We ask you for personal information so that you can receive appropriate care and treatment. This information is recorded on computer and we are registered under the Data Protection Act.

The practice will ensure that patient confidentiality is maintained at all times by all members of the practice team. However, for the effective functioning of a multi-disciplinary team it is sometimes necessary that medical information about you is shared between members of the practice team.

How we use your medical records

  • This practice handles medical records in line with laws on data protection and confidentiality.
  • We share medical records with those who are involved in providing you with care and treatment.
  • In some circumstances we will also share medical records for medical research, for example, to find out more about why people get ill.
  • We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.
  • You have the right to be given a copy of your medical record.
  • You have the right to object to your medical records being shared with those who provide you with care.
  • You have the right to object to your information being used for medical research and to plan health services.
  • You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office. Please see the practice privacy notice or ask reception for more information about your rights.

Our Promise to You

We will:

  • Always endeavour to maintain patient confidentiality.
  • Not discuss confidential information with colleagues without patient consent (unless it is part of the provision of care).
  • Not discuss confidential information in a location or manner that allows it to be overheard.
  • Handle patient information received from another provider sensitively and confidentially.
  • Not allow confidential information to be visible in public places.
  • Store and dispose of confidential information in accordance with the Data Protection Act 1998 and the Department of Health’s Records Management Code of Practice (Part 2).
  • Not access confidential information about a patient unless it is necessary as part of their work.
  • Not remove confidential information from the premises unless it is necessary to do so to provide treatment to a patient, the appropriate technical safeguards are in place and there is agreement from the information governance lead or Caldicott Guardian.
  • Contact the information governance lead or Caldicott Guardian if there are barriers to maintaining confidentiality.
  • Report any loss, inappropriate storage or incorrect disclosure of confidential information to the information governance lead or Caldicott Guardian.
  • If applicable, document, copy, store and transfer information in the ways agreed with other providers.

Caldicott Principles

  • Justify the purpose for which the information is needed.
  • Only use personally identifiable information when absolutely necessary.
  • Use the minimum personal identifiable information possible – if possible use an identifier number rather than a name.
  • Access to the information should be on a strict need to know basis.
  • Everyone should be aware of his/her responsibilities to respect patients’ confidentiality.
  • Understand and comply with the law. The most relevant legislation is the Data protection Act 1998, the Police & Criminal Evidence Act 1984 and the Human Rights Act 1998.