Patients Privacy Notice

Malmesbury Primary Care Centre provide and support NHS services to patients registered with us.

This privacy notice explains how we use any personal information we collect about you as a patient of health care services provided or supported by Malmesbury Primary Care Centre.

Why do we collect your personal information?

We collect and hold data for the purpose of supporting healthcare services to patients and running our organisation which includes monitoring the quality of care that we and our PCN practices provide. In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form. The records will include both personal and special categories of data about your health and wellbeing.

How do we collect your personal information?

We collect your personal information:

  • When you contact us or we contact you regarding a service we or one of the PCN Practices are providing to you
  • If you contact us regarding a service we or one of the PCN Practices have provided to you in the past
  • We receive a referral from one of the PCN Practices

What types of personal information do we collect about you?

Personal information about you is collected in a number of ways. This can be from referral details from your GP, other hospital or community services and directly from you.

We may collect the following types of personal information:

  • Your name, address, email address, telephone number and other contact information
  • Gender, NHS Number and date of birth and sexual orientation
  • Details of family members and next of kin details
  • Health (Medical) information, including information relating to your sex life
  • Biometric data
  • Genetic information

How will we use the personal information we collect about you?

We may use your personal information in the following ways:

  • To help us assess your needs and identify and provide you with the health and social care that you require
  • To determine the best location to provide the care you require
  • To comply with our legal and regulatory obligations
  • To enable us to investigate any incidents, complaints or compliments we may receive
  • To help us monitor and manage our services

Text (SMS) messages

If you have provided your mobile telephone number, we may use this to send automatic appointment reminders, requests to complete surveys or to make you aware of services provided by Malmesbury Primary Care Centre that we feel will be to your benefit.

If you do not wish to receive these text messages, please let Malmesbury Primary Care Centre know.

Call recording

Recordings of calls made and received by Malmesbury Primary Care Centre may be used to support the learning and development of our staff and to improve the service we provide to our patients.

They may also be used when reviewing incidents, compliments or complaints.

Call recordings will be managed in the same way as all other personal information processed by us and in line with all current legislation.

CCTV footage

Malmesbury Primary Care Centre use Close Circuit Television (CCTV) to record images within public areas for the safety and security of our patients and staff.

CCTV footage is managed in the same way as all other personal data processed by us and in line with current legislation.

Data processors

We may use the services of a data processor to assist us with some of our data processing activities, but this is done under a contract with direct instruction from us that controls how the data processor will handle patient information and ensure they treat any information in line with the requirements of UK General Data Protection Regulation, confidentiality, privacy law, and any other laws that apply.

How will we share your personal information?

We may share your personal information with other health and social care professionals and members of their care teams to support ongoing health and or social care and achieve the best possible outcome for you.  In particular, we may share your data with one of the GP Practices that is within our Primary Care Network.  In order to support and provide healthcare services to you, they will require access to your patient record.

Any medical or health related personal information will be treated with confidence in line with the common law duty of confidentiality and the Confidentiality NHS Code of Practice.

We may be required to share information with people other than health and social care professionals and members of their care teams in order to comply with our legal and regulatory obligations. This may include:

  • Care Quality Commission (CQC)

The CQC regulates health and care services to ensure that safe care is provided. The law requires that we must report certain serious events to the CQC, for example, when patient safety has been put at risk. Further information about the CQC can be found here:

http://www.cqc.org.uk/

  • Public Health England

The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population. We will report the relevant information to local health protection team or Public Health England. Further information about Public Health England can be found here:

https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report

  • Other NHS Organisations

Sometimes the practice will share information with other NHS organisations that do not directly care for you, such as the Integrated Care Board (ICB). However, this information will be anonymous and does not include anything written as notes by the GP and cannot be linked to you.

We will not share your information with people other than health and social care professionals and members of their care teams without your consent unless the law allows or requires us to.

NHS National Data Opt-out

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected in a patient record for that service. Collecting this confidential patient information helps to ensure you get the best possible care and treatment.

The confidential patient information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care where allowed by law.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information, you do not need to do anything. If you choose to opt out your confidential patient information will still be used to support your individual care.

We do not share your confidential patient information for purposes beyond your individual care without your permission. When sharing data for planning and reporting purposes, we use anonymised data so that you cannot be identified in which case your confidential patient information isn’t required.

Information being used or shared for purposes beyond individual care does not include your confidential patient information being shared with insurance companies or used for marketing purposes and information would only be used in this way with your specific agreement.

Health and care organisations that process confidential patient information have to put systems and processes in place so they can be compliant with the national data opt-out. They must respect and apply your opt-out preference if they want to use or share your confidential patient information for purposes beyond your individual care.

Malmesbury Primary Care Centre are currently compliant with the national data-out policy as we do not share your confidential patient information for purposes beyond your individual care without your permission.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters

You can change your choice at any time.

How long do we keep your personal information?

Malmesbury Primary Care Centre follow the NHS Records Management Code of Practice for Health and Social Care 2021 which states that patient records should be retained for 10 years from the date of death. At that point, all personal data we hold on you will be securely deleted.

How do we keep your personal information safe and secure?

We are committed to protecting your privacy and will only use information collected lawfully. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We adhere to the UK General Data Protection Regulation (UK GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.  We maintain our duty of confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access.

Legal basis

Whilst investigating an incident, complaint or complement we will process your personal data on the basis that you have provided your consent for us to do so. There may also be occasions where is it is necessary for us to process your personal data for the performance of a task in the public interest.

In some circumstances, we may process your personal information on the basis that:

  • it is necessary to protect your vital interests;
  • we are required to do so in order to comply with legal obligations to which we are subject;
  • in the establishment, exercise or defence of a legal claim;

or

  • you have given us your explicit consent to do so.

Your rights

You have a right to:

  • access the information we hold about you;
  • correct inaccuracies in the information we hold about you
  • withdraw any consent you have given to the use of your information;
  • complain to the relevant supervisory authority in any jurisdiction about our use of your information
  • in some circumstances:
    • erase information we hold about you;
    • receive a copy of your personal data in an electronic format and require us to provide this information to a third party;
    • restrict the use of information we hold about you; and
    • object to the use of information we hold about you.

You can exercise these rights by contacting us as detailed below.

How to contact us

If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information then please contact our Data Protection Officer at:

Data Protection Officer

Malmesbury Primary Care Centre

Priory Way

Malmesbury

Wiltshire

SN16 0FB

Or

[email protected]

How to make a complaint

You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioners Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

https://ico.org.uk/concerns

0303 123 1113

Changes to our privacy notice

We keep our privacy notice under regular review and we will place any updates on our website. This privacy notice was last updated on 22nd August 2024.