Practice Policies & Patient Information
Annual Infection Prevention and Control Statement
The practice undertakes an annual infection prevention and control review. The latest version of which can be found below;
Purpose
This annual statement will be generated each year in September in accordance with the requirements of Health and Social Care ACT 2008 Code of Practice on the prevention and controls of infections and related guidance. Our report will be published on the Practice website and will include the following.
- Any infection transmission incidents and any action taken. These will be reported in line with our significant event polic. (Learning logs)
- Details of any infection control audits and action plans with action undertaken.
- Details of any risk assessments carried out.
- Details of staff training.
- Details of any updated policies, procedures, and guidance.
infection Prevention and Control Leads
- Sue Belton (Healthcare Team Manager)
- Jacq Moon (Deputy Healthcare Team Manager)
- Sarah Poole (Deputy Healthcare Team Manager)
Infection Prevention and control incidents
Significant events involve examples of good practice as well as challenging events.
Incidents are reported to Sue Belton via our Practice Manager (Hayley Wilkinson). They are then reviewed at our clinical meetings or senior management meetings. Any shared learning will be shared with the practice staff.
In the past year, there have been no significant events relating to infection control. There have been no complaints made regarding cleanliness or infection control. We have had no outbreaks of infections.
Infection Prevention audit and action
Our last practice audit was carried out by Sue Bagshaw from the infection Prevention & Control Team on 4th August 2022 which resulted in us being scored at 96.25% and the list of action is below:
- Repainting required to damaged walls
- Sharps bin temporary mechanism not in place in some sharps bins
- Some dust to high rails above couch curtains, and ventilation grill.
- One box of dressings found to be out of date
- Baby changing mat stained
- Debris in mop bucket
All of the above actions have all been completed. We aim to carry out another audit 2024.
Risk assessments
Risk assessments are carried out so that best practice can be established and then followed.
In the last year the following risk assessments were carried out/reviewed:
1. Legionella (Water) Risk Assessment: The University of Nottingham conducts its water safety risk assessment to ensure that the water supply does not pose a risk to paƟents, visitors or staff. Water testing is currently undertaken monthly by a member of the university team.
2. Sharps Management for clinical staff – Safe handling of sharps bins, spot checks carried out 17/08/23. Next due August 2024. These will be carried out by the IPC lead.
3. Anenta carry out annual audit of clinical waste procedures. We have passed this inspection.
Finding was that waste bins not labelled. This has since been actioned.
4. University Cleaning company standard of cleaning – Quarterly spot checks carried out by IPC Management and University cleaning company. Last carried out 20/05/24
5. Cleaning schedules completed daily/weekly by cleaning staff, clinical staff and non-clinical staff.
6. All new members of staff have an induction upon starting and conduct IPC training before seeing patients. Recently we have had 2 new members of staff join the healthcare team.
They have been updated on infection control policies and assessed on infection control in relation to aseptic technique when dealing with patients that have wounds. This is
documented in their competency booklets.
7. Protective equipment is also checked on a weekly basis to ensure that all rooms have handwashing equipment, aprons, and gloves.
In the next year the following risk assessments will be reviewed
- Hand hygiene audit – Audit to be carried out by IPC leads Sue Belton, Sarah Poole, Jacq Moon
- External cleaning company standards of cleaning – Audit to be carried out by Management and the University Cleaning Company
- Clinical waste audit, correct of clinical waste bags and sharps bins – Audit will be carried out by IPC leads Sue Belton, Sarah Poole, Jacq Moon
- Audit of IPC training for all staff – Audit to be carried out by Sarah Poole
Staff training
- Each staff member is required to complete Infection control training for Clinical/Non-Clinical depending on their role. This is via Teamnet and it is part of our mandatory training. 100% of the healthcare team have completed their online Teamnet training.
- Practical hand washing training using glo and tell equipment is performed every two years
- IPC training is also available online from the Primary Care Development Centre
Policies and procedures
- All Infection Prevent and Control related policies are in date for this year. Infection Prevention policies next due for review February 2025.
- IPC guidance NHS cleaning standards 2021 – B0271-national-standards-of-healthcare-cleanliness-2021.pdf (england.nhs.uk)
- Policies relating to Infection Prevention and Control are available to all staff and are reviewed and updated annually, and all are amended on an on-going basis as current advice, guidance, and legislation changes. Infection Control policies are circulated amongst staff for reading.
- IPC Handbook with Practice Index-Next due for review February 2025 or sooner if new guidance comes in.
Antibiotic Monitoring
At Cripps Health Centre, all clinicians play a key role in reducing antibiotic resistance by practicing antibiotic stewardship. This means not prescribing antibiotics for patients who are unlikely to suffer from bacterial Infection, while ensuring the patients who do require antibiotic treatment receive the appropriate antibiotics, at the correct dose and for the proper duration. All clinicians follow guidance from the Nottingham Area Prescribing Committee.
We have raised the standard of clinical assessment, safety netting of patients by clinical education.
We monitor our prescribing of antibiotics figures regularly internally, as does the Nottingham prescribing team.
The last antibiotic prescribing audit was carried out in February 2024 and demonstrated that clinicians were prescribing the correct length and appropriate antibiotic.
Responsibility
It is the responsibility of all staff members who work at Cripps Health Centre to be familiar with this statement and their roles and responsibilities.
Review
The IPC lead and Registered Manager are responsible for reviewing and producing the annual statement.
This annual statement will be updated on or before September 2024
Complaints/Feedback
The University of Nottingham health Service (UNHS) welcomes complaints. They not only ensure that people can have their concerns properly addressed but that they receive the best service to improve people’s health and care.
How do I make a complaint?
In the first instance you can telephone, write or visit the Practice Manager or you can contact the NHS England Customer contact centre:
NHS England
PO Box 16738
Redditch
B97 9PT
Email england.contactus@nhs.net
Who can make a complaint?
Anyone can make a complaint. You can complain on behalf of a child, or someone who has died. If you have another person’s permission, you can complain on their behalf.
Is there a time limit for making a complaint?
Yes. Your complaint should be made as soon as possible (up to one year after the event).
Can I get help and support?
Yes. An organisation called POhWER can provide you with support and advocacy. You can contact POhWER by phone on 0300 020 0093 or email yourvoiceyourchoice@pohwer.net
What will happen once I make my complaint?
UNHS is committed to responding to complaints as quickly and helpfully as possible. All complaints will be acknowledged when received and investigated in a manner that is appropriate to the issues raised. We will advise you how long it may take to investigate your complaint. Where possible we will offer a range of suitable options to resolve the complaint. UNHS will take action where needed to prevent the incident from happening again.
Making a complaint will not put your care at risk or adversely affect your future care.
Is it confidential?
Your rights to confidentiality will be respected throughout the investigation. However, there may be times when we need to share information without your consent e.g. to protect children and vulnerable adults.
We may also need to share your complaint with other health professionals in order to ensure any issues raised are addressed appropriately.
If your complaint involves a number of different services such as Hospitals, Mental Health services, Social Care or community health services we will work together to resolve your complaint. To do this we will need to share information.
What if I am still not satisfied?
We aim to resolve all complaints. However, if you are not satisfied with the outcome of your complaint we will look into the matter further. If you are still not satisfied with our response you can ask the Health Service Ombudsman to investigate your case.
The address to contact is:
The Parliamentary and Health service ombudsman
Millbank Tower
Millbank
London
SW1P 4QP
Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Data Choices
Your Data Matters to the NHS
Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments. The NHS is committed to keeping patient information safe and always being clear about how it is used.
How your data is used
Information about your individual care such as treatment and diagnoses is collected about you whenever you use health and care services. It is also used to help us and other organisations for research and planning such as research into new treatments, deciding where to put GP clinics and planning for the number of doctors and nurses in your local hospital. It is only used in this way when there is a clear legal basis to use the information to help improve health and care for you, your family and future generations.
Wherever possible we try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.
You have a choice
You do not need to do anything if you are happy about how your information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your mind about your choice at any time.
Will choosing this opt-out affect your care and treatment?
No, choosing to opt out will not affect how information is used to support your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.
What do you need to do?
If you are happy for your confidential patient information to be used for research and planning, you do not need to do anything.
To find out more about the benefits of data sharing, how data is protected, or to make/change your opt-out choice visit www.nhs.uk/your-nhs-data-matters
Download a copy of the patient leaflet
Consent for Audio/Video surgery 2022/23
Freedom of Information
Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
Access to Records
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.
GP Net Earnings
All GP Practices are required to declare the mean earnings (e.g. average pay) for GP’s working to delivery NHS Services to patients at each practice.
The Average pay for GPs working in The University of Nottingham Health Service in the last financial year was £92,813 before tax and National Insurance. This is for 2 full time GPs, 19 part time GPs and 1 locum GP who worked in the practice for more than six months.
Prescribing Policy For Patients Travelling Abroad
By law, the NHS ceases to have responsibility for the medical care of patients when they leave the UK. In addition GPs are able to provide prescriptions for the treatment of a condition that is not present and may arise while the patient is abroad.
The NHS does accept responsibility for supplying ongoing medication for temporary periods abroad of up to 3 months. However, if a person is going to be abroad for more than 3 months, then they are only entitled (at NHS expense) to a sufficient supply of regular medication in order to get to their destination, where they should the find an alternative supply of that medication.
Patients residing abroad for a period of more than 3 months are legally required to be removed from the practice list.
They will also be removed from our patient list. We will be pleased to re-register patients on their return to residence in the UK and can reassure patient that their electronic notes are kept on file for reference on your return.
Patients and relatives should not seek medication for themselves while they are abroad as this constitutes NHS fraud.
Privacy Notice
The University of Nottingham Health Service (the Practice)
Data Protection Privacy Notice for Patients
Introduction:
This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.
This privacy notice applies to personal information processed by or on behalf of the practice.
This Notice explains
- Who we are, how we use your information and our Data Protection Officer
- What kinds of personal information about you do we process?
- What are the legal grounds for our processing of your personal information (including when we share it with others)?
- What should you do if your personal information changes?
- For how long your personal information is retained by us?
- What are your rights under data protection laws?
The General Data Protection Regulation (GDPR) became law on 24th May 2016. This is a single EU-wide regulation on the protection of confidential and sensitive information. It enters into force in the UK on the 25th May 2018, repealing the Data Protection Act (1998).
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), and the Data Protection Act 2018 (currently in Bill format before Parliament) the practice responsible for your personal data is The University of Nottingham Health Service.
This Notice describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights
How we use your information and the law.
The University of Nottingham Health Service will be what’s known as the ‘Controller’ of the personal data you provide to us.
We collect basic personal data about you which does not include any special types of information or location-based information. This does however include name, address, contact details such as email and mobile number etc.
We will also collect sensitive confidential data known as “special category personal data”, in the form of health information, religious belief (if required in a healthcare setting) ethnicity, and sex during the services we provide to you and or linked to your healthcare through other health providers or third parties.
Why do we need your information?
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which the Practice hold about you may include the following information;
- Details about you, such as your address, carer, legal representative, emergency contact details
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations such as laboratory tests, x-rays etc
- Relevant information from other health professionals, relatives or those who care for you
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.
How do we lawfully use your data?
We need to know your personal, sensitive and confidential data in order to provide you with Healthcare services as a General Practice, under the General Data Protection Regulation we will be lawfully using your information in accordance with: –
Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”
Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems
This Privacy Notice applies to the personal data of our patients and the data you have given us about your carers/family members.
Risk Stratification
Risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information is only provided back to your GP as data controller in an identifiable form. Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary, your GP may be able to offer you additional services. Please note that you have the right to opt out of your data being used in this way.
Medicines Management
The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost-effective treatments.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- The General Data Protection Regulations 2016
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Codes of Confidentiality, Information Security and Records Management
- Information: To Share or Not to Share Review
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles.
Our practice policy is to respect the privacy of our patients, their families and our staff and to maintain compliance with the General Data Protection Regulations (GDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data related to our patients will be protected.
All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. The practice will, if required, sign a separate confidentiality agreement if the client deems it necessary. If a sub-contractor acts as a data processor for The University of Nottingham Health Service an appropriate contract (art 24-28) will be established for the processing of your information.
In Certain circumstances you may have the right to withdraw your consent to the processing of data. Please contact the Data Protection Officer in writing if you wish to withdraw your consent. If some circumstances we may need to store your data after your consent has been withdrawn to comply with a legislative requirement.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose in an identifiable format. In some circumstances you can Opt-out of the surgery sharing any of your information for research purposes.
With your consent we would also like to use your information to
We would however like to use your name, contact details and email address to inform you of services that may benefit you, with your consent only. There may be occasions were authorised research facilities would like you to take part on innovations, research, improving services or identifying trends.
At any stage where we would like to use your data for anything other than the specified purposes and where there is no lawful requirement for us to share or process your data, we will ensure that you have the ability to consent and opt out prior to any data processing taking place.
This information is not shared with third parties or used for any marketing and you can unsubscribe at any time via phone, email or by informing the practice DPO as below.
Where do we store your information Electronically?
All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.
No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
- NHS Trusts / Foundation Trusts
- GP’s
- NHS Commissioning Support Units
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Social Care Services
- NHS England (NHSE) and NHS Digital (NHSD)
- Local Authorities
- Education Services
- Fire and Rescue Services
- Police & Judicial Services
- Voluntary Sector Providers
- Private Sector Providers
- Other ‘data processors’ which you will be informed of
You will be informed who your data will be shared with and in some cases asked for consent for this to happen when this is required.
We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure. All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. If a sub-contractor acts as a data processor for The University of Nottingham Health Service an appropriate contract (art 24-28) will be established for the processing of your information.
How long will we store your information?
We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records management code of practice for health and social care and national archives requirements.
More information on records retention can be found online at (https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016)
How can you access, amend move the personal data that you have given to us?
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example for a research project), or consent to market to you, you may withdraw your consent at any time.
Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will Delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this with a GP to GP data transfer and transfer of your hard copy notes
Access to your personal information
Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:
- Your request should be made to the Practice – for information from the hospital you should write direct to them
- There is no charge to have a copy of the information held about you
- We are required to respond to you within one month
- You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified, and your records located information we hold about you at any time.
What should you do if your personal information changes?
You should tell us so that we can update our records please contact the Practice Manager as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number), the practice will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.
Objections / Complaints
Should you have any concerns about how your information is managed at the GP, please contact the GP Practice Manager or the Data Protection Officer as above. If you are still unhappy following a review by the GP practice, you have a right to lodge a complaint with a supervisory authority: You have a right to complain to the UK supervisory Authority as below.
Information Commissioner:
Wycliffe house
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 01625 545745
www.informationcommissioner.gov.uk
If you are happy for your data to be extracted and used for the purposes described in this privacy notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact the Practice Data Protection Officer.
If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer as below.
Data Protection Officer:
The Practice Data Protection Officer is Paul Couldrey of PCIG Consulting Limited. Any queries in regard to Data Protection issues should be addressed to him at: –
Email: Couldrey@me.com
Postal: PCIG Consulting Limited
7 Westacre Drive
Quarry Bank
Dudley
West Midlands
DY5 2EE
Changes:
It is important to point out that we may amend this Privacy Notice from time to time. If you are dissatisfied with any aspect of our Privacy Notice, please contact the Practice Data Protection Officer.
Privacy Notice – Surgery Connect Telephone System
Privacy Notice – Surgery Connect Telephony System (X-On)
The University of Nottingham Health Service
Plain English explanation
This privacy notice explains about our Telephony System ‘Surgery Connect’ (X-on).
Inbound calls: the system will notify you that all telephone calls are recorded for training and monitoring purpose.
Outbound calls will also be recorded for the same reason and this information can be found in this
notice, displayed on our website and in the surgery. We lawfully do not require your consent;
however you do have the right to terminate the call if you do not wish for the call to be recorded.
All calls made to the practice by a registered patient or from the practice to a registered patient, may
have the recording attached to the clinical record and will be stored securely on the surgery connect system. All calls made by non-registered patients will be stored securely on the surgery connect system. All data originates from the caller into the practice or the practice dialling out to the recipient.
Personal data
When a call is recorded we collect:
- a digital recording of the telephone conversation
- the telephone number of both parties (internal and external)
- Personal data revealed during a telephone call will be digitally recorded for example name
and contact details to deliver appropriate services.
- Occasionally ‘special category’ personal information may be recorded where a customer
voluntarily discloses health, religious, ethnicity or criminal information to support their
request for advice and/or services.
- Telephone call recording will be turned off, when a customer’s credit or debit card details
are given, in line with Payment Card Industry Data Security Standards (PCS DSS) and data
protection legislation including General Data Protection Regulations (‘GDPR’).
People who have access to your information will only normally have access to that which they need
to fulfil their roles.
We are required by Articles in the General Data Protection Regulations to provide you with the
information in the following 9 subsections.
- Data Controller contact details – The University of Nottingham Health Service, Cripps Health Centre, University Park, Nottingham, NG7 2QW
- Data Protection Officer contact details – Paul Couldrey of PCIG consulting Ltd. Coudrey@me.com
3) Purpose of the processing Direct Health Care – To enable a safe two way communication between patient and Surgery.
4) Lawful basis for processing – The processing of personal data in the delivery of direct care and for
Providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
Article 9(2)(b) ‘Carrying out of obligations under employment, social security or social protection law, or a collective agreement’
Article 9(2)(c) ‘Vital interests of a data subject who is physically or legally incapable of giving consent.’
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
*Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
5) Recipient or categories of recipients of the processed data
Data is accessible by the Practice as the Data Controller for this information. Information may be accessed remotely by the supplier for support purposes. Making recordings available for the Practice,
patients and other data subjects may request this.
6) Rights to object
You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance.
7) Right to access and correct
You have the right to access the data that is being stored and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.
8) Retention period
The recording data will be retained for 36 months on the Telephony System before deletion. The recording in connection to a registered patient may be attached to the medical record and therefore be subject to the Records Management code of Practice for Health and Social Care Retained until 10 years after death.
9) Right to Complain.
You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745
(national rate)
* “Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as ‘judge-made’ or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent.
The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent.
In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.
Three circumstances making disclosure of confidential information lawful are:
- where the individual to whom the information relates has consented;
- where disclosure is in the public interest; and
- where there is a legal duty to do so, for example a court order
Categories of Personal Data
- race;
- ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade union membership;
- genetic data;
- biometric data (where this is used for identification purposes);
- health data;
- sex life; or
- sexual orientation.
Personal data can include information relating to criminal convictions and offences. This also requires a higher level of protection.
Violence Policy
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.