The Old Fire Station Surgery
The Old Fire Station Surgery, Albert Terrace, Beverley. HU17 8JW.
It's Saturday 4:01 AM — Sorry, we're closed
The Old Fire Station Surgery has a duty to explain how we use any personal information we collect about you, as a registered patient at the practice. Staff at this practice maintain records about your health and the treatment you receive in electronic and paper format. This Privacy Notice explains why we collect information about you, how that information may be used and which organisations the information will be shared with to ensure you receive the best possible care. This policy is effective from 25th May 2018.
What information do we collect about you?
Your NHS health care record is likely to be electronic and paper, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. The records we hold about you may include the following information:-
- Details about you, such as your name, address, carers, legal representatives and emergency contact details.
- Any contact the surgery has had with you, such as appointments with our GPs and nurses, clinic visits, emergency appointments, etc.
- Notes and reports about your health including diagnosis, treatment and care.
- Details about your medication
- Digital images
- Sound files
- Results of investigations including blood tests, other laboratory tests, x-rays.
- Relevant information from other health professionals, relatives or those who care for you including District Nurses, Health Visitors, hospital and Out of Hours provided care and treatment.
How we will use your information
Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information for medical research or others when the law allows.
The Practice uses your health information directly to:
- Provide a basis for all health decisions made by care professionals.
- Make sure your care is safe and effective.
- Work effectively with others providing you with care.
Non-clinical practice staff may also access your medical records in order to perform tasks enabling the functioning of the practice. This would include:
- Making appointments;
- Processing medication requests;
- Providing information for test results when requested;
- Typing referral letters to hospital consultants;
- Opening letters from hospitals and consultants;
- Scanning clinical letters and any other documents not available in electronic format;
- Photocopying or printing documents;
- Handling, printing, photocopying of medico legal and life assurance reports and associated documents;
Each member of staff who works at the Old Fire Station Surgery has a legal obligation to keep information about you confidential and only accesses patient information when there is a business need to do so.
In order to comply with its legal obligations, this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Information is used to inform national campaigns regarding uptake of screening and immunisation programmes e.g. breast screening, cervical screening, childhood immunisation and the national Flu campaign.
Additionally, this practice contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure.
Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the GDPR.
The Practice computer system is an accredited clinical system which records patient clinical information securely which can be shared with other clinicians, so that everyone caring for you is fully informed about your medical history, including allergies and medication. Our clinical system is accessed by Practice staff and where appropriate allied Healthcare Professionals on site only as we do not permit remote access by none-practice staff.
Maintaining confidentiality and accessing your records
We are committed to maintaining confidentiality and protecting the information we hold about you. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential and we adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO).
You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.
For the purposes of managing your health and Health Risk Screening we may need to share your information e.g. by making a referral with your consent to the following organisations:
- Hull & East Yorkshire Hospital Trust
- Humber Foundation Trust
- Other NHS Trusts and providers of services commissioned by NHS England such as:
- Community Nurses and/or Community Matrons and McMillan Nurses.
- Representatives from Adult Community Services in Hull City Council and East Riding of Yorkshire Council
- Voluntary Support Organisations commissioned by NHS Hull & NHS East Riding of Yorkshire
- Dentists, Opticians and Pharmacies
- NHS Business Services Authority regarding prescriptions and Public Health England
- Private Sector Providers (private hospitals, care homes, hospices, contractors providing services to the NHS)
- Ambulance Trusts
- Health & Social Care Information Centre (HSCIC)
We will not disclose your information to any third party without your permission unless there are exceptional circumstances or the law requires information to be passed on e.g. the Public Health (Control of Disease) Act 1984, the Public Health (Infectious Diseases) Regulations 1988 and the Road Traffic Act 1988. Anyone who receives information from us is also under a legal duty to keep this information confidential.
We may also be obliged to reveal information about you if we believe you are a risk to yourself or others or if we believe a child or a vulnerable adult would be harmed if we did not reveal the information. We may also have to disclose information to prevent disorder or crime or if we are instructed to by a Court order.
How We Keep Your Information Confidential and Secure
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the General Data Protection Regulation 2018 (GDPR), Article 8 of the Human Rights Act and the NHS Codes of Confidentiality and Security. Everyone working in, or for the NHS must use personal information in a secure and confidential way.
We will only ever use or pass on your information if there is a genuine need to do so and we will not disclose information about you to third parties without your permission unless there are exceptional circumstances, such as when the law requires.
In order to protect your confidentiality if we are sending your information to outside parties, i.e. solicitors, the written information is given to you to pass to them and we will not disclose information to your family, friends and colleagues about any medical matters at all, unless we know that we have your consent to do so, including some teenage patients who have capacity for making their own decisions.
Summary Care Record
A summary of your basic details along with information about your medication is updated daily from the practice to the Summary Care Record on the NHS Spine. This is to allow other health professionals with access to the NHS Spine; for example in A&E to have easy access to limited information if they need it. You can opt out of the summary care record if you wish, please contact our reception team if you wish to do this.
National data opt-out Programme
The national data opt-out is a new service that allows people to opt out of their confidential patient information being used for research and planning.
Using information for a patient’s individual care and treatment is not affected by the new opt-out. Patients do not need to do anything if they are happy about how their confidential patient information is used, and they can change their choice at any time.
The ‘Your Data Matters to the NHS’ awareness campaign will tell the public about how the strict rules around how data can and cannot be used were strengthened from May 2018, and inform them about the new service. The NHS is committed to keeping patient information safe and always being clear about how it is used.
How to opt out
Individuals can set an opt-out online at nhs.uk/your-nhs-data-matters or use a telephone service on 0300 303 5678.
Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including The Old Fire Station Surgery; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.
NHS Digital is developing the system now. Patients and the public will be able to use the system from 25 May 2018. All health and care organisations will be required to uphold patient and public choices by March 2020. The national data opt-out will be introduced alongside the new data protection legislation.
In accordance with the NHS Codes of Practice for Records Management, your healthcare records will be retained for 10 years after death, or if a patient emigrates, for 10 years after the date of emigration. Records of the deceased are returned promptly to Patient Data Services so requests for access are usually directed to them not the practice.
Who else may ask to access your information?
The law courts can insist that we disclose medical records to them
Solicitors may ask for medical reports but these requests must always be accompanied by your signed consent for us to disclose information. When we receive a request we may contact you and you may be asked to collect that information and send it to the requester. We will not release details about other people that are contained in your records (e.g. wife, children, parents etc) unless we also have their consent.
Limited information is shared with Public Health England to help them organise national programmes for Public Health such as childhood immunisations.
Social Services, The Benefits Agency and others may require medical reports on you from time to time. These will often be accompanied by your signed consent to disclose information. Failure to co-operate with these agencies can lead to loss of benefit or other support. However, if we have not received your signed consent we will not normally disclose information about you.
Insurance Companies frequently ask for medical reports on prospective clients and for claims which are accompanied by your signed consent form. We must disclose all relevant medical conditions unless you ask us not to do so. In that case, we would have to inform the insurance company that you have instructed us not to make a full disclosure to them.
You have the right, should you request it, to see reports to insurance companies before they are sent.
What to do if you have any questions
- Write to the data controller at The Old Fire Station Surgery, Albert Terrace, Beverley, East Yorkshire, HU17 8 JW
- Ask to speak with the Practice Manager
- The Data Protection Officer (DPO) for The Old Fire Station Surgery is Mr R Langthorp
If you have any concerns about how we use or share your information, or you do not wish us to share your information, then please contact the surgery who will be able to assist you.
In the event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’.
When someone visits our website our website provider collects standard internet log information and details of behaviour patterns which provides activity levels for visitors to the website but does not identify who is visiting the site.
Our website collects and uses personal information for the following reasons:
3.1 Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using the site, to better understand how they find and use the web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies the user to us. GA also records the computer’s IP address which could be used to personally identify the user but Google do not grant us access to this. We consider Google to be a third party data processor.
Disabling cookies in the internet browser will stop GA from tracking any part of the visit to pages within the websites.
3.2 Contact forms and email links
Personal data submitted via a contact form or email link is emailed to the Practice but is not held anywhere in Content Management System database or on the server that this website is hosted upon. As this website is protected by SSL (shown by the green padlock in the address bar), the form submission is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. This data is simply used to identify the sender of the respective enquiry and to allow the Practice to reply to the sender if required.
None of the submitted personal information is stored on the websites server as of 20th May 2018.
About the website’s server
This website is provided by SurgeryWeb and hosted by TMZVPS within a UK data centre located in Maidstone.
Some of the data centre’s more notable security features are as follows:
- Security: on-site officers, CCTV, key card controls
- Pre-action fire suppression systems
- 24-hour data center monitoring
- 24-hour Operations Support Center
- Diesel Generators
Full details of TMZVPS’s data centre can be found here.
All traffic (transferral of files) between our website and your browser is encrypted and delivered over HTTPS.
Third Party Data Processors
We use third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. These third parties are based in the USA and are EU-U.S Privacy Shield compliant.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
08:00am - 18:00pm
08:00am - 18:00pm
08:00am - 18:00pm Please note we close for staff training between 12.45pm - 2.00pm on Wednesdays
08:00am - 18:00pm
08:00am - 18:00pm
CLOSED - Call NHS 111
CLOSED - Call NHS 111