Who we are
Blackheath Medical Centre employs more than 10 members of staff. Our Practice is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 and our registration number is Z7416512.
Why we collect personal information about you
The staff caring for you need to collect and maintain information about your health, treatment and care, so that you can be given the best possible care. This personal information can be held in a variety of formats, including paper records, electronically on computer systems, in video and audio files.
What our legal basis is for processing personal information
Any personal information we hold about you is processed for the purposes of ‘provision of health or social care or treatment or the management of health or social care systems and services under chapter 2, section 9 of the Data Protection Act 2018. For further information on this legislation, please visit https://www.legislation.gov.uk
What personal information we collect about you and how we obtain it
Personal information about you is collected in a number of ways. This can be referral details from our staff, other 3rd parties or hospitals, directly from you or your authorised representative. We will likely hold the following basic personal information about you: your name, address (including correspondence), telephone numbers, date of birth, next of kin contacts, etc.
We might also hold your email address, marital status, occupation, overseas status, place of birth and preferred name or maiden name. In addition to the above, we may hold sensitive personal information about you which could include:
- notes and reports about your health, treatment and care, including your medical conditions, results of investigations such as x-rays and laboratory tests, future care you may need, personal information from people who care for and know you such as relatives and health or social care professionals, and other personal information such as smoking status and any learning disabilities.
- your religion and ethnic origin.
- whether or not you are subject to any protection orders regarding your health, well-being and human rights (safeguarding status).
It is important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care plans in accordance with your needs.
Our use of third-party processors
To enable the effective use and management of patient information we utilise an approved & secure clinical system to process our patient information. The Practice utilises the EMIS Web clinical system to maintain and store personal confidential information.
What we do with your personal information
Your records are used to directly, manage and deliver healthcare to you to ensure that:
- staff members involved in your care have accurate and up to date information. This is in order for them to assess and advise on the most appropriate care for you.
- staff members have the information they need to be able to assess and improve the quality and type of care you receive.
- appropriate information is available if you see another healthcare professional or are referred to a specialist, social care, another part of the NHS or healthcare provider.
What we may do with your personal information
The personal information we collect about you may also be used to:
- remind you about your appointments and send you relevant correspondence.
- review the care we provide to ensure it is of the highest standard and quality, e.g. Through audit or service improvement.
- support the funding of your care, e.g. with commissioning organisations.
- prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory bodies.
- help to train and educate healthcare professionals.
- report and investigate complaints, claims and untoward incidents.
- report events to the appropriate authorities when we are required to do so by law.
- review your suitability for research study or clinical trials.
- contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients.
Unless a legal basis allows otherwise we will, where possible, always look to anonymise/pseudonymise your personal information so as to protect patient confidentiality. We will only use/share the minimum information necessary.
How we maintain your records
Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements. We hold and process your information in accordance with the Data Protection Act 2018 as amended by the GDPR 2016. In addition, those working for the NHS must comply with the Common Law Duty of Confidentiality this also includes various national and professional standards and requirements. We have a duty to:
- maintain full and accurate records of the care we provide to you.
- keep records about you confidential and secure.
- provide information in a format that is accessible to you.
Use of email: Some services in the Practice provide the option to communicate with patients via email. Please be aware that the Practice cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk. Further information can be found in our Data Security and Protection Policy/Information Governance Policy, which are available upon request from the Practice.
How long we keep your information for
All records held by the Practice will be kept for the duration specified by national guidance from the Department of Health: Records Management Code of Practice
We will keep a copy of your information in our Practice for as long as you are registered with our Practice and If you leave the practice we will ensure that a copy of anything we hold is passed on to your new GP. Your record status will be marked as ‘inactive’ in our clinical system but it will not be deleted. Confidential information is securely destroyed in accordance with this code of practice.
What your rights are
If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 gives you certain rights, including the right to:
- request access to the personal data we hold about you, e.g. in health records. The way in which you can access your own health records is further explained in our Access to Health Record Policy and Disclosure of Personal Data Procedure which is available from the Practice at your request.
- request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. This is also explained in our “Access to Health Record Policy and Disclosure of Personal Data Procedure”.
- object to the use of your personal information: In certain circumstances you may also have the right to ‘object’ to the processing (i.e. sharing) of your information. Where the Practice processes personal data about you on the basis of being required to do so for the performance of a task in the public interest/exercise of official authority, you have a right to object to the processing. You must have an objection on grounds relating to your particular situation. If you raise an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
- refuse/withdraw consent to the sharing of your health records: Under the Data Protection Act 2018, we are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.
- request your personal information to be transferred to other providers on certain occasions.
Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is the body that regulates the Practice under Data Protection and Freedom of Information legislation. If you wish to appeal a decision or make a complaint regarding our handling of data, please contact them via:
Address | Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF |
Website | https://ico.org.uk |
Telephone | 0303 123 1113 (local rate) 01625 545 745 (national rate number) |
casework@ico.org.uk |
Practice Information Governance Lead
Name and position | Sharon Joy (Business Manager) |
Address | Blackheath Medical Centre 76 Reeds Lane Moreton CH46 1SG |
Telephone | 0151 677 7070 |
blackheath.surgery@nhs.net |
Data Protection Officer
Name and position | Malcolm Gandy (Deputy Director of Information and Acting Data Protection Officer) |
Address | Information Governance Team St Helens & Knowsley Teaching Hospitals NHS Trust Alexandra Business Park Court Building Prescot Road St Helens WA10 3TP |
ig@sthk.nhs.uk |
Page last reviewed: 12 February 2024