Privacy Policy

This is the privacy notice of Chawton Park Surgery. In this document, “we”, “our”, or “us” refers to Chawton Park Surgery. Other practice policy documents are also available online.

Telephone number: 01420 542542

This website collects some personal data from users, as stated in our website provider’s Privacy Policy.

Introduction

• This is a notice to inform you of our Policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (personal information) and information that could not. In the context of the law and this notice, ‘process’ means collect, store, transfer, use or otherwise act on information.
• We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
• We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
• We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
• Our Policy complies with UK law accordingly implemented, including that required by the UK General Data Protection Regulation (GDPR).
• The Law requires us to tell you about your rights and our obligations to you with regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at Know Your Privacy Rights.
• Except as set out below, we do not share, sell or disclose to a third party, any information collected through our website.
• The UK General Data Protection Regulation (UKGDPR) and the Data Protection Act 2018 (DPA 2018) became law on 25th May 2018, and 1st January 2021 when the UK exited the EU. For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (UK) 2016/679) (the “UKGDPR”), and the Data Protection Act 2018 the practice is responsible for your personal data.

General Data Protection Regulations (GDPR)

New rules on Data Protection From 25th May 2018, new rules on Data Protection will come into place across Europe. Detailed below is how we collect, use and protect your personal data. 

Information about you and how we use it

When you come to the surgery, information about you, your medical treatment and family background may be recorded, on paper and computer, to help us care for you. The information is part of your health record and will be kept in case we need to see you again. We hold demographic information (name, address, telephone numbers, data of birth, ethnic origin, family relationships, next of kin and clinical data (diagnoses, family history, allergies, and sensitivities, medication, consultation records, investigations, test results, referrals and letters to and from other NHS Organisations about your care).

Members of the clinical teams looking after you may share your personal health information with each other. This team may include healthcare professionals and support staff.

All NHS staff are bound by law and a strict code of confidentiality, and are monitored by the Surgery’s Caldicott Guardian (Dr Thomas Parrott), who is responsible for ensuring patients’ confidentiality is respected. Your confidentiality is very important to us, and we have strict controls in place to protect your information.

Data will be retained only for as long as necessary to provide care for you. Our document retention policy and GDPR leaflet is available to view our download within this page.

How you records are used to help you

Accurate, up to date information about you:

• Helps staff to assess your health and care for you
• Will help staff to treat you in the future, in the surgery or elsewhere
• Allows staff to monitor and if necessary investigate the care you have received.

How your records help us

Accurate, up to date information about you:

• helps us provide high quality care and meet all our patients’ needs
• helps us train healthcare professionals and support research and development
• is necessary for the surgery to be paid for your treatment
• supports audits of NHS services and accounts
• supports investigation of any incidents or issues that arise
• contributes to national NHS statistics.

Privacy Notice

Accessing your medical records (a ‘Subject Access’ request)

You have a right under the General Data Protection Regulations 2018 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:

• Your request must be made in writing to the GP – for information from the hospital you should write direct to them
• There may be a charge to have a printed copy of the information held about you
• We are required to respond to you within 30 days
• You will need to give adequate information (for example full name, address, date of birth, NHS number and details of the reason for your request) so that your identity can be verified and your records located.

To request a copy of you health records or ask to see parts of it relating to specific points, please ask to speak to, or complete a Subject access request form or send a written request to:

Nicky (Practice Manager) Chawton Park Surgery, Chawton Park Road, Alton, GU34 1RJ

Your notes will be prepared for you and depending on what you require access to online records may be granted, a document could be emailed to you or a qualified member of staff will talk you through the content. Your right to see some information may be limited – for example, if it includes details about other people.

Notification

The General Data Protection Regulations 2018 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioner’s Office (ICO) website and the practice is registered with them.

Our Data Protection Officer is Caroline Simms.

Our Data Controller, responsible for keeping your information secure and confidential is Dr Thomas Parrott

Lawful basis for direct care and administrative purposes

All health and adult social care providers are subject to the statutory duty under section 251B of the Health and Social Care Act 2012 to share information about a patient for their direct care. This duty is subject to both the common law duty of confidence and currently the DPA98 (and in due course the DPA18 and GDPR).

For common law purposes, sharing information for direct care is on the basis of implied consent, which may also cover administrative purposes where the patient has been informed or it is otherwise within their reasonable expectations.

Under the GDPR, for processing personal data in the delivery of direct care, and for providers’ administrative purposes, the Article 6 condition for lawful processing that applies to the surgery and all publicly funded health and social care organisations in the delivery of their functions is:
6(1)(e) for the performance of a task carried out in the public interest or in the exercise of official authority

Under the GDPR, personal data concerning health are special categories of personal data; the most appropriate Article 9 condition which applies to the surgery for direct care or administrative purposes is:
9(2)(h) medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.

Data transferred outside the EU

The data we hold on you will not be transferred outside the EU. Should any future changes in the NHS mean that this is possible, we will seek you permission before transferring any of your information outside the EU.

Cookies  

Our practice website uses cookies to function correctly. You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

General Practice Data for Planning and Research (GPDPR)

NHS digital will not collect patients’ names or addresses. Any other data that could directly identify patients (Such as NHS Number, date of birth, full postcode) is replaced with unique codes which are produced by de-identification software before the data is shared with NHS Digital.

Compliance with the Law

Our Privacy Policy has been compiled so as to comply with the Law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the Law of your jurisdiction, we would like to hear from you.

However, ultimately it is your choice as to whether you wish to use our website.

Further Information – Understanding Patient Data

Understanding Patient Data’ supports better conversations about the uses of health information. Our aim is to explain how and why data can be used for care and research, what’s allowed and what’s not, and how personal information is kept safe. We work with patients, charities and Healthcare Professionals to champion responsible use of data.

Review of this Privacy Policy

We may update this Privacy Notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.

If you have any question regarding our Privacy Policy, please contact us.