Your Personal Health Information

To give you the care you need, we keep information about your visits to surgery with staff involved in your care or treatment. These could be visits to a GP or practice nurse, or a visit by a health visitor. We keep information about your health and lifestyle and any illnesses, tests, prescriptions and other treatments that you have had.

When this information contains things that can identify you, such as your name, address, postcode or date of birth, it's called your personal health information. Your personal health information is stored securely on computer. We sometimes share your personal health information with other organisations involved in your healthcare. We only share relevant information.

For example, when your GP refers you to a specialist at the hospital.

We send relevant details about you in the referral letter and receive information back from them about you. We sometimes share information including your name, address and date of birth so that you can be invited for health screening.

We also need to use your personal health information for administrative tasks, but we only use relevant information. So that we can be paid for services we give you, we share information about you with relevant NHS organisations. These organisations help to check that public money is being spent properly.

The surgery must allow these checks to be done and we need to share your information to be able to give you healthcare services. We might use information about you and other patients to help improve our services or to check that they are up to standard. Whenever we do this, we will make sure that as far as possible we don't share any information that could identify you.

The surgery is sometimes involved in health research and in teaching student nurses, doctors and other NHS staff. We will not use or share your personal health information for research or teaching unless you have given your permission. Where you need a service that we give jointly with your local authority, we will ask your permission before giving them your information. Sometimes the law requires us to pass on information to other organisations.

For example, we have to report all births, deaths and certain diseases or crimes. The law sets out how we can use your personal health information. The Data Protection Act gives you rights about how your personal information is used, including a right to see the information we hold about you.

All NHS staff have a legal duty to keep information about you confidential and they follow a staff Code of Practice on Protecting Patient Confidentiality. If you have any questions about how we use your personal health information, or would like to see your health records please contact our Practice Manager. If you have any queries about issues in relation to Data Protection or Confidentiality, please ask to speak to the Practice Manager.


Your Record

We have a computer system called Emis which holds the medical records of all our patients. This is totally confidential and the only people who access the notes are those health professionals and administration staff who need to do so to assist with your care. If we need to refer you to the hospital for treatment, then the information that is relevant to your care will be shared with those professionals who are being asked to help you.


What does it mean for you?

Any person including a young person has the right to seek advice from a health professional, doctor or nurse on their own or with a friend without their parent or another adult knowing about it.

We do not have the right to tell anybody about what you have discussed with us without your permission. However, some decisions may be difficult and mean that the support of a trusted adult is important. For this reason, we do try to encourage you to discuss things with a trusted adult or parent where possible.

When you are seen by a doctor or nurse, the decision to offer you treatment/medication without an adult being present depends on how happy we are that you fully understand:

  •  What the treatment means and the advice given.
  • The options that you have been given regarding different types of treatment.
  • Whether or not you understand possible risks or side effects of the treatment and that you know to come back to us if you have any problems.

Being able to agree to treatment on your own is not dependent on your age. It is dependent on your understanding of what is being offered.

Young people in the care system often have worries about what information is being given to different people about them. Your information would only be shared with those who really need to know and with your knowledge and permission.

  • Limitations to confidentiality – We have a ‘duty of care’ to you which means that we must be sure that you are safe and that decisions you are making or advice and treatment that we are giving is in the best interests of your health and wellbeing and that of other people.
  • If the doctor or nurse that you are seeing has a concern that you may be in danger or putting others in danger, we have a duty to disclose that information without your consent to an appropriate person who will look into the situation.
  • People under the age of 13 years old are not legally capable of agreeing to have sex or be involved in sexual activity. This means that the nurse or doctor may feel that to protect you, the information needs to be shared with an appropriate person. This would normally be done with your knowledge and the doctor or nurse would help support you through this time and fully explain the reasons why this is needed so that you understand.

Freedom of Information

The Freedom of Information (FOI) Act was passed on 30 November 2000.

It gives a general right of access to all types of recorded information held by public authorities, with full access granted in January 2005. The Act sets out exemptions to that right and places certain obligations on public authorities. FOI replaced the Open Government Code of Practice, which has been in operation since 1994.


Data Protection and FOI – how do the two interact?

The Data Protection Act 1998 came into force on 1 March 2000. It provides living individuals with a right of access to personal information held about them.

The right applies to all information held in computerised form and also to non-computerised information held in filing systems structured so that specific information about particular individuals can be retrieved readily. 

Individuals already have the right to access information about themselves (personal data), which is held on computer and in some paper files under the Data Protection Act 1998. The right also applies to those archives that meet these criteria.

However, the right is subject to exemptions which will affect whether information is provided. Requests will be dealt with on a case by case basis. 

The Freedom of Information Act and the Data Protection Act are the responsibility of the Lord Chancellor’s Department.

A few of its strategic objectives being:

  • To improve people’s knowledge and understanding of their rights and responsibilities.
  • Seeking to encourage an increase in openess in the public sector.
  • Monitoring the Code of Practice on Access to Government Information.
  • Developing a data protection policy which properly balances personal information, privacy with the need for public and private organisations to process personal information.

The Data Protection Act does not give third parties rights of access to personal information for research purposes. The FOI Act does not give individuals access to their personal information, though if a request is made, the Data Protection Act gives the individual this right.

If the individual chooses to make this information public, it could be used alongside non-personal information gained by the public under the terms of the FOI Act.


Patient Confidentiality and Care Data

How information about you helps us to provide better care

Confidential information from your medical records can be used by the NHS to improve the services offered so we can provide the best possible care for everyone.

This information along with your postcode and NHS number but not your name, are sent to a secure system where it can be linked with other health information.

This allows those planning NHS services or carrying out medical research to use information from different parts of the NHS in a way which does not identify you.

You have a choice. If you are happy for your information to be used in this way, you do not have to do anything.

If you have any concerns or wish to prevent this from happening, please speak to practice staff or ask at reception for a copy of the leaflet 'How information about you helps us to provide better care'.

More information can be found here  Review of care data security