Working together for excellent healthcare
Are you aware that your personal medical information that you share with your GP or other healthcare professional is about to be extracted and stored on a computer outside of the control of this practice where the practice will have no say on who has access to that information?
There are changes occurring in how we protect the confidential and personal information that we record in your medical records. The changes make it a legal obligation for us to share your information (see below). The proposed benefits of sharing identifiable data are to help you plan and monitor effective patient services, especially where patients receive care from several different organisations.
What we record at our practice:
Healthcare professionals in our practice record information about the care we provide.
The type of information that is recorded includes the following;
What we already share about you:
We share different types of information about our patients. These include:
It is also important to understand that currently a limited amount of patient information or data is used mostly at local level to help design health services or undertake clinical audit.
Some information is used at a national level. Information from lots of individual patients allows the NHS to build a picture of what is happening to the nation's health. The majority of this information is anonymised before it leaves the healthcare professional, in other words no one can identify who the information relates to.
How we protect your personal information:
Currently, your GP is responsible for protecting your information and to do this they comply with the Data Protection Act 1998 (DPA). As part of the DPA, all healthcare professionals have an obligation to only share information on a need to know basis.
For further information on the DPA, please follow the link below;
So what is changing?
Under the Health and Social Care Act 2012 the Health & Social Care Information Centre (HSCIC) on behalf of NHS England (the body responsible for commisioning health services across England) will be able to extract personal and identifiable information about all patients in England. The programme, called care.data, is administered by the HSCIC using software and services provided by a private sector company. Once your identifiable information has been taken from different health organisations (GP practice, hospitals, mental health trusts) it will then be linked together to produce a complete record about you. This information will be stored on national secure servers and will be managed by HSCIC. Although access to information will be strictly controlled, the HSCIC is planning to share this information with other organisations both NHS and private. The HSCIC will decide what information they will share and who they then share this information with.
Your GP will not be able to object to this information being released to HSCIC and will no longer be able to protect your information under the DPA as stated above.
Effectively, where the HSCIC is concerned the health and social care act over rules the DPA with regard to disclosure of personal information.
Confidentiality, Patient Data and GDPR
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) became law on 24th May 2016. This is a single EU-wide regulation on the protection of confidential and sensitive information. It enters into force in the UK on the 25th May 2018, repealing the Data Protection Act (1998).
To view our data protection privacy notice for patients in full, please click here.