General Data Protection Regulation (GDPR)
WHAT IS GDPR?
The General Data Protection Regulation is a new law which determines how your personal data is processed, kept safe and the legal rights that you have in relation to your own data. The Regulation applies from the 25th May 2018. This briefly explains why we collect information about you and how that information may be used.
WHAT IS PERSONAL DATA?
Personal data is information that relates to a single person, such as his/her name, age, medical history, diagnoses, etc.
WHAT IS CONSENT?
The changes to the General Data Protection Regulation mean that we must get explicit permission from an individual when using their data. This is to protect your right to privacy and we may ask you to provide consent to do certain things, such as contact you or record certain information about you in your clinical record. You have the right to withdraw your consent at any time.
HOW WE USE YOUR PERSONAL DATA
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously. These records help to provide you with the best possible healthcare. Records may be held in electronic or manual (written down) format and may include the following information:
- Details about you, such as address and next of kin
- Any contact the Surgery has had with you, such as appointments or visits
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as blood tests or x-rays
- Relevant information from other health professionals, relatives or those who care for you and know you well
To ensure you receive the best possible care your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided, or used for statistical purposes. Where we do this, we take strict measures to ensure individual patients cannot be identified. Sometimes your information may be requested for research purposes, but we will always endeavour to gain your consent before releasing any information.
WE WILL ENDEAVOUR TO ENSURE THAT YOUR DATA IS:
- Processed lawfully, fairly and transparently
- Only collected for specific, explicit and legitimate purposes
- Is limited to what is necessary for the purposes for which is it processed
- Is accurate and kept up to date
- Is held securely
- Is only retained for as long as is necessary for the reason it was collected
HOW DO WE MAINTAIN THE CONFIDENTIALITY OF YOUR RECORDS?
Every member of staff who works for or received information from an NHS organisation has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances or where the law requires us to do so.
We may also have to share your information (subject to strict agreements on how it will be used) with other NHS approved Partner organisations.
HOW TO ACCESS YOUR INFORMATION
You have a right under the Data Protection Act 1988 to access/view what information the Surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as a Subject Access Request. If you would like to make a Subject Access Request, please refer to our "Confidentiality and your Health Records" leaflet on How to Access your Health Records, which is available from Reception.
JUYI Fair Processing Notice
The Fair Processing Notice for JUYI can be found here: www.juyigloucestershire.org/forms
or alternatively by clicking on the following link
Fair Processing Notice