Your Personal Health Information
To give you the care you need, we keep information about your visits to surgery staff involved in your care or treatment. These could be visits to a GP or practice nurse, or a visit by a health visitor. We keep information about your health and lifestyle and any illnesses, tests, prescriptions and other treatments that you have had. When this information contains things that can identify you, such as your name, address, postcode or date of birth, it's called your personal health information. Your personal health information is stored securely on paper or on computer, or both.
We sometimes share your personal health information with other organisations involved in your healthcare. We only share relevant information. For example, when your GP refers you to a specialist at the hospital we send relevant details about you in the referral letter and receive information back from them about you. We sometimes share information including your name, address and date of birth so that you can be invited for health screening.
We also need to use your personal health information for administrative tasks, but we only use relevant information. So that we can be paid for services we give you, we share information about you with relevant NHS organisations. These organisations help to check that public money is being spent properly. The surgery must allow these checks to be done and we need to share your information to be able to give you healthcare services.
Sometimes, we might use information about you and other patients' to help improve our services or to check that they are up to standard. Whenever we do this we will make sure that as far as possible we don't share any information that could identify you.
The surgery is sometimes involved in health research and in teaching student nurses, doctors and other NHS staff. We will not use or share your personal health information for research or teaching unless you have given your permission.
Where you need a service that we give jointly with your local authority, we will ask your permission before giving them your information.
Sometimes the law requires us to pass on information to other organisations. For example, we have to report all births, deaths and certain diseases or crimes.
The law sets out how we can use your personal health information. The Data Protection Act gives you rights about how your personal information is used, including a right to see the information we hold about you.
All NHS staff have a legal duty to keep information about you confidential and they follow a staff Code of Practice on Protecting Patient Confidentiality. If you have any questions about how we use your personal health information, or would like to see your health records please contact our Practice Manager. If you have any queries about issues in relation to Data Protection or Confidentiality, please ask to speak to the Practice Manager.
We have a room available if you need to speak privately to a receptionist. Please make your request at reception.
Freedom of Information
The Freedom of Information (FOI) Act was passed on 30 November 2000. It gives a general right of access to all types of recorded information held by public authorities, with full access granted in January 2005. The Act sets out exemptions to that right and places certain obligations on public authorities.
FOI replaced the Open Government Code of Practice, which has been in operation since 1994.
Data Protection and FOI – how do the two interact?
The Data Protection Act 1998 came into force on 1 March 2000. It provides living individuals with a right of access to personal information held about them. The right applies to all information held in computerised form and also to non-computerised information held in filing systems structured so that specific information about particular individuals can retrieved readily.
Individuals already have the right to access information about themselves (personal data), which is held on computer and in some paper files under the Data Protection Act 1998.
The right also applies to those archives that meet these criteria. However, the right is subject to exemptions, which will affect whether information is provided. Requests will be dealt with on a case by case basis.
The Freedom of Information Act and the Data Protection Act are the responsibility of the Lord Chancellor’s Department. A few of its strategic objectives being:
- To improve people’s knowledge and understanding of their rights and responsibilities
- Seeking to encourage an increase in openness in the public sector
- Monitoring the Code of Practice on Access to Government Information
- Developing a data protection policy which properly balances personal information privacy with the need for public and private organisations to process personal information
The Data Protection Act does not give third parties rights of access to personal information for research purposes.
The FOI Act does not give individuals access to their personal information, though if a request is made, the Data Protection Act gives the individual this right. If the individual chooses to make this information public it could be used alongside non-personal information gained by the public under the terms of the FOI Act.