Privacy Policy

Privacy Notice

This privacy notice describes the data, the practice holds about you, why we hold it, where and how we store it, how long for and how we protect it. It also tells you about your rights under the Data Protection Legislation and how the law protects you.

Who we are and what do we do?

Knowle House Surgery Tamerton Surgery

4 Meavy Way Harwood Avenue

Crownhill Tamerton Foliot

Plymouth Plymouth

PL5 3JB PL5 4NU

01752 705090

d-icb.knowlehousesurgery@nhs.net

Knowle House Surgery is a Data Controller for the data we hold about you. We hold your data in order to provide you with health and social care.

What is personal data and what data do we use?

Your personal data is any information that can be connected to you personally. If you can be identified from the data, it is personal data. The types of personal data we use and hold about you are:

Details about you: your name, address, contact number, email address, date of birth, gender and NHS number. We may also hold information about your emergency contact, next of kin and carer.
Details about your medical care: medical diagnosis, record of treatment received, referrals, history of prescribed medication, results of investigations such as X-rays etc.
Information provided by you: this includes correspondence relating to feedback, concerns and complaints about the service you have received.
Relevant information from other healthcare professionals, relatives or those who care for you.
Any information relating to claims, information from schools, universities etc where reports have been requested.

We may also hold the following information about you:

Religion or other beliefs of a similar nature,
Ethnicity,
Family, lifestyle and/or social circumstances,
Employment details,
Financial details.

When we collect your mobile number, we might use it to text you to remind you of appointments. We will also use it to respond to Klinik submissions, request photographs where appropriate and inform you of any future temporary closures or changes in our opening hours. If you no longer wish to receive communication this way, please let a member of staff know who will be able to update your preferences.

When we collect your email address, we use it to send you any medical information that you have requested via a subject access request. If you no longer wish to receive communication this way, please let a member of staff know who will be able to update your preferences.

Why do we process your data and what legal basis do we have to process your data?

In order to process your personal data or share your personal data outside of the practice, we need a legal basis to do so. If we process or share special category data, such as health data, we will need an additional legal basis to do so.

We rely upon Article 6(1)(e) (public interest task) and Article 9(2)(h) (health and social care) for most of our processing and sharing, in particular to:

Provide you with health and social care,
Share data from, or allow access to, your GP record, for healthcare professionals involved in providing you with health and social care,
Receive data from or access your data on other NHS organisation clinician systems,
Work effectively with other organisations and healthcare professionals who are involved in your care,
Ensure that your treatment and advice, and the treatment of others is safe and effective,
Participate in National Screening Programmes,
Use a computer program to identify patients who might be at risk from certain diseases or unplanned admissions to Hospitals,
Help NHS Digital and the practice to conduct clinical audits to ensure you are being provided with safe, high-quality care,
Support medical research when the law allows us to do so,
Supply data to help plan and manage services and prevent infectious diseases from spreading.

We rely upon Article 6(1)(d) (vital interest) and Article 9(2)(c) (vital interests) to share information about you with another healthcare professional in a medical emergency.

We rely upon Article 6(1)(e) (public interest task) and Article 9(2)(g) (substantial public interest) to support safeguarding for patients who, for instance, may be particularly vulnerable to protect them from harm or other forms of abuse.

We rely upon Article 6(1)(c) (legal obligation) and Article 9(2)(h) to share your information for mandatory disclosures of information (such as NHS Digital, CQC and Public Health England).

We rely upon Article 6(1)(c) (legal obligation) and Article 9(2)(f) (legal claims) to help us investigate legal claims and if a court of law orders us to do so.

We rely upon Article 6(1)(a) (consent) and Article 9(2)(a) (explicit consent), in order to:

Help the practice investigate any feedback, including patient surveys, complaints or concerns you may have about contact with the practice,
Help manage how we provide you with services from the practice, for example, when you nominate individuals to contact the practice on your behalf,
Share your information with third parties, for example, insurance companies and medical research organisations.

We also use anonymised data to plan and improve health care services. Specifically, we use it to:

Review the care being provided to make sure it is of the highest standard,
Check the quality and efficiency of the services we provide,
Prepare performance reports on the services we provide.

Healthcare staff will respect and comply with their obligations under the common law duty of confidence.

How do we collect your data?

The practice collects data that you provide when you:

Receive treatment or care from the practice,
Contact the practice by telephone (all telephone calls received and made by the practice are recorded), online or in person,
Complete a form electronically or in paper,
Visit the practice’s website (If cookies are enabled).

We receive information about you from other providers to ensure that we provide you with effective and comprehensive treatment. These providers may include:

The GP Practices within Drake Primary Care Network
Other GP Practices
NHS Trusts/Foundation Trusts
NHS Commissioning Support Units (CSUs)
Community Services (District Nurses, Rehabilitation Services and out of hours services)
Ambulance or emergency services
Independent contractors such as Pharmacies, Dentists and Opticians
Devon Integrated Care Board (ICB)
NHS Digital
NHS England
Local authorities
Health and Social Care Information Centre (HSCIC)
Police and Judicial Services
Educational Services
NHS 111
Public Health England and Screening
Non-NHS health care providers
Research providers

We also use Klinik which is an online tool that allows you to get advice and treatment, request sick notes and results.

Klinik is provided by a third-party organisation and by using this, you are submitting your information to them. This information is then provided to the practice to be reviewed. Further information on Klinik can be found: https://info.klinikhealthcaresolutions.com/privacy-notice-uk

You can also use Klinik via the NHSApp. Further information regarding the role of NHS England and the practice can be found: https://www.nhs.uk/using-the-nhs/nhs-services/the-nhs-app/privacy/online-consultations/

Alongside Klink we use an SMS system called Accurx. This system allows all surgery employees to send text messages to patients with a valid mobile number and who have given their consent to receive text messages. For more information please visit https://www.accurx.com/security for information on how your data is used.

Who do we share your data with?

In order to deliver and coordinate your health and social care, we may sometimes share information with other organisations. We will only ever share information about you if other agencies involved in your care have a genuine need for it. Anyone who receives information from the practice is under a legal duty to keep it confidential and secure.

Please be aware that there may be certain circumstances, such as assisting the police with the investigation of a serious crime, where it may be necessary for the practice to share your personal information with external agencies without your knowledge or consent.

We may share information with the following organisations:

The GP Practices Knowle House & Tamerton Surgery, Lisson Grove & Woolwell Medical Centre, North Road West Medical Centre & Wycliffe Surgery within the Drake Primary Care Network
Other GP Practices
NHS Trusts/Foundation Trusts
Devon Integrated Care Board (ICB)
NHS Commissioning Support Units
Community Services (District Nurses, Rehabilitation Services and out of hours services)
Ambulance or emergency services
Independent contractors such as Pharmacies, Dentists and Opticians
Local authorities
Multi-Agency Safeguarding Hub (MASH)
Health and Social Care Information Centre (HSCIC)
Police and Judicial Services
Educational Services
Fire and Rescue Services
NHS 111
The Care Quality Commission, ICO and other regulated auditors
Public Health England and Screening
NHS England
NHS Digital
Non-NHS health care providers
Research providers
Drake Medical Alliance

In addition to sharing data with the above services, the practice will also use carefully selected third party service providers that process data on behalf of the practice. When we use a third-party service provider, we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating responsibly to ensure the protection of your data. Examples of functions that may be carried out by third parties includes:

Organisations that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate video consultation, appointment bookings or electronic prescription services; document management services etc.
Organisations who are delivering services on behalf of the practice (for example conducting Medicines Management Reviews to ensure that you receive the most appropriate, up to date and cost-effective treatments or supporting practices in offering choices of providers and appointments to patients who are being referred via the NHS E-Referral system).
Delivery services (for example if we were to arrange for delivery of any medicines to you).
Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

For further information of who we share your personal data with and our third-party processors, please contact

Knowle House Surgery Tamerton Surgery

4 Meavy Way Harwood Avenue

Crownhill Tamerton Foliot

Plymouth Plymouth

PL5 3JB PL5 4NU

01752 705090

d-icb.knowlehousesurgery@nhs.net

Where do we store your data?

We use a number of IT systems and tools to store and process your data, on behalf of the practice. Examples of tools we use include our Core Clinical System TPP, NHSmail, Microsoft 365, Klinik, AccuRx and iGPR.

For further information on this, please contact

Knowle House Surgery Tamerton Surgery

4 Meavy Way Harwood Avenue

Crownhill Tamerton Foliot

Plymouth Plymouth

PL5 3JB PL5 4NU

01752 705090

d-icb.knowlehousesurgery@nhs.net

Summary Care Record (SCR)

NHS England have implemented the SCR which contains information about you; including your name, address, data of birth, NHS number, medication you are taking and any bad reactions to medication that you have had in the past. This information is automatically extracted from your records and uploaded onto a central system.

Many patients who are seen outside of their GP Practice are understandably not able to provide a full account of their care or may not be in a position to do so. The SCR means patients do not have to repeat their medical history at every care setting and the healthcare professional they are seeing is able to access their SCR. The SCR can only be viewed within the NHS on NHS smartcard-controlled screens or by organisations, such as pharmacies, contracted to the NHS.

As well as this basic record, additional information can be added to include further information. However, any additional data will only be uploaded of you specifically request it and with your consent. You can find out more about the SCR here: https://digital.nhs.uk/services/summary-care-records-scr

The SCR improves care; however, if you do not want one, you have the right to object to sharing your data or to restrict access to specific elements of your records. This will mean that the information recorded by the practice will not be visible at any other care setting.

If you wish to discuss your options regarding the SCR, please speak to a member of staff at the practice. You can also reinstate your consent at any time by giving your permission to override your previous dissent.

National Screening Programmes

The NHS provides national screening programmes so that certain diseases can be detected at early stages. These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service. More information on the national screening programmes can be found at: https://www.gov.uk/topic/population-screening-programmes

Research

We are a research practice and work with various providers to deliver research studies and trials. Employees of the practices will access your information in order to determine whether you are suitable to be invited to participate in a study. We will only share your information with the research providers with your explicit consent. Further information regarding the research providers is available upon request.

Clinical Practice Research Datalink (CPRD)

This practice contributes to medical research and may send relevant data to CPRD. CPRD collects de-identified patient data from a network of GP practices across the UK. Primary care data is linked to a range of other health related data to provide a longitudinal, representative UK population health dataset. Further information regarding CPRD can be found here: https://cprd.com/transparency-information

How long do we hold your data?

We only hold your data for as long as necessary and are required to hold your data in line with the NHS Records Management Code of Practice for Health and Social Care 2021 Retention Schedule. Further information can be found online at:

Records Management Code of Practice - NHS Transformation Directorate (england.nhs.uk)

All our calls are recorded and retained for 3 months.

All non-NHS work i.e., private letters, is saved to patient records.

What rights do you have?

You have various rights under the UK GDPR and Data Protection Act 2018:

Right of access:

You have the right to request access to view or request copies of the personal data, we hold about you; this is known as a Subject Access Request (SAR). In order to request access, you should:

We use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for. iGPR manages the reporting process for us by reviewing and responding to requests in accordance with our instructions and all applicable laws, including UK data protection laws.

The instructions we issue to iGPR include general instructions on responding to requests and specific instructions on issues that will require further consultation with the GP responsible for your care. Please note that you are entitled to a copy of your data that we hold free of charge; however, we are entitled to charge in certain circumstances where the law permits us to do so. We are also entitled to refuse a request, where the law permits us to do so. If we require a fee or are unable to comply with your request, we will notify you within 1 calendar month of your request.

Right to restrict or object the use of your information:

There are certain circumstances in which you can object from your data being shared. Information regarding your rights to opt-out is detailed below:

Devon and Cornwall Care Record – privacy notice

Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive.

This shared system is called the Devon and Cornwall Care Record.

It’s important that anyone treating you has access to your shared record so they have all the information they need to care for you. This applies to your routine appointments and also in urgent situations such as going to A&E, calling 111 or going to an out-of-hours appointment.

It’s also quicker for staff to access a shared record than to try to contact other staff by phone or email.

Only authorised staff can access the Devon and Cornwall Care Record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data – just data that services have agreed is necessary to include.

For more information about the Devon and Cornwall Care Record, please go to https://www.devonandcornwallcarerecord.nhs.uk/

ONE DEVON DATASET WHAT IS IT?

As NHS and social care organisations such as local authorities in Devon work ever closer together within our Integrated Care System (ICS) there is an increasing need to legitimately share and link data between its partner organisations within the ICS. The One Devon Dataset brings together this data from health and social care providers across Devon to facilitate the effective Population Health Management.

WHO IS INVOLVED? Participation is open to the many health and social care organisations in Devon such as: GP Practices NHS Trusts Local Authorities

BENEFITS OF THE ONE DEVON DATASET. Linking health and care data held across the system for people in Devon will support:

improvements to direct patient care
increased understanding of the existing use of health and social care services in Devon, including the connections between different services.
a system-wide view of the population’s need for future health and social care services, looking across traditional organisational boundaries.
the ability to improve clinical outcomes.
the ability to identify service improvements opportunities, for instance where patients use multiple services or where there is significant overlap between services.
public health intelligence work fulfilling statutory role of improving the health and wellbeing of people in Devon, including Joint Strategic Needs Assessment, Health Needs Assessments, Health Equity Audits and Health Impact Assessments.
improved outcomes for patients/service users and carers ROLES & RESPONSILBILITIES Controllers make decisions about processing activities. They exercise overall control of the personal data being processed and are ultimately in charge of and responsible for the processing. Joint controllers decide the purposes and means of processing together – they have the same or shared purposes. Controllers will not be joint controllers if they are processing the same data for different purposes. Data Processors act on behalf of the relevant controller and under their authority. In doing so, they serve the controller’s interests rather than their own. July 2022 ODD USE REQUEST BOARD The ODD Use Request Board meets to review any new requests for data sharing and prior to that sharing taking place. Its membership consists of clinicians, Caldicott Guardians and a Data Protection Officer across the Integrated Care System to ensure all aspects of the request are reviewed and validated. All requests whether approved or declined are retained within the library. Re-identification – only those organisations that have direct care responsibilities will receive re-identified data such as a GP surgery. DATA SECURITY & PRIVACY Health and social care organisations across Devon collect data regarding its patients and its care and services. Data protection legislation ensures we keep your data secure and confidential by having in place robust mechanisms with only organisations who have a legitimate reason having access to the data. Legal basis
Article 6 (1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, specifically processing for “the exercising of a function conferred on a person by an enactment or rule of law”
Article 9 (2)(h) processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services The Health & Social Care (Safety & Quality) Act 2015 places a duty on organisations providing health and adult social care services to share data where it facilitates the provision of care to an individual in their best interests, unless the individual objects or it relates to an anonymous access service. HOW LONG IS THE DATA HELD FOR? All data will be held in accordance as per the retention periods set out in NHSX Records Management Code of Practice 2021. Secure disposal to be to levels required by the NHS Data Security & Protection toolkit. If you would like to find out more, contact your health or social care provider directly. YOUR RIGHTS. Data protection legislation allows you to ask for a copy of the data an organisation holds about you. If you would like to see this information you should contact the organisation providing your care. July 2022 You can find out more about your rights from the Information Commissioner’s Office website. Your health or social care provider’s website should also have details on how your data is used. ENQUIRIES AND/OR COMPLAINTS. Should you and an enquiry or wish to raise a complaint these should be directed to the organisation providing your health or social care.

One Devon Dataset

As well as using your data to support the delivery of care to you, your data may be used to help improve the way health and social care is delivered to patients and service users throughout Devon using Population Health Management methods.

We will use a pseudonymised extract (ie. not identifiable information) which will be extracted and held securely by NHS Devon ICB (Integrated Care Board) and in partnership with the Local Authorities. Data will be used to support the Devon Integrated Care System to improve short-term and medium-term health outcomes for local populations. If you would benefit from some additional care or support, your information will be shared back to the practice, or another local provider involved in your care, so that they can offer you direct care.

If you have previously asked the practice to apply a Type 1 opt-out to your medical records, this will be applied by NHS Devon ICB.

Further information about Population Health Management can be found here:

https://www.england.nhs.uk/integratedcare/what-is-integrated-care/phm/

Further information about the One Devon Dataset can be found here:

https://onedevon.org.uk/our-work/services-and-support/population-health-management/

We will rely on public interest task as the legal basis for processing your data for this purpose. You have a right to object to your information being used in this way. If you wish to discuss this further, please contact Knowle House Surgery.

Data Sharing Agreement between Knowle House Surgery and Devon Partnership NHS Trust (DPT)

Devon Partnership Trust (DPT) has procured “SystmOne” from The Phoenix Partnership (TPP), to be its core clinical electronic patient record system. This gives DPT and participating practices the ability to converge patient records and improve pathways and patient experience between primary and secondary care services. The ambition is to achieve this by using the Enhanced Data Sharing Module (EDMS) in SystmOne.

Information to which this Agreement relates to must be handled in accordance with the appropriate legislative and regulatory environment and each organisation’s relevant policies and procedures.

Knowle House signed an agreement to share between primary and secondary care if the patient has Opted in to sharing in and out of SystmOne.

Consent:

If the practice is relying on the consent as the basis for processing your data, you have the right to withdraw your consent at any time. Once you have withdrawn your consent, we will stop processing your data for this purpose.

However, this will only apply in circumstances on which we rely on your consent to use your personal data. Please be aware that if you do withdraw your consent, we may not be able to provide certain services to you. If this is the case, we will let you know.

National Screening Programmes:

If you do not wish to receive an invitation to the screening programmes, you can opt out at https://www.gov.uk/government/publications/opting-out-of-the-nhs-population-screening-programmes or speak to the practice.

Type 1 Opt-out:

You have the right to object to your confidential patient data being shared for purposes beyond your direct care by asking the practice to apply a Type 1 opt-out to your medical records. A type 1 opt-out prevents personal data about you, being extracted from your GP record, and uploaded to any other organisations without your explicit consent. If you wish for a Type 1 opt-out to be applied to your record, please contact the surgery or submit a Klinik request informing us of your decision.

Please note that the type 1 opt-out is not available and therefore you will be unable to object to your data being shared with NHS Digital when it is legally required under the Health and Social Care Act 2012.

National Data Opt-out:

You have the right to object to your data being shared under the national data opt-out model. The national data opt-out model provides an easy way for you to opt-out of sharing data that identifies you being used or shared for medical research purposes and quality checking or audit purposes.

To opt-out of your identifiable data being shared for medical research or to find out more about your opt-out choices please ask a member of staff or go to NHS Digital’s website:

https://digital.nhs.uk/services/national-data-opt-out-programme

Our organisation is currently compliant with the national data opt-out policy.

Cancer Registry:

The National Cancer Registration and Analysis Service is run by Public Health England and is responsible for cancer registration in England, to support cancer epidemiology, public health, service monitoring and research.

Further information regarding the registry and your right to opt-out can be found at: https://www.gov.uk/guidance/national-cancer-registration-and-analysis-service-ncras

Right to rectification:

You have the right to have any errors or mistakes corrected within your medical records. This applies to matters of fact, not opinion. If the information is of clinical nature, this will need to be reviewed and investigated by the practice. If you wish to have your records amended, please submit a Klinik request. Your request will then be sent to the relevant department for actioning.

If your personal information changes, such as your contact address or number, you should notify the practice immediately so that we can update the information on our system. We will also ask you from time to time to confirm the information we hold for you, is correct.

Right to erasure:

The practice is not aware of any circumstances in which you will have the right to delete correct data from your medical record, which the practice is legally bound to retain. Although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the data and contact the practice if you hold a different view.

Right to complain:

Please let us know if you wish to discuss how we have used your personal data, raise a concern, make a complaint or compliment. Please address these to Miss Kerry Fitch at –

Knowle House Surgery Tamerton Surgery

4 Meavy Way Harwood Avenue

Crownhill Tamerton Foliot

Plymouth Plymouth

PL5 3JB PL5 4NU

01752 705090

d-icb.knowlehousesurgery@nhs.net

You also have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link: https://ico.org.uk/global/contact-us/ or call the helpline on 0303 123 1113.

Data outside EEA

We do not send your personal data outside of the EEA. However, if this is required, the practice would only do so, with your explicit consent.

Data Protection Officer

The Data Protection Officer for the practice is Natalie Thompson-Clarke and she can be contacted via email on d-icb.deltdpo@nhs.net or by post: Delt Shared Services Limited, BUILDING 2 – Delt, Derriford Business Park, Plymouth, PL6 5QZ.

Cookies

The practice’s website uses cookies. A cookie is a small file, typically of letters and numbers, downloaded on to a device (like your computer or smart phone) when you access certain websites. Cookies allow a website to recognise a user’s device. Some cookies help websites to remember choices you make (e.g. which language you prefer if you use the Google Translate feature). Analytical cookies are to help us measure the number of visitors to our website. The two types the practices uses are ‘Session’ and ‘Persistent’ cookies.

Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time. We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.

What can I do to manage cookies on my devices?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/ If you are concerned about cookies and would like to discuss this, please contact

Knowle House Surgery Tamerton Surgery

4 Meavy Way Harwood Avenue

Crownhill Tamerton Foliot

Plymouth Plymouth

PL5 3JB PL5 4NU

01752 705090

d-icb.knowlehousesurgery@nhs.net

Changes to privacy notice

The practice reviews this privacy notice regularly and may amend the notice from time to time. If you wish to discuss any elements of this privacy notice, please contact

Knowle House Surgery Tamerton Surgery

4 Meavy Way Harwood Avenue

Crownhill Tamerton Foliot

Plymouth Plymouth

PL5 3JB PL5 4NU

01752 705090

d-icb.knowlehousesurgery@nhs.net

Cookies on the Knowle House Surgery website

Privacy Policy

Clinical Practice Research Datalink (CPRD)

How long do we hold your data?

Further Information