It may be possible that we will share your information with other organisations, if this is required, we will apply very strong controls. The current organisations who we share data with includes: –
It is noted that the above list is not exhaustive, and we may contract with other external organisations to undertake processing of your personal information. These 3rd party organisations will abide with our stringent contractual conditions regarding the protection of personal data.
In some cases, you will be requested to provide positive consent if we intend to share your personal details with other organisations.
Access to Personal Information and Your Rights
You have a right under the Data Protection Act 2018, torequest access to view or to obtain a copy of what information the organisation holds about you and to have it modified should it be inaccurate. The process to access your records is known as a Subject Assess Request (SAR) and the way it works is outlined below: –
In addition to the right of access, under the Data Protection Act 2018, you will also have the following rights: –
National Data Opt-out
The national data opt-out was introduced on 25 May 2018, enabling patients to Opt–out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-outs.
If you wish to opt-out as part of this process, please contact the practice and we will take the necessary action to add yourname to the Opt-out list
Retention of your data
Your data will be retained for no longer than is absolutely necessary and in accordance with our Documentation Management Lifecycle Policy and the associated Schedule of Retention
Withdrawal of Consent
If you have provided us with consent to process your data for the purpose of providing our services (other than direct care),you have the right to withdraw this at any time. In order to do this should contact us in writing
Updating Personal Details
If any of your details e.g. your name, address or other personal data have changed or are incorrect you have a responsibility to inform the professional treating you who will arrange for the necessary updates to be made. This will help us to ensure that the data we hold about you is accurate and complete.
Mobile Numbers & Email Addresses
If you provide us with your mobile phone number, we may use this to send you reminders about your appointments or other health screening information. Please let us know if you do not wish to receive reminders on your mobile. If you provide us with your email address, we may use this to send you reminders to make an appointment for a review. Please let us know if you do not wish to receive correspondence by email.
The Data Protection Act 2018 requires organisations that control data to register with the Information Commissioners Office (ICO) website www.ico.org.uk
The organisation is registered with the ICO as a Data Controller under the Data Protection Act 2018. The registration number is Z7046375 and can be viewed online in the public register at http://www.ico.gov.uk/
Should you have any concerns about how your information is managed by the Organisation please contact us at: –
Northern Moor Medical Practice
216 Wythenshawe Road, Northern Moor, Manchester M23 0PH
If you are still unhappy following a review by the Organisation you can then complain to the Information Commissioners Office (ICO) via their website www.ico.org.uk
or in writing to: –
Information Commissioner’s Office
If you are happy for your data to be extracted and used for the purposes described in this Privacy Notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact us.