Great Oakley Medical Centre Practice privacy notice
Great Oakley Medical Centre has a legal duty to explain how we use any personal information we collect about you, as a registered patient, at the practice. Staff at this practice maintain records about your health and the treatment you receive in electronic and paper format.
What information do we collect about you?
We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.
How we will use your information
Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.
In order to comply with its legal obligations, this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Additionally, this practice contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure.
Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the GDPR.
Maintaining confidentiality and accessing your records
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected.
Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including Great Oakley Medical Centre this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.
Your information may be shared if you have received treatment to determine which Clinical Commissioning Group (CCG) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering to opt out online (national data opt-out programme) or if you are unable to do so or do not wish to do so online, by speaking to a member of staff.
In accordance with the NHS Codes of Practice for Records Management, your healthcare records will be retained for 10 years after death, or if a patient emigrates, for 10 years after the date of emigration.
What to do if you have any questions
Contact the practice’s data controller who is Dr Nathan Spencer GP practices are data controllers for the data they hold about their patients
 Write to the data controller at Great Oakley Medical Centre, 1 Barth Close, Great Oakley. NN18 8LU
The Data Protection Officer (DPO) for Great Oakley Medical Centre is
NBV Enterprise Centre
6 David Lane
0115 838 6770
In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’.
Equality and Diversity Policy
Statement on Policies of GreatOakley Medical Centre
Staff and Patients
The Practice is committed to ensuring that, as far as is reasonably practicable,the way in which we provide services to the public and the way in which we treat our staff reflects their individual needs and does not discriminate against individuals or groups on any grounds.
Equality and Diversity
The Practice aims to promote equality and diversity and value the benefits this brings. It is our aim to ensure that all staff feel valued and have a fair and equitable quality of working life.
The Practice is committed to the principles contained in the Human Rights Act. We aim to ensure that our employment policies protect the rights and interests of our staff and ensure that they are treated in a fair, dignified and equitable way when employed at the Practice.
Any Practice policy which impacts on or involves the use and disclosure of personal information (patient or employee) must make reference to and ensure that the content of the policy is comparable with the relevant statutory or legal requirement and ethical standards.
Data Protection Act1998 and the NHS Confidentiality Code of Practice
The Data Protection Act (DPA) provides a framework which governs the processing of information that identifies living individuals.
Processingincludes holding, obtaining, recording, using and disclosing of information andthe Act applies to all forms of media, including paper and images.
Itapplies to confidential patient information but is far wider in its scope, e.g.it also covers personnel records.
The DPA provides a legal gateway and timetable for the disclosure of personal information to the data subject (e.g. Health Record to a patient, personal file to an employee).
Whilst the DPA applies to both patient and employee information, the Confidentiality Code of Practice (COP) applies only to patient information.
The COP incorporates the requirements of the DPA and other relevant legislation together with the recommendations of the Caldicott report and medical ethical considerations, in some cases extending statutory requirements and provides detailed specific guidance.
This Equal Opportunities and Diversity Policy contains the following sections:
3.Recruitment and Selection
ThePractice is committed to equal opportunities and to building a valued workforcewhose diversity reflects our community.
OurEquality and Diversity Policy takes into account all current UK and EU legislation andguidelines, including codes of practice from the Equality and Human RightsCommission.
ThisEquality and Diversity Policy has been written in accordance with current bestpractice and has been updated in line with the Equality Act 2010.
Underthe Equality Act 2010, it is against the law for a company to discriminateagainst anyone on the grounds of colour, age, sex, race / nationality -including citizenship - ethnic or national origins, marital status, civilpartnership, disability, sexual orientation, any religion, or religious orphilosophical belief.
It is also possible for employees to claim for discrimination on a combination of two of these grounds. Similarly if employees discriminate against a colleague or patient, the Practice could be held vicariously liable for their acts, and be responsible for paying the compensation or damages to the victim of the discrimination.
If the Practice can prove that it has done all that was reasonable to prevent the discriminatory acts from occurring then its liability can be reduced or entirely eliminated. Having an equal opportunities policy, and apprising all staff of its existence is one of the things that a reasonable employer should do.
The Practice has the following policies in place which need to be read along with this Equality and Diversity policy:
· Disability policy
· Culture & Religious policy
· Grievance Procedures
· Bullying and Harassment
· Age Discrimination
· Equal Opportunities policy
· Recruitment and Selection Policy
· Training and Development policy
· Dignity at work
· Being Open Policy
· Information Governance Policy i.e.confidentiality / consent
Recruitment and Selection
The Practice has implemented a Recruitment & Selection policy. The objective of this policy is to recruit the best person for a role and outlines the responsibilities of the recruiting managers in complying with legal and locally agreed requirements.
Atevery stage of the recruitment process, Managers will treat all applicantsequally, showing no discrimination on the grounds of their ethnic origin or nationality,disability, gender, gender reassignment, marital status, age, sexualorientation, race, trade union activity or political or religious beliefs.
Applicantswill be selected against criteria based solely on objective, job relatedcriteria and their ability to do the job applied for. The Practice willconsider providing appropriate assistance to ensure equality for all.
Relevanteducational, training and development opportunities are open to all staff andall staff have a personal development plan in place, which must be reviewedannually. Information on education, training and development opportunities iswidely publicised, and attendance monitored for.
Monitoringinformation is gathered periodically to ensure there are no inequalities in opportunitiesfor promotion.
ThePractice has developed a number of ‘Employee Friendly’ Policies and also has inplace Disciplinary, Dignity at Work and Grievance Policies to process employeerelations issues.
Aswith any Practice Policy these are fair and consistent in their manner.Practice policies do not discriminate against anyone on the grounds of colour,age, sex, race / nationality - including citizenship - ethnic or nationalorigins, marital status, civil partnership, disability, sexual orientation, anyreligion, or religious or philosophical belief.
Instancesof harassment under any of the above are treated very seriously and areaddressed under the Dignity at Work and Disciplinary Policies.
ThePractice is committed to developing and maintaining a safe and secureenvironment, for its patients, staff and visitors and has a duty to take allreasonable steps to protect and support its staff.
Violent and abusive behaviour includes bullying and / or harassment of any description.Violent or abusive behaviour by patients, their families, visitors or staff is not tolerated and decisive action will be taken to protect staff, patients and visitors, including combating behaviour contrary to the principles outlined in this Policy on the grounds outlined in the Policy Statement.
Allviolent adverse incidents are reported, investigated and appropriate remedialaction is taken. When a clinical risk/incident is reported, a risk assessmentmay be appropriate to identify the need for change. On-going follow up andreview of progress may also be appropriate.
Confidentiality & Medical Records
We provide a confidential service to everyone, including under 16s. This means that you can tell others about your visit, but we won't.
The only reason why we might have to consider passing on your confidential information, is to protect you or someone else from serious harm.
We would always try to discuss this with you first.
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Freedom of Information
The ICO has published a new Model Publication Scheme that all public authorities are required to adopt by 1st January 2009.
Access to Records
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
Most complaints can be resolved within the practice and letters of complaint should be addressed to the Practice Manager.
If you are dissatisfied with the outcome of the practice investigation, you can contact complaints dept at NHS England, PO Box 16738, Redditch, B97 9PT. 0200311 2233 Monday to friday 8am-6pm excluding Bank Holidays. or email email@example.com
If you feel that local resolution has been exhausted you can contact the Parliamentary and Health Service Ombudsman by telephone on 0345 015 4033 or by email: firstname.lastname@example.org or website: www.ombudsman.org.uk
You can also contact The Care Quality Commission. Log onto: https://www.cqc.org.uk/
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.
We welcome your opinion on the care we provide. If you have an idea onhow we can improve our care, please write to our Practice Manager. We undertake a survey of our patients' views every year and are always happy to show you the results of this.