Use and Protection of Patient Information. Your health record is held by the GP Surgery on a secure computer system called TPP SystmOne. This can if necessary be accessed by a range of NHS and associated care services across the country. You can however control who can access your record as they have to ask your permission first. Please see the links below for further information or ask at the surgery.
TPP Data Sharing
Quick Start Guide for Patients
The General Data Protection Regulation (GDPR) came into force in the UK on 25th May 2018. Under GDPR GP surgeries are ‘data controllers’, registered with Information Commissioners Office (ICO), who oversee data protection law in the UK. GDPR ‘right to be informed’ encompasses the obligation to provide fair processing and transparent use personal data.
In practice this means:
- Telling you about the information we collect, how we use it and who we share it with.
- Assuring you that your data will be safe, kept confidential and used appropriately
- Enabling you to opt out of sharing your data at any time
- Making you aware that you have the right to access your data
For more information click here: How we use your information
Sharing Your information, what you need to know
The following explains why we collect information about you, how that information will be used, how we keep it safe and confidential and what your rights are in relation to this.
- Why we collect information about you
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare and help us to protect your safety.
We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form. The records will include basic details about you, such as your name and address. They will also contain more sensitive information about your health and also information such as outcomes of needs assessments.
- Details we collect about you
The health care professionals who provide you with care, maintain records about your health and any treatment or care you have received previously (e.g. from Hospitals, GP Surgeries, A&E, etc.). These records help to provide you with the best possible healthcare.
Records which this GP Practice will hold about you will include the following:
Details about you, such as your address and next of kin
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you
- How we keep your information confidential and safe
Everyone working for our organisation is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law. The NHS Digital Code of Practice on Confidential Information applies to all NHS staff and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All our staff are expected to make sure information is kept confidential and receive regular training on how to do this.
The health records we use will be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel.
We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
Data Protection Act 2018
- General Data Protection Regulation
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality and Information Security
- Health and Social Care Act 2015
- And all applicable legislation
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.
- How we use your information
Improvements in information technology are also making it possible for us to share data with other healthcare organisations for the purpose of providing you, your family and your community with better care. For example it is possible for healthcare professionals in other services to access your record with your permission when the practice is closed this comes under the powers of the Health and Social Care Act 2015.
- Freedom of Information Act
Freedom of Information Act 2000 - We follow the ICO model publication Scheme for GP Surgeries.
Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the Practice Manager.
- Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:
- NHS Trusts
- Specialist Trusts
- GP Federations
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Social Care Services
- Local Authorities
- Education Services
- Fire and Rescue Services
- Other ‘data processors’
We will never share your information outside of health partner organisations without your explicit consent unless there are exceptional circumstances such as when the health or safety of others is at risk, where the law requires it or to carry out a statutory function.
- Access to your information
Under Data Protection Legislation everybody has the right to see, or have a copy, of data we hold that can identify you, with some exceptions. You do not need to give a reason to see your data. Under special circumstances, some information may be withheld. We may charge a reasonable fee for the administration of the request in certain instances (e.g. where a duplicate copy is requested).
If you wish to have a copy of the information we hold about you, please ask at reception.
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details are incorrect in order for this to be amended. Please inform us of any changes so our records for you are accurate and up to date.
Should you have any data protection questions or concerns, please email our Data Protection Officer: email@example.com or ask at reception.
If you have concerns or are unhappy about any of our services, please contact the Practice Manager.
For independent advice about data protection, privacy and data-sharing issues, you can contact:
The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Phone: 0303 123 1113 Website: www.ico.gov.uk
Sharing Your Information
How Information About You Helps Us To Provide Better Care
Information about you and the care you receive is recorded, stored and shared securely by healthcare staff to support your treatment and care. This is controlled by law and strict rules are in place to protect your privacy.
It is important that the NHS, can use this information to plan and improve services for all patients. We would like to link information from all the different places where you receive care, such as your GP, hospital and community service, to help us provide a full picture. This will allow us to compare the care you received in one area against the care you received in another, so we can see what has worked best.
Information such as your postcode and NHS number, but not your name, will be used to link your records in a secure system, so your identity is protected. Information which does not reveal your identity can then be used by others, such as researchers and those planning health services, to make sure we provide the best care possible for everyone.
How your information is used and shared is controlled by law and strict rules are in place to protect your privacy.
We need to make sure that you know this is happening and the choices you have.
Benefits of sharing information
Sharing information can help improve understanding, locally and nationally, of the most important health needs and the quality of the treatment and care provided by local health services. It may also help researchers by supporting studies that identify patterns in diseases, responses to different treatments and potential solutions.
Information will also help to:
- find more effective ways of preventing, treating and managing illnesses;
- guide local decisions about changes that are needed to respond to the needs of local patients;
- support public health by anticipating risks of particular diseases and conditions, and help us to take action to prevent problems;
- improve the public’s understanding of the outcomes of care, giving them confidence in health and care services; and
- guide decisions about how to manage NHS resources fairly so that they can best support the treatment and management of illness for the benefit of patients.
What will the NHS do with the information?
They will only use the minimum amount of information needed to help improve patient care and the services provided.
They have developed a thorough process that must be followed before any information can be shared. They sometimes release information to approved researchers, if this is allowed under the strict rules in place to protect your privacy. They are very careful with the information and they follow strict rules about how it is stored and used.
They will make sure that the way they use information is in line with the law, national guidance and best practice. Reports that they publish will never identify a particular person.
Do I have a choice?
Yes. You have the right to prevent confidential information about you from being shared or used for any purpose other than providing your care, except in special circumstances. If you do not want information that identifies you to be shared outside your GP practice, other than where necessary by law, (for example, if there is a public health emergency), please visit
You will also be able to restrict the use of information held by other places you receive care, such as hospitals and community services. You should let your GP know if you want to restrict the use of this information.
Your choice will not affect the care you receive.
Do I need to do anything?
If you are happy for your information to be shared you do not need to do anything. There is no form to fill in and nothing to sign and you can change your mind at any time.
If you have concerns or are not happy for your information to be shared, please speak to the practice.
Sharing your data to help identify patients who would benefit from particular case/disease management.
More information about how your information will be shared and protected can be found in the following document. To opt out of sharing for risk stratification purposes you will need to opt out of the Summary Care Record scheme.
Sharing your anonymised data for research
More Information can be found at http://www.cprd.com/memberofpublic/
Please inform the practice if you do not wish for your data to be used for CPRD purposes.