We are an Independent GMS practice contracted by BCUHB. We serve a practice population of 6,400 people across 2 sites and employ 15 staff to include General Practitioners, Advanced Nurse Practitioners, Nurse Practitioner, Practice Nurses, and administration staff.
What is a privacy notice?
This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.
Why issue a privacy notice?
Penrhyn Bay Medical Centre recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties.
This notice also explains what rights you have to control how we use your information.
What are we governed by?
The key pieces of legislation/guidance are:
- General Data Protection Regulations
- Human Rights Act 1998 (Article 8)
- Access to Health Records Act 1990
- Freedom of Information Act 2000
- Health & Social Care Act 2012, 2015
- Public Records Act 1958
- Copyright Design and Patents Act 1988
- The Re-use of Public Sector Information Regulations 2015
- The Environmental Information Regulations 2004
- Computer Misuse Act 1990
- The Common Law Duty of Confidentiality
- Information Security Management – NHS Code of Practice
Who are we governed by?
- Department of Health
- Information Commissioners Office
- Health Inspectorate Wales
- NHS Wales
- General Medical Council (GMC)
Why and how we collect information
Information which can be accessed, where there is a need, includes:
- personal information, such as name, date of birth, gender;
- hospital admission, attendances and referral dates;
- vaccinations and immunisations;
- test results, including measurements such as blood pressure;
- diagnoses (current and post problems);
- treatment and medical procedures
How we use information
- To help inform decisions that we make about your care
- To ensure your treatment is safe and effective
- To work effectively with other organisations who may be involved in your care
- To support the health of the general public
- To ensure our services can meet future needs
- To review care provided to ensure it is of the highest standard possible
- To train healthcare professionals
- For research and audit
- To prepare statistics on performance
- To monitor how we spend public money
There is a huge potential to use your information to deliver care and improve health and care services across the NHS and social care. The information can be used to help:
- Improve individual care
- Understand more about disease risks and causes
- Improve diagnosis
- Develop new services
- Improve patient safety
- Evaluation of policy/procedures/pathways
It helps because
- Accurate and up to date information assists us in providing you with the best possible care
- If you see another healthcare professional, specialist from another part of the NHS, they can readily access the information they need to provide you with the best care possible
- Where possible, when using information to inform future services and provision, non-identifiable information will be used.
Who will we share your information with?
In order to deliver and coordinate your health and social care, we may share information with the following organisations:
- Local GP Practices within our cluster in order to deliver extended primary care services
- NHS (Betsi Cadwalder Health Board)
- Out of Hours Service
- Local Social Services and Community Care Services
- Voluntary Support Organisations commisions to provide services by Betsi Cadwalder Health Board
Your information will only be shared if it is appropriate for the provision of your care or required to satisfy our statutory functions and legal obligations.
Your information will not be transferred outside of the European Union.
Whilst we might share your information with the above organisations, we may also receive information from them to ensure that your medical records are kept up-to-date and so that your GP can provide the appropriate care.
In addition we receive date from Public Health Wales such as uptake of flu vaccinations and disease prevalence in order to ssist us to improve "out of hospital care".
Sharing of Electronic Patient Records within the NHS
Electronic patient records are now commonplace. Our local electronic systems (such as SystemOne, EMIS, Vision, Egton and Eclipse) allow us to share your record with organisations involved in your direct care, such as:
- GP practices
- Community services such as district nurses, rehabilitation services, telehealth and out of hospital services
- Child health services that undertake routing treatment or health screening
- Urgent care organisations, minor injury units or out of hours services
- Community hospitals
- Palliative care hospitals
- Care homes
- Mental Health Trusts
- Social Care organisations
In addition, NHS Wales have implemented the Summary Care Record which contains information including the medication you are taking and any adverse reactions to medication that you have had in the past. In most cases, particularly for patients with complex conditions and care arrangements, the shared electronic health record plays a vital role in delivering the best care and a coordinated response, taking into account all aspects of a person's physical and mental health. Many patients are understandably not able to provide a full account of their care, or may not be in a position to do so. The shared record means patients do not have to repeat their medical history at every care setting.
Your record will be automatically set up to be shared with the organisations listed above. However you have the right to ask the GP to disable this function or restrict access to specific elements of your record. In this way the information recorded by your GP will not be visible at any other care setting. If you change your mind you can reinstate your consent at any time.
How will my information be kept secure and confidential?
Your GP medical record is stored on a secure computer system and access to it is strictly controlled. All of the practices within the cluster, and the local health board, will have signed an agreement to confirm that they will follow the strict controls in place around the computer system itself, and around any staff who are allowed to access the system. Everyone working within the cluster has a legal, contractual and professional duty to keep information about you secure and confidential.
Is there a danger someone else could hack into my record or that my information could be lost?
Contracts are in place with the supplier of the clinical computer systems to ensure that they have robust security measures installed. These measures will prevent any information from being accessed without permission, lost or accessed inappropriately by a third party.
Your NHS number, keep it safe
Every person registered with the NHS in England and Wales has their own unique NHS number. It is made up of 10 digits for example 123 456 7890.
Your NHS number is used by healthcare staff to identify you correctly. It is an important step towards improving the safety of your healthcare. To improve safety and accuracy always check your NHS number on correspondence the NHS sends to you.
If you don’t know your NHS number, ask at the Practice. You may be asked for proof of identify for example a passport of other form of identity. This is to protect your privacy.
For further information
If you would like additional information you can discuss the sharing of your medical records with a member of our Management Team, GP or any other member of the healthcare team.