Data and

Privacy

It’s important that patients understand how their personal data is collected in the NHS, how it’s used, and what rights they have.

You may have heard terms like GDPR and SCR, but not everyone knows exactly what the mean, and what impact they have on personal information.

Why it's important

Every time you have any interaction with the NHS, information about you is collected.

For example, any medication you are prescribed is recorded, as are hospital test results so they can be shared with your GP. 

Capturing important information like this, along with records of previous treatments, allergies or reactions to certain medicine gives a full picture to NHS staff, and makes it easier for them to give you the care you need.

Beyond your own individual health, there are wider uses of patient data that are vital to how the NHS functions.

By understanding health trends in your area, local NHS services can be commissioned to meet specific needs.

Research within the NHS needs patient data to make advances in care and treatment that have long-term benefits for everyone.

General Data Protection Regulation (GDPR)

GDPR came into force in the UK in May 2018 in addition to an updated Data Protection Act (2018). This is the law that says how your data can and can’t be used.

GDPR insists that:

Your data can only be collected for a legitimate purpose, and only used in ways relating to that purpose.

Only data relevant to the specific purpose should be collected.

Your data should be kept up to date, and not kept for longer than is necessary.

It must be stored and ‘processed’ safely and securely. Processing means anything done to the data – from adding it to a patient record, combining it into a database, to changing or destroying it.

The data must have been collected lawfully, fairly and transparently – meaning that you are aware your data is being collected, and what for.

Privacy Notice

The latest Information Governance and Data Protection legislation requires us to ensure that a patient’s personal data must:

  • Be collected only for a legitimate purpose and processed only in a way that is compatible with that purpose.
  • Be limited to what is required in relation to the purpose for which it is used.
  • Be accurate and kept up to date.
  • Not be kept for longer than is necessary.
  • Be processed and stored in a safe and secure manner.
  • Collected and processed lawfully, fairly and transparently.

We want to reassure our patients that we have systems in place that allows us to record, process, share and store their personal data in accordance with the requirements of current regulations

As a patient you have the right to:

  • Be informed about the data we collect and the reasons why it is collected.
  • Know how we will use your data and the way we store and archive it.
  • Access your data.
  • Have any errors in your data rectified.
  • Have your records erased in certain circumstances.
  • Restrict processing of your data.
  • Transfer your data to another health care provider.
  • Object to us processing certain data.

We have to obtain your explicit consent to use your data in certain circumstances and you have the right to withdraw your consent at any time. Our organisation is also compliant with the National Data Opt-out Policy. Please ask a member of staff if you have any queries about how we use your data.

Summary Care Records (SCR)

SCRs are an electronic record of important patient information, created from GP medical records.

They can be seen and used by authorised staff in other areas of the health and care system involved in a patient’s direct care.

You may need to receive treatment from someone who does not know your medical history. An SCR means they can quickly access important information and make sure you receive the best care possible.

Here are just some examples of information contained on your SCR that will help NHS staff give you the best care:

  • Medications you are currently taking
  • Any allergies you have
  • Negative reactions to medication in the past
  • You can also choose to have additional information on your SCR including any long-term conditions, significant medical history or specific communications needs
  • Without an SCR, this information would not be available quickly and would have to be requested. This can lead to delays in your treatment, or worse still application of a specific treatment or medicine that you may react badly to.
  • Summary Care Records are created automatically when information enters a GP surgery’s clinical system. This means they are held by your specific GP practice, not DDHF directly.

If you DO NOT want to have a Summary Care Record created and available to clinicians across the NHS then you will need to contact your GP directly to positively opt out.

Your Rights 

A key principle of GDPR is transparency – making it clear to people how their data is being used, and giving them the right to say no.

You are entitled to:

  • Find out what data we collect and why.
  • Find out how your data is stored and archived.
  • View your own data and have mistakes corrected.
  • Object to and restrict certain processing of your data.
  • Have you records erased (unless it damages the provision of health care to you, or has fraudulent insurance purposes, for example).

Any questions, concerns or request for information about GDPR and your personal information should be made in writing to:

DDHF
Unit 51 Innovation House

Longfield Road
South Church Enterprise Park
Bishop Auckland

Co. Durham
DL14 6XB