The new General Data Protection Regulation and our responsibilities

 

HOW WE USE YOUR INFORMATION AND THE LAW

Bolton GP Federation is known as the ‘Controller’ of the personal data you provide to us. We collect basic personal data about you which does not include any special types of information or location-based information. This does however include name, address, contact details such as email and mobile number etc.

We will also collect sensitive confidential data known as “special category personal data”, in the form of health information, religious beliefs (if required in a healthcare setting) ethnicity, and sex, during the services we provide to you and or linked to your healthcare through other health providers or third parties.

Why do we need your information?

We need to know your personal, sensitive and confidential data to provide you with Healthcare services as a General Practice, under the General Data Protection Regulation we will be lawfully using your information in accordance with:

Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”

Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.

Where do we store your data electronically?

All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.

No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.

How long will we store your information?

We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records management code of practice for health and social care and national archives requirements.

More information on records retention can be found online.

What are your rights?

If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. You can still request a copy of your medical records — from May 2018 this will be free of charge.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

HOW YOUR INFORMATION MAY BE USED

We may use your records to:

  • Refer you to other healthcare providers when you need other services or tests
  • Share samples (such as bloods) with laboratories for testing, sent with our courier
  • Share test results with hospitals or community services
  • Share reports with the coroner

Bolton GP Federation has signed an Information Sharing Agreement which allows health and social care providers to agree a secure and lawful way to share your information.

Sharing when required by law

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.

Information technology

Bolton GP Federation may use third parties to provide services that involve your information such as:

  • Removal and destruction of confidential waste
  • Provision of clinical systems
  • Provision of connectivity and servers

Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery). We have contracts / legally binding agreements in place with these third parties that prevent them from using it in any other way than instructed. These require them to maintain good standards of security to ensure your confidentiality.

BOLTON GP FEDERATION AND DATA PROTECTION

Bolton GP Federation takes your privacy very seriously. We are registered with the Information Commissioner’s Office as a Data Controller and our registration number is ZA226859.

If you have any questions or wish to make a request in relation to your information, please contact:

The Data Protection Officer
Bolton GP Federation
The Hub
Bold St
Bolton
BL1 1LS
01204 546124
hello@boltongpfed.co.uk

Bolton GP Federation aims to provide you with the highest quality healthcare. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.

Your doctor and other health professionals caring for you, such as nurses or physiotherapists, keep records about your health and treatment so that they can provide you with the best possible care.

These records are called your ‘health care record’ and may be stored in paper form or on computer and electronic systems and may include personal data:

  • basic details about you, such as address, date of birth, NHS number, and next of kin as well as sensitive personal data
  • contact we have had with you, such as clinical visits
  • notes and reports about your health
  • details and records about your treatment and care
  • results of x-rays, laboratory tests etc.

Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.