Practice Policies & Patient Information
About your Data
How we use your medical records – Important information for patients
Summary of General Data Protection Regulation 2018
What is GDPR?
The General Data Protection Regulation (GDPR) is the latest update to the Data Protection Act 1998 regulation and will apply from 25th May 2018. The legislation strengthens existing requirements, introduces new concepts and imposes greater emphasis on demonstrating compliance and significantly greater penalties for wrongdoings.
What are your rights?
Your fundamental rights have not changed, but they have been enhanced.
As an individual you have the right to:
- Know what data is collected about you, what it is used for, how long it will be kept and who it is shared with
- Access your personal data
- Request that inaccurate data about you is corrected or that incomplete data is completed
- Ask for personal data held about you to be removed from your records (This is likely to exclude information that is necessary to your care)
- Restrict processing of your personal data which means you can limit how your data is used by us
- Data portability (this is new) – allows individuals to obtain and reuse their personal data for their own purposes across different services (ICO, no date)
- Object to the processing or use of your personal data
- To not be subject to automated decision-making including profiling
More information about your rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Please note that the practice does not assume any responsibility for the information detailed on the ICO website.
Our duty
Our duty as a data controller is to share with you how we intend to use your information. This intention is detailed within a privacy notice that is available in the Surgery as well as here. Please see the resources below.
Data Protection Officer (DPO)
A DPO is a designated individual who takes responsibility for data protection and compliance.
Our identified DPO is:
Lucy Hunt, Senior IG Consultant and DPO, SCW
Contact Lucy via: bnssg.stmarystreetsurgery@nhs.net
Our Privacy Notices
Privacy Notice – Appendix A – Organisations with whom information is shared
Privacy Notice for children aged 13-16
COVID -19 Supplementary Privacy Notice
Population Health Management Information
Last updated: 16.7.24
References:
Information Commissioner’s Office (no date.) ‘Right to Data Portability’. Available at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/
NHS Contractual Requirements
Practice Income – 2023
All GP practices are required to declare the mean earnings (i.e. average pay) for GPs working to deliver NHS services to patients at each practice.
The average pay for GPs working in St Mary Street Surgery in the last financial year was £87,093 before tax and National Insurance. This is for 1 full time GP, 5 part time GPs and 0 locum GPs who worked in the practice for more than six months.
Fair Processing Notice
St. Mary Street Surgery provides general health and care services to its local population. Medical records are held by the Surgery to enable safe and efficient care to each of our patients.
We are committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 1998, the Common Law Duty of Confidentiality and the Human Rights Act 1998. Personal data will only be processed with the consent of the individual for the purpose of administering medical care. Any information provided will be securely held on a password-protected database, compliant with ISO27001, with access restricted to named individuals who require access as part of their normal duties.
Everyone working for the NHS including us at this Surgery is subject to the Common Law Duty of Confidence. Under the NHS Confidentiality Code of Conduct all our staff are also required to protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared unless there is a legal exemption.
All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. Staff with access to patient identifiable information have received appropriate on-going training to ensure they are aware of their responsibilities and staff are granted access to personal data on a need-to-know basis only.
Information sharing for your benefit is sometimes necessary. This is most commonly with other health and care providers including social services.
All information is submitted to and from the Practice via a secure pathway. The information is encrypted whilst in transit. Information will not be shared with any other third parties, except where required by Law, without the express consent of the individual. Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK.
At any time you have the right to refuse/ withdraw consent to information sharing. The possible consequences will be fully explained to you and could include delays in receiving care.
If you have any questions or concerns regarding the information we hold on you or the use of your information, please contact the Operational Practice Manager here at St. Mary Street Surgery:
For independent advice about data protection, privacy and data-sharing issues, you can contact the Caldicott Guardian at:
Dr. Andrew Appleton, CCG Clinical Lead for Information Management and Technology (IMT)
Email: contactus@southgloucestershireccg.nhs.uk (mark messages FAO Dr Andrew Appleton, Caldicott Guardian)
All information held will be securely destroyed when no longer required. In line with Section 7 of the Act you will be provided with a copy of any information we hold on you, on request.
NHS Digital Data Extraction
This page concerns your type 1 and national data opt out preferences.
In a letter dated 19th July 2021 to all GPs, Parliamentary Under Secretary of State, Jo Churchill set out a new process for commencing data collection, moving away from a previously fixed date of 1 September 2021 which is discussed here below.
Please be informed that:
- Your GP holds your health record, and it is used by them and other parts of the NHS for your direct care.
- NHS Digital also uses some of this data for research, planning, and improving the NHS for everyone.
About the General Practice Data for Planning and Research programme
NHS Digital is making improvements to how data is collected from general practice, this new framework for data extraction is called the General Practice Data for Planning and Research data collection (GPDPR). The goal of this new system is to:
- reduce burden on GP practices in managing access to patient data and maintain compliance with relevant data protection legislation
- improve protections through the consistent and rigorous review of all applications for access to patient data
- make it easier for patients to understand how their health and care data is being used, including increasing use of Trusted Secure Environments that avoids data flowing outside the NHS
This new NHS Digital service will collect data from GP practices in England and will analyse and publish statistical data and provide safe, secure, lawful and appropriate access to GP data for health and social care purposes. This will include planning, commissioning, policy development, public health purposes (including COVID-19) and research.
NHS Digital is engaging with the British Medical Association (BMA), Royal College of General Practitioners (RCGP) and the National Data Guardian (NDG) to ensure relevant safeguards are in place for patients and GP practices.
Protecting patient data
All data will be pseudonymised and encrypted by your GP system suppliers on your behalf before it is transferred to NHS Digital. Access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed, e.g. written consent for a research study.
As with the COVID-19 collection, access to the data will be through the NHS Digital Data Access Request Service (DARS) and will be subject to a robust approvals process, which includes oversight by the Independent Group Advising on Release of Data (IGARD) and a Professional Advisory Group, which is made up of representatives from the BMA and RCGP.
TYPE 1 OPT OUTS – Opting out of sharing your Data outside your GP Practice
If you don’t want your identifiable patient data to be shared for purposes except for your own care, you can opt-out by registering a Type 1 Opt-out or a National Data Opt-out, or both.
These opt-outs are different and they are explained in more detail below.
Your individual care will not be affected if you opt-out using either option.
Opt-outs
While 1 September 2021 has been seen by some as a cut-off date for opt-out, after which data extraction would begin. This will not be the case and data extraction will not commence until the tests have been met.
Three changes are being introduced to the opt-out system which mean that patients will be able to change their opt-out status at any time:
- Patients do not need to register a Type 1 opt-out by 1 September to ensure their GP data will not be uploaded
- NHS Digital will create the technical means to allow GP data that has previously been uploaded to the system via the GPDPR collection to be deleted when someone registers a Type 1 opt-out
- The plan to retire Type 1 opt-outs will be deferred for at least 12 months while we get the new arrangements up and running, and will not be implemented without consultation with the RCGP, the BMA and the National Data Guardian.
Together, these changes mean that patients can have confidence that they will have the ability to opt-in or opt-out of the system, and that the dataset will always reflect their current preference. It is essential to ensure that it is easy for patients to exercise their choice to opt out.
National Data Opt-Outs (opting out of NHS Digital sharing your data)
- NHS Digital will collect data from GP medical records about patients who have registered a National Data Opt-out. The National Data Opt-out applies to identifiable patient data about your health, which is called confidential patient information.
- NHS Digital won’t share any confidential patient information about you – this includes GP data, or other data we hold, such as hospital data – with other organisations, unless there is an exemption to this. For example:- If your GP has a legal Obligation to share the data or if it is in the public interest.
- To find out more information about how to register a National Data Opt-Out, please read the GP Data for Planning and Research Transparency Notice.
Data Security and Governance
The Government has committed that access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed e.g. written consent for a research study. This is intended to give both GPs and patients a very high degree of confidence that their data will be safe and their privacy protected.
The TRE will be built in line with best practice developed in projects, such as OpenSAFELY and the Office for National Statistics’ Secure Research Service.
A transparent approach is being adopted, including publishing who has run what query and used which bit of data. A TRE is being developed which will meet these specific needs and act as ‘best in class’.
Data collection will commence only once the TRE is in place. The BMA, RCGP and the National Data Guardian will have oversight of the proposed arrangements and are satisfied with them before data upload begins.
The previously published Data Provision Notice for this collection has been withdrawn.
Once the data is collected, it will only be used for the purposes of improving health and care. Patient data is not for sale and will never be for sale.
Transparency, communications and engagement
There has been a great deal of concern regarding the lack of awareness amongst the healthcare system and patients. The need to strengthen engagement, including opportunities for non-digital engagement and communication is recognised.
Since the programme has been paused, an engagement and communications campaign has been developed, with the goal of ensuring that the healthcare system and patients are aware and understand what is planned, and can make informed choices. The public rightly look to and trust general practice. Through a centrally driven communication campaign, with clear messages, the campaign seeks to ensure that the introduction of this collection does not impose an additional burden on practices.
A communications strategy delivered through four phases is being developed. The four phases include:
- Listening – listen to stakeholders and gather views on how best to communicate with the profession, patients and the public and give them the opportunity to inform the development of the programme in areas such as opt-outs, trusted research environments and other significant areas
- Consultation – a series of events that explain the programme, listen and capture feedback and co-design the information campaign
- Demonstration – show how feedback is being used to develop the programme and shape communications to the healthcare system and the public
- Delivery – of an information campaign to inform the healthcare system and the public about changes to how their GP data is used, that utilises the first three phases to ensure the campaign is accessible, has wide reach and is effective
Data saves lives. The vaccine rollout for COVID-19 could not have been achieved without patient data. The discovery that the steroid Dexamethasone could save the lives of one third of the most vulnerable patients with COVID-19 on ventilators, could not have been made without patient data from GP practices in England. That insight has gone on to save a million lives around the globe. That is why this programme is so important.
Further information will be provided as the programme progresses. In the meantime, if you have any questions, you can contact the programme at enquiries@nhsdigital.nhs.uk.
The NHS Digital web pages also provide further information at https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research#additional-information-for-gp-practices.
Q&A NHS Digital & Data Collections
Why NHS Digital collects general practice data?
- NHS Digital is the national custodian for health and care data in England and has responsibility for standardising, collecting, analysing, publishing and sharing data and information from across the health and social care system, including general practice.
- NHS Digital collected patient data from general practices using a service called the General Practice Extraction Service (GPES), now known as GPDPR which has operated for over 10 years and now needs to be replaced.
- NHS Digital has engaged with doctors, patients, data and governance experts to design a new approach to collect data from general practice that:
- reduces burden on GP practices
- explains clearly how data is used
- supports processes that manage and enable lawful access to patient data to improve health and social care
Does NHS Digital sell my Data to third parties?
The NHS shares some data, in which nobody can identify you, with trusted third parties, in order to improve the NHS for you and everyone else.
This includes with:
- NHS planners
- university researchers
- scientists researching medicines
We only share data when there is a proven benefit to the NHS, and access is strictly controlled.
Your data is not shared for commercial purposes. Your data is not shared with insurers. Your data is not sold.
Please see our Privacy Notice for further information on how else your data might be shared by the practice.
If you want any more information, please contact our Data Protection Officer kelly@almc.co.uk
Practice Figures and Audit
Audit, the process of measuring quality of care and making appropriate changes to improve it, has always been an important part of general practice. Although there have been active efforts to try to coordinate audit activity within local groups of practices to produce meaningful comparative data, this has never until recently been achieved comprehensively at a national level. Avon Health Authority, while it existed, had always been innovative in encouraging audit within practices and provided expertise and methods enabling practices could compare their figures with each other within the Bristol area.
In 2004, changes were made to the way GP practices were measured by the Primary Care Trusts and government, under the “New Contract”. Each year, anonymised data (i.e. individual patients cannot be identified) is collected from the practices’ computer systems, such as the numbers of patients with certain conditions e.g. hypertension, diabetes, asthma etc. There are arbitrary targets set by government with regard to these conditions e.g numbers of those with blood pressure control below a certain level, and the practice performance is measured as to what proportion of patients meet those targets.
Figures are available for the previous year on www.gpcontract.co.uk
Practice Policies
Modern General Practice necessitates the continual development and revision of an extensive range of managerial and clinical policies. These are available for viewing under the Freedom of Information Act.
The list of policies include:
Administrative:
Harassment Policy
Equal Opportunities Policy
Procedure for Employment of a Locum
Whistleblowing Policy for St Mary Street Surgery
Protocol for the Collection of Medical Documentation
Procedure for GPs Returning Patient Telephone Calls
Recruitment Procedure
Violence Awareness Policy
Computer Virus
Doctors Leave Arrangement
Policy for Patient Access
Policy – Nurse Holiday/Leave
Policy for Registering a New Patient
Protocol for Backup Strategy of EMIS PCS
Policy Following The Death of a Patient
Policy for Removal of Patients from the Practice List
Procedure for the Transfer of Patient Information Out of Hours Between GPs
Procedure for Identification and Disposal of Time Expired Medicines and Equipment
Protocol for the Management and Security of Controlled Drugs
Procedure on Receiving a Safety Alert
Requesting of Patient Medical Records
Identification of Carers Protocol
Receipt and Dispatch of Patient Medical Records (Form FP 5A or 6B)
Petty Cash Procedure
Clinical:
St Mary Street nGMS Exception Policy
Protocol for Identification and Follow Up of Cervical Smear Defaulters
Child Protection Policy
Smoking Cessation Protocol
North Bristol NHS Trust – Antenatal Care Procedures
Procedure for Notifying Patients of Cervical Smear Results
Protocol for DATA Caption and Summarising GP Medical Records
Procedure for Notifying OOH Service Provider of Patients Requiring Palliative Care
BP Management Protocol
Emergency Contraception Policy
Preconception Policy
Electronic results Policy
Wart Clinic Protocol
Preconceptual Advice Protocol
Policy for Auditing of Cervical Screening Service
Home visiting policy
Copies are available to view by contacting the surgery on 01454-413691, or e-mail bnssg.stmarystreetsurgery@nhs.net
Suggestions, Compliments and Complaints
We aim to provide a friendly, personal and efficient service, and are always keen to hear your views about the practice, positive as well as negative. If you have any feedback, suggestions or concerns about our service that you would like to share, please let us know by speaking to a member of staff with whom you feel most comfortable speaking to.
If we are unable to help you in this way and you feel we have not dealt with the issues you have raised, please write to the Practice Manager (Emma Williams).
E-mail address: bnssg.stmarystreetsurgery@nhs.net
The practice has a formal complaints process and information about this is available on request. We would normally expect any problems to be dealt with in this way. If however, having used this, you feel that we have not dealt with the matter as you would have wished, you have the option of :
- speaking to NHS England who has responsibility for primary care in South Gloucestershire including GP practices, dental practices, opticians and pharmacies. People with complaints or concerns about a GP practice, dental practice, optometry practice (optician) or pharmacy will need to contact either the individual practice or the NHS England Customer Contact Centre: tel 0300 311 22 33, england.contactus@nhs.net, PO Box 16728, Redditch B97 9PT
- alternatively contact the Healthcare Commission, Finsbury Tower, 103-105 Bunhill Road, London EC1 8TG, telephone 0207 448 9200
Or can contact the Patient Advice and Liaison Service (PALS)
0117 947 4477 or 0800 073 0907
Suite 15, Corum 2
Corum Business Park
Warmley
BS30 8FJ
jenkins@swcsu.nhs.uk
The South Gloucestershire Clinical Commissioning Group (CCG) has responsibility for commissioning hospital, mental health, community and GP out of hours services. People with complaints or concerns about hospital care can contact either the individual hospital or the CCG via PALs as above.
Teaching
We are a Training Practice, which means that we introduce qualified doctors to general practice for a period of anywhere between 4-12 months.
This grade may be as a Registrar who has completed several years of hospital training, and is in a final supervised year in General Practice before becoming a fully qualified GP.
More recently, changes to junior hospital doctor training has meant that more doctors are being exposed to General Practice at an earlier part of their medical career.
These doctors are called F2s, and will alternate with Registrars. Another type of doctors in supervision and training is a Returner. These are usually experienced GPs who have taken a career break from front line general practice, and have taken the decision to return. This requires a minimum period of supervised assessment at a training practice.
In a training practice, consultations are occasionally video-recorded for teaching purposes to see how consultations can be improved. You will be invited to give your written consent to this at the time of the consultation both before and afterwards (and we fully understand if you decline).
Video recording of consultations are maintained under the same strict rules as ordinary medical records, and are deleted once their teaching purpose has been realised.
In addition to doctors in training, we usually have a cohort of Medical Students attached to the practice as part of their first year teaching for a day a week either in the Autumn or Spring term. It is an important part of their course to observe consultations and patient experience in a general practice setting.
Approximately 50% of medical graduates will go on to become GPs, and it is also vital for the remainder to learn how primary care accounts for around 70% of health care activity within the NHS. Therefore patients may occasionally be asked if they agree for medical students to sit in during their consultation, or if they will consent to a face to face interview about their health experiences.
We hope you will feel able to help train doctors for the future, but of course you may decline.
If you are a prospective registrar, F2, returner or medical student and would like to learn more about GP training then please follow this link