Privacy Notice – Donaghcloney Surgery CIC
Donaghcloney Surgery CIC has a legal duty to explain how we use any personal information we collect about you, as a registered patient at this surgery. As your registered GP Practice, we are the data controller for any personal data that we hold about you. We are committed to maintaining confidentiality and will endeavour to protect your information and use it appropriately and responsibly.
We will collect personal information such as your name, date of birth, address; postcode, next of kin, health and care number. We also collect special category information such as medical history, records of appointments, visits, emails, telephone calls, treatments and medications, results of investigations, supportive care arrangements and any other relevant information to enable us to deliver effective medical care.
Your healthcare records contain information about your health and any treatment or care you have received previously (e.g. from hospital, social services, GP surgery and the like). These records may be electronic and/or paper. We use a combination of technologies and working practice to ensure that we keep your information secure and confidential.
Your data is collected for the purpose of providing direct patient care, however, we share information when the law requires us to do, for instance if we are inspected or reporting certain illnesses or safeguarding vulnerable people. We also share medical records with health professionals who are involved in providing your care and treatment. This is on a need to know basis and event by event. Data about you is used to manage national screening campaigns, such as flu, cervical screening and diabetes prevention. Data about you, usually de-identified is used to manage the NHS and make payments. Your data may also be used to check the quality of care provided by the NHS. We may also share medical records for medical research.
We adhere to the General Data Protection Regulation (GDPR), which came into effect on 25th May 2018. It emphasises transparency, security and accountability by data controllers and processers, in tandem with standardising and strengthening the right of European citizens to privacy of their personal data. We also adhere to the guidance issued by the Information Commissioner’s Office (ICO) and are registered with them.
We use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for.
iGPR manages the reporting process for us by reviewing and responding to requests in accordance with our instructions and all applicable laws, including UK data protection laws.
The instructions we issue to iGPR include general instructions on responding to requests and specific instructions on issues that will require further consultation with the GP responsible for your care.
You have the right not to share your information either in some or all circumstances. Should you wish to do so, please inform your GP or a member of the Practice staff. You have the right to obtain confirmation that your information is being processed and access to this data. In order to do so, please contact the Practice Manager. We rely on you to keep your records up to date, for example, change of address, contact telephone number and the like.
What to do if you have any questions
Ask to speak to the Practice Manager. Tel: 028 3888 1225
Complaints
In the unlikely event that you are unhappy with any element of our data processing methods, you have the right to make a complaint to the ICO. For further details, visit ico.org.uk and select “Raising a concern”.
Changes to our privacy policy
We regularly review our privacy policy; any updates will be displayed in our Practice and on our website.