As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
Informing Service Users
Under the Data Protection Act, organisations are required to provide information to individuals about what information will be held about them, how it will be used and who is responsible for it. Under the Act this is known as fair processing but in recent years the term privacy notices has been adopted to describe the requirement. To assist in promoting good practice the Information Commissioner has produced the ‘Privacy notices code of practice’. The Code notes that information can be provided through a variety of media and that making ‘layers’ of information available is a realistic way of meeting differing needs.
The privacy of your information is very important to us. The Brynteg medical Practice will store your personal details in accordance wit this Data Protection Policy and will always endeavour to keep your information secure.
It is important that patients know the difference between Local Data Sharing and Care Data, so that informed choice can be made about whether you are happy for your data to be shared, or whether you wish to opt out.
We want to be sure that we give you the opportunity to decide at what level you would like to opt out of data sharing and are aware of the implications. Please complete the opt out form via the attached link and return it to us so we can be clear about your wishes.
Local Data Sharing
A data sharing agreement exists between Brynteg Practice and 6 other local GP practices that make up the Aman Gwendraeth GP Cluster for the purpose of sharing clinical information on patients resident in nursing and residential homes. There are plans for some additional local services that will be run as a cluster group of GP practices; for instance cluster pharmacist and frail and elderly reviews.
If a patient does not opt out, their information will be shared when immediate patient care is needed.
The NHS would like to link information fromall th different places where patients receive care, to help provide a seemless package of care. It also allows the NHS to compare the care patients receive in one area against another so they can see what works best.
How patient information is used and shared is controlled by law and strict rules are in place to protect patient privacy.
If a patient does not opt out, their informaton will be shared; however a patient can opt out of or re-join the scheme at any ime.
Information Governance and Caldicott
Information Governance is a framework related to how organisations and individuals handle information; it applies to sensitive and personal information, of employees, patients and service users, and also to information related to the business of the organisation.
Information Governance sits alongside clinical and corporate governance and while the key focus is on ensuring that information is handled in a confidential and secure manner, in the health context it is also very much about supporting the provision of high quality care by ensuring the right information is available to the right people, when and where it’s needed.
The definition of what Information Governance includes varies between organisations and sectors; in NHS Wales there are several other aspects aside from the security and confidentiality of information which are also of significance. Information Governance within NHS Wales is generally accepted to include (but is not limited to) the following standards and legal requirements :
- Data Protection Act 1998
- Caldicott Report
- Common Law Duty of Confidentiality
- Freedom of Information Act 2000
- Information Sharing Protocols
- Data quality
- Information Security assurance – ISO 27001/2 Information security management (formerly BS7799)
- Records Management
Caldicott is a key element of the Information Governance agenda in Wales, providing organisations working in Health and Social Care with a set of recommendations and principles to help ensure that person identifiable information (including that of patients, staff and service users) is adequately protected.
Access to Information
There are several pieces of legislation which provide individuals with rights of access to specific types of information which an organisation may hold. The links below provide further detail on the individuals rights, timescales to provide information, and the exemptions or exceptions to consider when a request is received.
Data Protection Act (Subject Access Requests)
Freedom of Information
Environmental Information Regulations
Access to Health Records (Deceased Patient Records)
This statement applies to all information collected or submitted on the website of Brynteg Medical Practice. It details what information we collect, how and why we collect them. If you have any comment or query, please submit your request via the ‘Feedback form’ quoting ‘privacy statement’.
As described within the provisions of the UK Data Protection Act 1998 (external website), we take appropriate measures to maintain the security of your data on our website. Information collected is governed by this privacy statement and use of this website signifies your agreement.
Information We Collect
We do not collect personal information about site users. When you voluntarily submit identifiable data on this website (this includes submission of feedback forms, subscriptions or questionnaires), the information submitted is used solely to respond to your queries and for its intended purpose. We do not share web user information with third parties.
We monitor user activity to enhance content provided on the site. Google Analytics (external website) is a free service provided by Google (external website) that generates detailed statistics about the visitors to a website.
Information collected includes referring / exit web pages, click patterns, most / least viewed web pages, session duration, number of visitors, browser type, operating system, etc. Information is collected by using cookies.
How We Collect Information
Google will use this information to produce user activity reports for this website. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
A cookie is a small file, typically of letters and numbers, downloaded on to a device (like your computer or smart phone) when you access certain websites.
Cookies allow a website to recognise a user’s device.
Some cookies help websites to remember choices you make (e.g. which language you prefer if you use the Google Translate feature). Analytical cookies are to help us measure the number of visitors to a website. The two types we use are ‘Session’ and ‘Persistent’ cookies. Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time.
We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.
What can I do to manage cookies on my devices?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
If you are concerned about cookies and would like to ask further questions please do not hesitate to write to our website developers – firstname.lastname@example.org