Lawn Medical Centre

Privacy

As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018.

This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect.

The Lawn Medical Centre Privacy notice is shown below or you can download a copy here.

Patients Privacy Notice

Hawthorn Medical Centre, Merchiston Surgery, Old Town Surgery, Lawn Medical Centre, and Priory Road Medical Centre are well-established GP Practice’s, and we are part of Wyvern Health Partnership.

Our General Practitioners and allied healthcare professionals provide primary medical care services to our practice population and are supported by our administrative and managerial team in providing care for patients.

This privacy notice explains how we as a data controller use any personal information, we collect about you as a patient of health care services provided by Wyvern Health Partnership.

Why do we collect your personal information?

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare and help us to protect your safety. We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form. The records will include both personal and special categories of data about your health and wellbeing.

What types of personal information do we collect about you?

We may collect the following types of personal information:

  • Your name, address, email address, telephone number and other contact information
  • Gender, NHS Number and date of birth and sexual orientation
  • Details of family members and next of kin details
  • Health (Medical) information, including information relating to your sex life
  • Details of any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments and telephone calls
  • Results of investigations such as laboratory tests or x-rays
  • Biometric data
  • Genetic information
  • CCTV footage

How will we use the personal information we collect about you?

We may use your personal information in the following ways:

  • To help us assess your needs and identify and provide you with the health and social care that you require
  • To determine the best location to provide the care you require • To comply with our legal and regulatory obligations
  • To help us monitor and manage our services
  • To support medical research

Text (SMS) messages

If you have provided your mobile telephone number, we may use this to send automatic appointment reminders, requests to complete surveys or to make you aware of services provided by the surgery that we feel will be to your benefit. If you do not wish to receive these text messages, please let the reception team know.

Call recording

Recordings of calls made and received by Wyvern Health Partnership may be used to support the learning and development of our staff and to improve the service we provide to our patients. They may also be used when reviewing incidents, compliments, or complaints. Call recordings will be managed in the same way as all other personal information processed by us and in line with current data protection legislation.

CCTV footage

Hawthorn Medical Centre use Close Circuit Television (CCTV) to record images within public areas of the practice for the safety and security of our patients and staff. CCTV footage is managed in the same way as all other personal data processed by us and in line with current legislation.

Data processors

We may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how they will handle patient information and ensures they treat any information in line with the General Data Protection Regulation, confidentiality, privacy law, and any other laws that apply.

How will we share your personal information?

We may share your personal information with other health and social care professionals and members of their care teams to support your ongoing health and or social care and achieve the best possible outcome for you.

This may include:

Primary Care Network

Hawthorn Medical Centre, Old Town Surgery, Lawn Medical Centre, Merchiston Surgery and Priory Road Medical Centre are members of the Wyvern Health Partnership Primary Care Network (PCN) so you may be contacted by or treated by one of the other practices within the PCN. To support and provide healthcare services to you, they will require access to your patient record.

Patient Referrals

With your agreement, we may refer you to other services and healthcare providers for services not provided by Hawthorn Medical Centre, Old Town Surgery, Lawn Medical Centre, Merchiston Surgery and Priory Road Medical Centre.

Other Providers of Healthcare

We will share your information with other providers of healthcare services to enable them to support us in providing you with direct healthcare. This may include NHS organisations or private companies providing healthcare services for the NHS.

Care Homes or Social Care Services

Sometimes the clinicians caring for you may need to share some of your information with others who are also supporting you outside of the practice.

Local Authority

The local authority (council) provides health or social care services or assists us in providing direct healthcare services to you. We will share your personal information with them to enable this to take place.

Safeguarding

We will share your personal information with the safeguarding teams of other health and social care providers where there is a need to assess and evaluate any safeguarding concerns. Your personal information will only be shared for this reason when it is required for the safety of the individuals concerned.

Summary Care Record (SCR)

Your Summary Care Record is an electronic record of important patient information created from the GP medical records. It contains information about medications, allergies and any bad reactions to medications in the past. It can be seen by staff in other areas of the health and care system involved in your direct care. During the height of the pandemic changes were made to the Summary Care Record (SCR) to make additional patient information available to all appropriate clinicians when and where they needed it, to support direct patients care, leading to improvements in both care and outcomes. These changes to the SCR will remain in place unless you decide otherwise. Regardless of your past decisions about your Summary Care Record preferences, you will still have the same options that you currently have in place to opt out of having a Summary Care Record, including the opportunity to opt-back in to having a Summary Care Record or opt back in to allow sharing of Additional Information. Further details about the SCR and your choices can be found here: Summary Care Record supplementary transparency notice – NHS Digital

Integrated Care Records (ICR)

An Integrated Care Record allows other health and care providers who are directly involved with your care to access appropriate, timely and relevant information about you to enable them to support your heath and care. Further details about the ICR can be found here: https://bsw.icb.nhs.uk/your-health/your-care-record

GP Connect

We use a facility called GP Connect to support your direct care. GP Connect makes patient information available to all appropriate clinicians when and where they need it, to support direct patients care, leading to improvements in both care and outcomes. GP Connect is not used for any purpose other than direct care.
Authorised Clinicians such as GPs, NHS 111 Clinicians, Care Home Nurses (if you are in a Care Home), Secondary Care Trusts, Social Care Clinicians are able to access the GP records of the patients they are treating via a secure
NHS Digital service called GP connect. The NHS 111 service (and other services) will be able to book appointments for patients at GP practices and other local services. Further details about GP Connect are available here: GP Connect privacy notice – NHS Digital

Population Health Management

This practice is participating in a local Population Health Management (PHM) initiative aimed at improving physical and mental health outcomes and the wellbeing of our patients. This requires us to share pseudonymised personal data (anything that can identify an individual is replaced with code) with other organisations involved in the initiative. Further details are contained in our detailed supplementary PHM privacy notice here Privacy Policy (bswccg.nhs.uk), Privacy Notice | Swindon Borough Council and https://www.jobcentreplusoffices.co.uk/privacy-policy

NHS Digital

In order to comply with its legal obligations this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. This practice contributes to national clinical audits and will send the data, which are required by NHS Digital when the law allows. This may include demographic data, such as date of birth and information about your health, which is recorded in coded form. For example, the clinical code for diabetes or high blood pressure.

Livi

We use a facility called Livi to support your direct care. Livi makes patient information available to all appropriate clinicians when and where they need it, to support direct patients care, leading to improvements in both care and outcomes. Livi is not used for any purpose other than direct care. Further details about Livi are available here: Privacy Notice (livi.co.uk)

National Services

There are some national services like the national Cancer Screening Programme that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cancer screening. For further information, take a look at the full lung health check Privacy Notice: www.swaglunghealthcheck.nhs.uk

NHS Targeted Lung Health Check

This Practice shares your lung health related data with the NHS Targeted Lung Health Check (TLHC) service operated by Great Western Hospitals NHS Foundation Trust and InHealth Group Ltd). This supports your invitation to a lung health check appointment (if eligible) and possible CT scan by the lung health check team. This data may be shared with your local Hospital Trust to support further treatment and with other healthcare professionals involved in your care. For further information, take a look at the full lung health check Privacy Notice: Privacy Notice – InHealth (inhealthgroup.com)

Virtual Pharmacist

We are using a facility called Virtual Pharmacist to support your direct care. They make patient information available to all appropriate clinicians when and where they need it, to support direct patient care, leading to improvements in both care and outcomes. They will not be used for any purpose other than direct care. Further details ant Virtual Pharmacist are available here: Privacy Policy – Virtual Pharmacist

Risk Stratification

Risk Stratification, also known as ‘Health Risk Screening’, is a process that helps your GP determine whether you are at risk of any unplanned admission or sudden deterioration in health. By using information such as age, gender, diagnosis, and consideration of existing long-term conditions, medication history, patterns of attendance at hospital, admissions and periods of access to community care, your GP supported by the local Clinical Commissioning Group will be able to judge if you are likely to need more support and care from time to time, or if the right services are in place to support the local population’s needs.

As part of the automated Risk Stratification process your pseudonymised personal data (anything that can identify an individual is replaced with code) will be shared with the Bath, North East Somerset, Swindon and Wiltshire Integrated Care Board (ICB). You have the right to object to your information being used in this way. However, you should be aware that your objection may have a negative impact on the timely and proactive provision of your direct care.

Further details about Risk Stratification can be found here: https://bsw.icb.nhs.uk/about-us/how-we-use-your-information/

Any medical or health related personal information will be treated with confidence in line with the common law duty of confidentiality and the Confidentiality NHS Code of Practice.

We may be required to share information with organisations in order to comply with our legal and regulatory obligations. This may include:

  • Care Quality Commission (CQC) – The CQC regulates health and care services to ensure that safe care is provided. The law requires that we must report certain serious events to the CQC, for example, when patient safety has been put at risk. Further information about the CQC can be found here: https://www.cqc.org.uk/
  • Public Health England –  The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population. We will report the relevant information to local health protection team or Public Health England. Further information about Public Health England can be found here: https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-toreport
  • Other NHS Organisations – Sometimes the practice will share information with other NHS organisations that do not directly care for you, such as the Clinical Commissioning Group. However, this information will be anonymous and does not include anything written as notes by the GP and cannot be linked to you. We will not share your information with organisations other than health and social care providers without your consent unless the law allows or requires us to.

NHS National Data Opt-out

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected in a patient record for that service. Collecting this confidential patient information helps to ensure you get the best possible care and treatment.

The confidential patient information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care were allowed by law.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information, you do not need to do anything. If you choose to opt out your confidential patient information will still be used to support your individual care.

We do not share your confidential patient information for purposes beyond your individual care without your permission. When sharing data for planning and reporting purposes, we use anonymised data so that you cannot be identified in which case your confidential patient information isn’t required.

Information being used or shared for purposes beyond individual care does not include your confidential patient information being shared with insurance companies or used for marketing purposes and information would only be used in this way with your specific agreement.

Health and care organisations that process confidential patient information have to put systems and processes in place so they can be compliant with the national data opt-out. They must respect and apply your opt-out preference if they want to use or share your confidential patient information for purposes beyond your individual care.

Hawthorn Medical Centre, Old Town Surgery, Lawn Medical Centre, Merchiston Surgery and Priory Road Medical Centre are all currently compliant with the national data-out policy as we do not share your confidential patient information for purposes beyond your individual care without your permission. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-datamatters

You can change your choice at any time.

How long do we keep your personal information?

We follow the NHS X Records Management Code of Practice 2021 which states that electronic patient records should be retained for 10 years from the date of death. At that point, all personal data we hold on you will be securely deleted. We keep recordings of our calls for 3 months. At Hawthorn Medical Centre we keep CCTV footage for 3 months. At Lawn Medical Centre we keep CCTV footage for 28 days. At Old Town Surgery we keep CCTV footage for 7 days. The other two surgeries, Merchiston and Priory Road do not have CCTV.

Legal basis

We have been commissioned by the Bath and North East Somerset, Swindon and Wiltshire Integrated Care Board to provide a GP surgery service and it is necessary for the performance of this task in the public interest for us to process your personal data. We will use your special categories of personal data, such as that relating to your race, ethnic origin, and health for the purposes of providing you with health or social care or the management of health or social care systems and services. Such processing will only be carried out by a health or social work professional or by another person who owes a duty of confidentiality under legislation or a rule of law. In some circumstances, we may process your personal information on the basis that: • it is necessary to protect your vital interests. • we are required to do so in order to comply with legal obligations to which we are subject. • we are required to do so for the establishment, exercise or defence of a legal claim. or • you have given us your explicit consent to do so.

Data Protection Officer

Our Data Protection Officer (DPO) function is provided by the Medvivo Data Protection Officer service.

How to contact us

If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information then please contact our Data Protection Team at:

Data Protection Team Hawthorn Medical Centre, May Close, Cricklade Road, Swindon SN2 1UU
Old Town Surgery, Curie Avenue, Okus, Swindon SN1 4GB
Merchiston Surgery, Highworth Road, Swindon SN3 BF
Lawn Medical Centre, Guildford Avenue, Swindon SN3 1JL
Priory Road Medical Centre, Priory Road, Park South Swindon SN3 2EZ

Or

admin.hawthorn@nhs.net
ots@nhs.net
J83001.merchiston@nhs.net
Lawnmedical.centre@nhs.net
Reception.prioryroad@nhs.net

All data protection queries will be initially dealt with by the practice data protection team and escalated to the Medvivo Data Protection Officer service if required.

How to make a complaint

You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioners Office (ICO): https://ico.org.uk/concerns 0303 123 1113

Changes to our privacy notice

We keep our privacy notice under regular review, and we will place any updates on this webpage. This privacy notice was last updated on 25.01.2023

Date published: 18th October, 2014
Date last updated: 7th February, 2023