Privacy notice - the Practice's commitment to Information Governance
Coronavirus (COVID-19) pandemic and your information
The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the COVID-19 pandemic.
The ICO also recognise that 'Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.'
The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a notice under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 requiring organisations such as GP Practices to use your information to help GP Practices and other healthcare organisations to respond to and deal with the COVID-19 pandemic.
Please note that our privacy notice has now been revised and extended by a further notice from 29th July 2020 until 31st March 2021.
In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the COVID-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease. Additionally, the use of your information is now required to support NHS Test and Trace.
Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs. The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 31st March 2021 unless a further extension is required. Any further extension will be will be provided in writing and we will communicate the same to you.
Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.
It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind. If you are concerned about how your information is being used, please contact our DPO using the contact details provided in our Privacy Notice (please see the links below).
How we use your information
This privacy notice explains why we as a Practice collect information about our patients and how we use that information.
Ilkley & Wharfedale Medical Practice manages patient information in accordance with existing laws and with guidance from organisations that govern the provision of healthcare in England such as the Department of Health and the General Medical Council.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- GDPR 2018
- Health and Social Care Act 2012
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality and Information Security
As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018 and GDPR 2018. In practice, this means ensuring that your personal confidential data (PCD) is handled clearly and transparently, and in a reasonably expected way.
The Health and Social Care Act 2012 changed the way that personal confidential data is processed, therefore it is important that our patients are aware of and understand these changes, and that you have an opportunity to object and know how to do so.
Please click on the following links for the practice privacy notices:
Further information about the way in which the NHS uses personal information and your rights in that respect can be found in:
- The NHS Care Record Guarantee: http://www.nigb.nhs.uk/pubs/nhscrg.pdf
- The NHS Constitution: https://www.gov.uk/government/publications/the-nhs-constitution-for-england
- NHS Digital's Guide to Confidentiality in Health & Social Care gives more information on the rules around information sharing: http://content.digital.nhs.uk/article/4979/assuring-information
An independent review of how information about patients is shared across the health and care system led by Dame Fiona Caldicott was conducted in 2012. The report, Information: To share or not to share? The Information Governance Review can be found at: https://www.gov.uk/government/publications/the-information-governance-review
NHS England - Better Data, Informed Commissioning, Driving Improved Outcomes: Clinical Data Sets provides further information about the data flowing within the NHS to support commissioning.
Please visit the NHS Digital website for further information about their work. Information about their responsibility for collecting data from across the health and social care system can be found.
The Information Commissioner's Office is the Regulator for the Data Protection Act 2018 and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information. For further information please visit www.ico.org.uk