Privacy policy

Who we are

Blackheath Medical Centre employs more than 10 members of staff. Our Practice is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 and our registration number is Z7416512.

Why we collect personal information about you

The staff caring for you need to collect and maintain information about your health, treatment and care, so that you can be given the best possible care. This personal information can be held in a variety of formats, including paper records, electronically on computer systems, in video and audio files.

What our legal basis is for processing personal information

Any personal information we hold about you is processed for the purposes of ‘provision of health or social care or treatment or the management of health or social care systems and services under chapter 2, section 9 of the Data Protection Act 2018. For further information on this legislation, please visit https://www.legislation.gov.uk

What personal information we collect about you and how we obtain it

Personal information about you is collected in a number of ways. This can be referral details from our staff, other 3rd parties or hospitals, directly from you or your authorised representative. We will likely hold the following basic personal information about you: your name, address (including correspondence), telephone numbers, date of birth, next of kin contacts, etc.

We might also hold your email address, marital status, occupation, overseas status, place of birth and preferred name or maiden name. In addition to the above, we may hold sensitive personal information about you which could include:

  • notes and reports about your health, treatment and care, including your medical conditions, results of investigations such as x-rays and laboratory tests, future care you may need, personal information from people who care for and know you such as relatives and health or social care professionals, and other personal information such as smoking status and any learning disabilities.
  • your religion and ethnic origin.
  • whether or not you are subject to any protection orders regarding your health, well-being and human rights (safeguarding status).

It is important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care plans in accordance with your needs.

Our use of third-party processors

To enable the effective use and management of patient information we utilise an approved & secure clinical system to process our patient information. The Practice utilises the EMIS Web clinical system to maintain and store personal confidential information.

What we do with your personal information

Your records are used to directly, manage and deliver healthcare to you to ensure that:

  • staff members involved in your care have accurate and up to date information. This is in order for them to assess and advise on the most appropriate care for you.
  • staff members have the information they need to be able to assess and improve the quality and type of care you receive.
  • appropriate information is available if you see another healthcare professional or are referred to a specialist, social care, another part of the NHS or healthcare provider.

What we may do with your personal information

The personal information we collect about you may also be used to:

  • remind you about your appointments and send you relevant correspondence.
  • review the care we provide to ensure it is of the highest standard and quality, e.g. Through audit or service improvement.
  • support the funding of your care, e.g. with commissioning organisations.
  • prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory bodies.
  • help to train and educate healthcare professionals.
  • report and investigate complaints, claims and untoward incidents.
  • report events to the appropriate authorities when we are required to do so by law.
  • review your suitability for research study or clinical trials.
  • contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients.

Unless a legal basis allows otherwise we will, where possible, always look to anonymise/pseudonymise your personal information so as to protect patient confidentiality. We will only use/share the minimum information necessary.

How we maintain your records

Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements. We hold and process your information in accordance with the Data Protection Act 2018 as amended by the GDPR 2016. In addition, those working for the NHS must comply with the Common Law Duty of Confidentiality this also includes various national and professional standards and requirements. We have a duty to:

  • maintain full and accurate records of the care we provide to you.
  • keep records about you confidential and secure.
  • provide information in a format that is accessible to you.

Use of email: Some services in the Practice provide the option to communicate with patients via email. Please be aware that the Practice cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk. Further information can be found in our Data Security and Protection Policy/Information Governance Policy, which are available upon request from the Practice.

How long we keep your information for

All records held by the Practice will be kept for the duration specified by national guidance from the Department of Health: Records Management Code of Practice

We will keep a copy of your information in our Practice for as long as you are registered with our Practice and If you leave the practice we will ensure that a copy of anything we hold is passed on to your new GP. Your record status will be marked as ‘inactive’ in our clinical system but it will not be deleted. Confidential information is securely destroyed in accordance with this code of practice.

What your rights are

If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 gives you certain rights, including the right to:

  • request access to the personal data we hold about you, e.g. in health records. The way in which you can access your own health records is further explained in our Access to Health Record Policy and Disclosure of Personal Data Procedure which is available from the Practice at your request.
  • request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. This is also explained in our “Access to Health Record Policy and Disclosure of Personal Data Procedure”.
  • object to the use of your personal information: In certain circumstances you may also have the right to ‘object’ to the processing (i.e. sharing) of your information. Where the Practice processes personal data about you on the basis of being required to do so for the performance of a task in the public interest/exercise of official authority, you have a right to object to the processing. You must have an objection on grounds relating to your particular situation. If you raise an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
  • refuse/withdraw consent to the sharing of your health records: Under the Data Protection Act 2018, we are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.
  • request your personal information to be transferred to other providers on certain occasions.

Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the body that regulates the Practice under Data Protection and Freedom of Information legislation. If you wish to appeal a decision or make a complaint regarding our handling of data, please contact them via:

AddressInformation Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Websitehttps://ico.org.uk
Telephone0303 123 1113 (local rate)
01625 545 745 (national rate number)
Emailcasework@ico.org.uk

Practice Information Governance Lead

Name and positionSharon Joy (Business Manager)
AddressBlackheath Medical Centre
76 Reeds Lane
Moreton
CH46 1SG
Telephone0151 677 7070
Emailblackheath.surgery@nhs.net

Data Protection Officer

Name and positionMalcolm Gandy (Deputy Director of Information and Acting Data Protection Officer)
AddressInformation Governance Team
St Helens & Knowsley Teaching Hospitals NHS Trust
Alexandra Business Park
Court Building
Prescot Road
St Helens
WA10 3TP
Emailig@sthk.nhs.uk

Page last reviewed: 12 February 2024