Information Governance (Confidentiality)

Confidentiality

Clinical and administrative staff have access to patient information as well as certain staff employed by the local health authority. All NHS staff have a confidentiality clause their contracts which applies even after employment ends. Your rights are protected by our Policies and Procedures. For more information please contact the Practice Manager.

Data Protection Act 1998 Registration: Z4718569

We will ask for your permission before passing your information on to other NHS agencies. Please find attached the leaflet  ‘How We Use Your Personal Information’ and the 'Privacy Notice for Patients'  below for more details on this and also how to gain access to your records should you require it (see also Access to Medical Records tab above).

How we use your personal information leaflet

     

       

Freedom of Information

The Practice FIO Publication Scheme is available at reception and on the link below which lists the non-confidential information we have readily available under the FOI Act.

Freedom of Information List

Privacy Notice  Privacy Notice to Young Patients

     

        

Controlling your medical records – Opting out of Data Sharing (also known as Type 1 opt-outs)

You may have heard worrying information in the press that your identifiable data will be sold to companies if you don't opt-out by 1st September, that's just not true. This little video explains how your data is used in the NHS for your personal care but how anonymised data about patients is also used in planning services i.e. how many people in Huddersfield have needed heart surgery this year so do we need more Cardiovascular Surgeons? Without anonymous data sharing, we would not be able to plan services for an area to make sure your needs are met.

Research Universities and Charities that do research into developing treatments for cancer may also request anonymous data about the health history of residents of England to help them conduct accurate research.

Data sharing has been very important during the pandemic to know how many people in our area have coronavirus, how many have been vaccinated, how many people are in hospital, and sadly, how many have died. 

GP practices nationwide have for many years, by law, been required to supply patients’ personal and confidential medical information, on a continuous basis, to the NHS.

There have been some reports of fake news around the ‘selling’ of patient data, and this, released by NHS England, which you may find helpful:- 

https://digital.nhs.uk/services/national-data-opt-out/mythbusting-social-media-posts

The bare facts of the information contained in the above link are:-

  • You can opt-out at any time - there is no deadline
  • We only share data to improve health and care
  • Health and care data helps the NHS respond to emergencies like the coronavirus outbreak
  • There are lots of protections in place to make sure patient data is used securely and safely
  • We do not sell health and care data
  • We do not share data with marketing and insurance companies

Under the Health and Social Care Act 2012, GP practices have no choice but to allow NHS Digital to extract this information – it is a legal obligation.   The information will consist of your full (historic) GP record, as well as new information added to it on an ongoing basis.   NHS Digital will become the data controller for that information, will administer the data, and intends to use it for planning health services, commissioning, population health management and for research. This is known as secondary uses of your medical records.

Medical staff treating you in GP surgeries, hospitals, A&E and out-of-hours centres will not use, or be able to use, this database. They have access to all relevant medical information about you in other ways.

Although GP practices cannot object to this information leaving the practice, individual patients and their families can instruct their practice to prohibit the transfer of their personal data, i.e. you have the right to opt-out

Opting out of GPDPR involves registering an objection at the surgery to all secondary uses of your personal identifiable data, where your explicit consent is not being sought beforehand. This is known as a Type 1 opt-out.    You have the right to control how medical information about you is shared,  disseminated or sold, for purposes other than your direct medical care – so-called secondary uses (or purposes).

Secondary uses include projects involved in risk stratification, “population health management”, national clinical audits, research, healthcare planning, commissioning of healthcare services by CCGs, commercial and even political uses.

You can control your personal confidential information by expressing an objection, or opt-out, to your GP surgery, who will then add a special read-code, or electronic flag, to your GP record.    When present in your GP record, the special read code should prevent identifiable information about you being extracted from your GP record, and uploaded to any other organisation, for purposes other than your direct care.

This opt-out should then prohibit extraction and uploading for all of the following secondary uses:

General Practice Data for Planning and Research (GPDPR) extraction

  • Risk stratification schemes
  • National clinical audits (such as the National Diabetes Audit)
  • Extraction of de-identified information about you concerning any eMed3 Statement of Fitness to Work reports (i.e. sick notes), uploaded to NHS Digital, and subsequently passed by NHS Digital to the Department of Work and Pensions
  • All extractions and uploading of identifiable information about you to NHS Digital, for any secondary purpose (so-called GPES extractions)

A Type 1 secondary use objection will in no way affect how healthcare professionals provide you with direct medical care or prevent them from accessing your medical record if and when appropriate, and with your explicit consent. The Opt Out form is available here 

Type 1 Opt out form

You will still need to opt out to prevent secondary processing even if you have already opted out of The Summary Care Record.

You can also express a National Data Opt Out (NDOO) as well and with both the Type 1 and National Data opt-outs in force:

  • No record-level information whatsoever will be uploaded from your GP record to NHS Digital

  • NHS Digital will have no information from your GP record to release, in any format, to any organisation, for any purpose

  • NHS Digital will only continue to hold information extracted from your hospital records, as well as aggregate information (i.e. numbers) from your GP practice

  • NHS Digital will not be able to release any information that clearly identifies you from the information extracted from your hospital records

However, the surgery cannot do the National Data Opt Out for you – this must be done either by accessing the website here:-  Make your choice about sharing data from your health records - NHS (www.nhs.uk)

OR, if you don’t have internet access, the appropriate form is attached here Manage Your Choice - Data Opt-out form.  You must print it off, complete it and post it to the address on the form – do not send this form to the surgery as we are unable to process it for you.

We hope that this information is helpful to you to make an informed decision.

Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website