How your personal data is cared for at Oakview
As a GP surgery we hold a lot of personal data about our patients and so we are called a ‘data controller’. We take this role very seriously and have a Data Protection Officer (DPO) who is responsible for ensuring we do this safely and within all legal rules and current guidelines.
If you have any questions about this please contact our DPO: Data Protection officer (DPO) - NEL CSU, firstname.lastname@example.org, NEL IG HelpDesk Tel. 03000 428 438
The practice holds medical records confidentially and shares them with appropriate staff who are involved in providing direct care for individual patients. Legally this processing is defined as:
‘Necessary in the exercise of official authority vested in the controller (Article 6(1) (e)’
The practice also has a legal obligation to comply with the Health and Social Care Act 2012 and will send data which is required by NHS digital when the law allows. This may include demographic data, such as date of birth, and information about your health recorded in coded form such as blood pressure and diabetes.
The legal basis for this is: ‘necessary for compliance with a legal obligation to which the controller is subject (Article 6(1) (c)’) or ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment of the management of health or social care systems and services. (Article 9(2)(h)
The practice also contributes to medical research and may send relevant information to medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.
Patients have the right to access their medical record and have any inaccurate data corrected. The circumstances when information can be removed from medical records are extremely rare due to medico-legal reasons. The easiest way to do this is by requesting on line access to your record via our website/reception.
GP records cannot be deleted and are retained until a patient is deceased.
Normally any other request for patient information would be denied unless accompanied by explicit consent of the patient (for example insurance applications and letters to other agencies not directly involved in patient care).
GDPR Regulations May 2018
- As per GDPR recommendations all patients registered with Oakview have the ability to both access their own records and share this access with a third party of their choosing.
- All requests for patient record access should therefore be placed directly with the patient who can if necessary contact the surgery to activate this electronic facility.
- The practice will not be providing paper copies of any records as the electronic records are comprehensive.
- If in the rare event there is a need to view the actual Lloyd George record for historic information arrangements can be made to collect the record for copying by the requestor with a guaranteed return date.