COVID-19 and your information – Updated on 20th May 2020
Supplementary privacy notice on Covid-19 for Patients
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice below.
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on the gov.uk website and there are also some FAQs on this law.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-Outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access Requests (SARs), Freedom of Information requests (FOIs) and new opt out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information included health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text message or email.
During this period of emergency we may offer you a consultation via telephone or video conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response can be found on this NHSX page.
NHS England and Improvement and the NHSX have developed a single, secure store to gather data from across the health and care system to information the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patient themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
General Data Protection Regulations and Data Protection Bill 2018
The European Union have been working to tighten up the regulations relating to data protection and security and the UK version of this will be the Data Protection Bill 2018 that comes into law on the 25th May 2018. The Bill will apply and remain post-exit from the European Union.
Further information on the GDPR can be found at the Information Commissioners Office website, but it is important to view our own Privacy and Confidentiality notices.
Please click any of the documents below for further reading:
Read about our Subject Access Request Policy
We are committed to protecting the privacy of all individuals using this website.
This policy explains how we use any personal information we collect from you through this website.
Collection of personal information
You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.
Use of personal information
We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:
We shall use your personal information to administer, and may respond to, your request.
We shall securely store the information you supply together with any response we may provide.
If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.
This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.
All data obtained by us is held and used in compliance with the Data Protection Act 2018.
This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.
Access to your personal information
You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.