We make every effort to give the best service possible to everyone who attends our practice. However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint, please follow our complaints procedure.
Confidentiality and Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases, anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Access to Records
In accordance with the Data Protection Act 2018 and Access to Health Records Act 1990, patients may request to see their medical records. Such requests should be made to the practice manager, and may be subject to an administration charge.
No information will be released without the patient consent unless we are legally obliged to do so.
Your Data Matters to the NHS
Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments. The NHS is committed to keeping patient information safe and always being clear about how it is used.
How your Data is Used
Information about your individual care such as treatment and diagnoses are collected about you whenever you use health and care services. It is also used to help us and other organisations for research and planning, such as research into new treatments, deciding where to put GP clinics and planning for the number of doctors and nurses in your local hospital.
It is only used in this way when there is a clear legal basis to use the information to help improve health and care for you, your family and future generations.
Wherever possible we try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.
You have a Choice
You do not need to do anything if you are happy about how your information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your mind about your choice at any time.
Will Choosing this Opt-out Affect your Care and Treatment?
No, choosing to opt out will not affect how information is used to support your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.
What do you Need to do?
If you are happy for your confidential patient information to be used for research and planning, you do not need to do anything. To find out more about the benefits of data sharing, how data is protected, or to make/change your opt-out choice, please visit www.nhs.uk/your-nhs-data-matters.
Freedom of Information
Information about the general practitioners and the practice required for disclosure under the Freedom of Information Act 2000 can be made available to the public.
All requests for such information should be made to the practice manager.
Please read about how your information is being used for COVID-19 research.
Please be aware that we may use new providers or suppliers to help us quickly adapt during the outbreak and to continue your care effectively. For example, we may use a new provider for video consultations.
We may not be able to add these to our transparency materials right away, and we apologise for this but please be assured that all of our processors are bound by contract to protect your data.
During COVID-19 we may ask you to send a photograph of your bruise or skin condition that you are concerned about whilst we conduct virtual consultations. This photograph will be used by the clinician to determine any medical treatment necessary and will be added to your medical record.
Please note that as this is sent via email, it may not be secure and we therefore ask that you only include your NHS number alongside your photograph in the email. The photograph should only be of the area requested and no other person should be visible in the shot.
Your practice takes privacy seriously and we want to provide you with information about your rights, who we share your information with and how we keep it secure.
Please use the links below to find more information about the practice and data protection.
- Our Data Protection Videos
- Your Information
- Children and Young People
- What We Do with Your Information
- What Else Do We Use Your Information For?
- Sharing When Required by Law
- Information Rights
- Case Finding and Profiling
- Norfolk Sharing Partners
- Information Technology
- Keeping Your Information Safe
- How Long Do We Keep Your Information?
- Our Use of Telephone Recording
- Norfolk Primary Care Networks
All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice.
The average pay for GPs working at Heacham Group Practice in the last financial year (30th June 2020) was £62,944 before tax and national insurance. This is for 6 partners.
Coronavirus (COVID-19) Pandemic and your Information
The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the Coronavirus (COVID-19) pandemic. The ICO also recognise that ‘public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.’
The government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a notice under Regulation 3(4) of The Health Service (Control of Patient Information) Regulations 2002 requiring organisations such as GP Practices to use your information to help GP Practices and other healthcare organisations to respond to and deal with the COVID-19 pandemic.
In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non-clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the COVID-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease.
Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs.
The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 30th September 2020 unless a further extension is required. Any further extension will be communicated via an update to this privacy notice. Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing. It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this privacy notice.
Heacham Group Practice and Your Information
Heacham Group Practice takes your privacy very seriously.
We are registered with the Information Commissioner as a Data Controller and our registration number is Z8035294.
If you have any questions or wish to make a request in relation to your information, please contact the Data Protection Officer at;
Heacham Group Practice is required to collect, use, store and share information about you, for the purposes of maintaining and intensifying the employment relationship we have with you.
We do not transfer your employee information outside of the UK.
How does Heacham Group Practice collect my information?
We will collect information about you, either directly – when you make an application for a job with us to, or indirectly – through references, occupational health referrals and during the course of your employment with us.
The information we collect will be stored on computer and electronic systems. The information includes Personal Data:
- basic details about you, such as address, date of birth, and next of kin
as well as Sensitive Personal Data, where it is relevant to your employment;
- notes and reports about your health and any disabilities
- information about your home life such as marital status
- Information about criminal records checks – generally, we will only retain the reference number
Heacham Group Practice are permitted to collect, store, use and share this information, where necessary, under the General Data Protection Regulations Article 6 (1) (b) “for the purposes of a contract” and Article 9 (2) (b) “employment purposes” and Data Protection act 2018 Schedule 9 (2) (a) “performance of a contract” and Schedule 10 (2) “in connection with employment”.
How does Heacham Group Practice use my information?
Heacham Group Practice will use your information for your recruitment and employment in the following ways:
- To assess your suitability for the role
- To support the process of recruiting and onboarding you as a member of staff
- To pay you and to keep payroll records
- Administration of Expenses and Leave
- To deliver and maintain records on your training and professional development
- To support secondments or promotions
- To manage your performance
To undertake some of these activities, your information will be shared internally across our teams. We will work to ensure that only the right people have your information and that they are only given the information they need.
Who does Heacham Group Practice share my information with?
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.
Information Access and Rights
Heacham Group Practice works hard to ensure that only the right people have your information and that they are only given the information they need.
- Your information will be shared internally across our teams such as NHS Pensions uses other companies to help us deliver some of our services such as;
- Provision of HR Portal Systems (www.adp.com)
- Shared Network Drive G:Drive Ardens & Greater East Midlands commissioning support group
- Payroll Mapus Smith & Lemmon Accountants
Personal data will never be made available to organisations not involved in your employment or contracted directly by us without letting you know and giving you a chance to object.
We have contracts in place with these organisations that prevent them from using it in any other way that how we tell them to. These contracts also require them to maintain good standards of security to ensure your confidentiality.
Will Heacham Group Practice share without asking me?
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly.
Examples might be:
- Sharing with the police or tax authorities for the detection or prevention of crime
- Where it is in the wider public interest – to keep the public safe for example
- To safeguard children or vulnerable adults
- Because the court has told us we must share.
What are my information rights?
Data protection law provides you with a number of rights that Heacham Group Practice is committed to supporting you with:
Right to Access
You have the right to obtain:
- confirmation that your information is being used, stored or shared by [insert organisation]
- a copy of information held about you
- If you only require a particular part of your record, tell us and this can reduce the time it takes to provide it
- We will respond to your request within one month of receipt or will tell you when it might take longer.
- We are required to validate your identity including the identity of someone making a request on your behalf
Right to Object or Withdraw Consent
We collect, use, store and share your information because we are permitted to by law; in order to deliver your support your employment, but you do have a right to object to us doing this.
When we collect, use, store or share your information based on your consent, you have a right to withdraw that consent at any time.
Our Data Protection Officer will be happy to speak with you about any concerns you have.
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it.
There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time
We will respond to your request within one month of receipt or will tell you when it might take longer.
Right to Portability
You can ask us to send your information to another organisation on your behalf if you wish.
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights visit www.ico.org.uk/for-the-public.
Does Heach Group Practice use profiling or automated decision making?
No Heacham Group Practice does not undertake automatic profiling or automated decision making in relation to your employment information.
Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.
How does Heacham Group Practice protect my information?
Heacham Group Practice are committed to ensuring the security and confidentiality of your information.
There are a number of ways we do this:
- Staff receive regular training about protecting and using personal data
- Policies are in place for staff to follow and are regularly reviewed
- We check that only the minimum amount of data is shared or accessed
- We use controlled access to systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
- We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
- We report and manage incidents to make sure we learn from them and improve
- We put in place contracts that require providers and suppliers to protect your data as well
How long does Heacham Group Practice store my information?
Heacham Group Practice will retain / store your CV / Application form for no more than 7 months if you are unsuccessful. We will keep your personnel record for your 6 Years post-employment date as part of our obligations as an employer. Where items of your record can be removed at an earlier time, or be de-identified, this will happen to ensure that Heacham Group Practice only hold information that is needed.
Summary Care Records
There is a central NHS computer system called the summary care record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had. Over time it will build to include information about other health issues considered important to your wellbeing.
Why Do I Need a Summary Care Record?
Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.
This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.
Who Can See It?
Only healthcare staff involved in your care can see your summary care record.
Do I Have To Have One?
No, it’s not compulsory. If you choose to opt out of the scheme, please let us know.
For further information please visit the HSCIC Website.
The NHS operates a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons.
Violence in this context includes actual or threatened physical violence, or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.