General Data Protection

 

PRACTICE PRIVACY NOTICE

 

 

 

The overarching principle at Buckingham Terrace is to process the data we hold for you fairly, lawfully and transparently. The following will provide you with the information we believe you should have to satisfy yourself that this is the case.

 

    1. Data Controller  - 1)  Buckingham Terrace Medical Practice , 31 Buckingham Terrace Glasgow G12 8ED and  2) Greater Glasgow and Clyde Health Board , Information Governance Manager. JB Russell House, Gartnavel Royal Hospital Campus, 1055 Great Western Road, GLASGOW G12 0XH
    1. Data Processor -  1) Data Protection Officer, Egton Medical Information System (emis) Rawdon House, Greenlane, Yeadon, LEEDS- LS19 7BY  Tel: 0330-024-1269. 2) Data Protection Officer, Microtech Group 17-19 Hill St, Kilmarnock KA3 1HA . Tel: 01563 530480 3 ) Webteam Manager- Oldroyd Publishing Group Ltd. Barons gate Graceways, Whitehills Business Park, Blackpool FY54 5PW Tel: 01253-608013 4) Data Protection Officer- Mjog Limited 23 High Street Wilburton CB6 3RB  5) NHS  National Services https://nhsnss.org/services/practitioner/data-protection/
    1. Data Protection OfficerWe are currently waiting for clarification from BMA regarding this. In the mean while any questions concerning use of your information should be directed  Mr Peyman Javidan- Management Partner – Buckingham Terrace Medical Practice- 31 Buckingham Terrace GLASGOW G12 8ED Tel.: 0141 2116210


    1. Purpose of Processing Data - 
  • Data is processed on the basis of Articles 6(1)(e) and 9(2)(h) of the General  Data Protection Regulation Act 2018 ( GDPA (2018)), which states;

    Processing shall be lawful only if and to the extent that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”

     Processing of personal data revealing racial or ethnic origin, political opinions, religious or    philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited unless processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.

  • where disclosures are a legal requirement the lawful basis and special category condition for processing are: ‘...for compliance with a legal obligation…’ (Article 6(1)(c)) and Article 9(2)(h) ’…management of health or social care systems…’

  • for medical research the lawful basis and special category condition are Article 6(1)

    (e) ‘…for the performance of a task carried out in the public interest…’ and Article

    9(2)(j) ‘…research purposes…’;

     

    1.  Disclosures-
  • In order to comply with our legal obligations this practice may send data to NHS Scotland when directed by the Secretary of State for Health. This practice contributes to national clinical audits and will send data which are required by NHS Scotland when law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form, for example, the clinical code for diabetes or high blood pressure.

  • The practice contributes to medical research and may send relevant information to medical research data bases such as Scottish Primary Care Information Resources in Scotland ( SPIRE). You can opt out of this. Please speak to one of our staff.

     

     6.      Management of Your Personal Health Information

     

  • Your personal data will only be handled by the staff employed by the practice or acting on behalf of the practice in pursuit of Article (6) or Article (9) of the GDPA(2018). All our staff have signed a Confidentiality and Disclosure statements as part of their Contract of Employment with us.

  • On deciding to join our list and by completion of the General Practice Registration (GPR) form, you are giving us implied consent under common law to seek recovery of all your previous GP medical records ( both paper and electronic)  held in United Kingdom, when such records exists.

  • During your stay with our practice as a patient, we will hold paper, electronic or both types of records for you in accordance with the item (4) above.

  • Upon leaving our practice, all your records ( paper and electronic) are returned to NHS National Services, Glasgow Registration, 5 Cadogan Street, Glasgow G2 6QE.

  • Your electronic data will be “deducted” from our system. ( Also see 10 below)

 

 

 7.  Right of Access

  • You have the right of access to the personal data concerning your health, for example the data in your medical records containing information such as diagnoses, examination results, assessments by treating physicians and any treatment or interventions provided, which have been collected. If you wish to access your Health Records, please put your request in writing and either leave it with one of our staff or post to Mr Javidan. (see 3 above).

    There is no fee for this service and we will Endeavour to provide you with this information within 30 days, subject to the following;

  1. Recital 63 of the GDPA (2018) state “ Where the controller processes a large quantity of information concerning the data subject, the controller should be able to request that, before the information is delivered, the data subject specify the information or processing activities to which the request relates.” 

  2. We will use all reasonable measures to verify your identity when access is requested. This is particularly the case when we receive request for information from third parties such as solicitors or insurance companies We will not however retain personal data for the sole purpose of being able to react to potential requests 

  3. Article 12(3) states that we can ask for an extension to the 30 days limit. This needs to be done in writing and we can only extend the 30 days deadline by a further 2 months.

 8.  Right of Rectification –

  • You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

9.    Right to be Forgotten –

  • Under Article 17(3) of the GDPA(2018) you cannot request to be forgotten.

 10. Retention Period-

 _________________________________________________________________________________________________________

 

 

 

 

PRACTICE PRIVACY NOTICE

 

Children

 

 

 

At  Buckingham Terrace the data we hold for you will be processed fairly, lawfully and transparently. We will only hold those data for you that is necessary to ensure we can offer you the best health care, and we will only share your data with other healthcare professionals as long as they have a proper reason for wanting access to your records.

 

 

 

If you are under 16 and want to be seen by a GP, as long as in the clinical opinion of the doctor you see you are capable of understanding the nature and possible consequences of the procedure or treatment, then you can be seen.

 

Below is a summary of what the current “consent” law say;

 

“In Scots law, when persons reach their 16th birthday, unless they lack the appropriate mental capacity, they gain the legal capacity to make decisions which have legal effect under the Age of Legal Capacity (Scotland) Act 1991..

 

However, even under the age of 16, as a child you can have the legal capacity to consent on your own behalf to any surgical, medical or dental treatment where in the opinion of the doctor you see you are capable of understanding the nature and possible consequences of the procedure or treatment

 

This is a matter of clinical judgement and will depend on several things, like;

 

• your age

 

• how mature you are

 

• the complexity of the proposed intervention

 

• its likely outcome

 

• the risks associated with it.

 

If you cannot understand the nature of the healthcare intervention and its consequences, then we will need to ask your parent or guardian for their consent to proceed with the intervention.

 

If your parent or guardian who has parental responsibility is not available and we cannot wait until we speak to your parent  then section 5 of the Children (Scotland) Act 1995 gives a person who has care or control of you, but has no parental rights or responsibilities in relation to the you, the power to do what is reasonable in all the circumstances to safeguard your health, development and welfare.

 

This could include your father (where your mum and dad are unmarried and even if there is no parental responsibilities agreement) or step-parent, a relative or your child minder who is looking after you during the day. This person may consent to any surgical, medical or dental treatment or procedure where you cannot give consent on your own behalf and it is not within the knowledge of the person that your parent(s) would refuse.

  

Emergencies

 

If you are under 16 and unable to consent treatment cannot be delayed until the person with

 

parental rights or responsibilities is consulted.”

  

CONTACTING YOU

 

We will not send you texts or letters until you are 16 years old and only after we get explicit consent from you to do so.

 

 

_________________________________________________________________________________________________________

 

POLICIES AND PROCEDURES (ACCOUNTABILITY)

 

Accountability and compliance form a corner stone of our approach to how we use your data. Our compliance is demonstrated by the following essential indicators;

 

 

    1. Data Flow 

(Please also refer to the attached Privacy Notice)

 

 

 

Your completion of the General Practice Registration Form (GPR), is expression of your intent to join our medical list. In case of children under the age of 16 the parents/ guardians must sign the form.  In discharging our legal obligations under Articles 6(1)(c), 6(1)(e) and Article 9(2)(h) and 9(2)(j), we will share your  data with NHS Registration  . This will allow NHS Registration to seek from NHS any electronic or paper records that may exist for you, for instance your medical records from your previous practice. Electronic records are forwarded to the practice anonymised. Paper records are sent to us via secure mail bag every Friday. Your paper records are stored in the practice. During your stay your personal data will be processed as Health Data. This means it is accessed on a need to know basis. It is kept accurate and up to date. Disclosure is limited to that purpose for which it was requested and when it can be justified. Unwanted and confidential data are disposed of correctly.

 

 Buckingham Terrace participates in Scottish Primary Care Information Resources (SPIRE) where anonymised data are sent to NHS Scotland. You can opt out of SPIRE.

 Data Protection Policy 

The policy applies to all staff employed by the practice. The NHS staff who are not directly employed by the practice but are authorised by the practice to access patient data in pursuit of the practice meeting its legal obligation as noted in (1) above are expected to adhere to their own organisation is Confidentiality and Data Protection Policy.  In the case of NHS Greater Glasgow and Clyde the policy is managed by the Information Governance Manager who can be contacted on 0141 2111790. In all other cases the access will only be approved on provision of a satisfactory policy.

 

 

 

The eight principles of Data Protection are as follows and all staff who process personal information must ensure these principles are followed.

 

 

 

  • Processed fairly and lawfully

  • Processed for limited purposes and in an appropriate way

  • Relevant and sufficient for the purpose

  • Accurate and up to date

  • Kept only for as longer as necessary

  •  Processed in line with individuals’ rights

  •  Secure

     

    Furthermore the practice is committed to the following principles for handling patient identifiable data

     

  •       Justify the purpose

        Only use when necessary

        Use the minimum required

        Access on a strict need to know basis

        Be aware of your responsibilities.

        Understand and comply with the law

        The duty to share information can be as important as the duty to protect patient confidentiality.

     

    Dealing with requests for confidential health data

     

    When considering sharing confidential health data or when handling requests from

    other organisations, we will satisfy ourselves that there is a clear legal basis

    for the disclosure. If there is no apparent legal basis for the disclosure we will not

    share the data and will seek further advice. When an organisation is providing direct

    care and has a legitimate relationship with an individual, the legal basis for sharing

    relevant information will be both implied consent to satisfy the common law and under

    the GDPR it will be for the ‘exercise of official authority...’ (Article 6(1)(e) coupled with

    ‘the provision of health or social care or treatment or the management of health or social

    care systems…’ (Article 9(2)(h)).

     

    We will only share information relevant for the specific purpose.

 Subject Access Request - This right is enshrined in Chapter 3 Articles 12-23 of the General Data Protection Regulation. You have the right of access to the personal data concerning your health, for example the data in your medical records containing information such as diagnoses, examination results, assessments by treating physicians and any treatment or interventions provided, which have been collected. If you wish to access your Health Records, please put your request in writing and either leave it with one of our staff or post to Mr Javidan Management Partner – Buckingham Terrace Medical Practice – 31 Buckingham Terrace. G12 8ED. There is no fee for this service and we will Endeavour to provide you with this information within 30 days, subject to the following;

  

  1. Recital 63 of the GDPA (2018) state “ Where the controller processes a large quantity of information concerning the data subject, the controller should be able to request that, before the information is delivered, the data subject specify the information or processing activities to which the request relates.”

 

    b.  We will use all reasonable measures to verify your identity when access is requested. This is particularly the case when we receive request for information from third parties such as solicitors or insurance companies We will not however retain personal data for the sole purpose of being able to react to potential requests.

 

31 Buckingham Terrace, Glasgow, G12 8ED
  • Telephone 0141 211 6210
Website supplied by Oldroyd Publishing Group
Back to top