Grove Medical Centre and Your Information
Grove Medical Centre aims to provide you with the highest quality health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
Your doctor and other health professionals caring for you, such as nurses or physiotherapists, have a duty to ensure that your personal confidential data is kept confidential, secure and used appropriately. They will keep records about your health and treatment so that they are able to provide you with the best possible care.
These videos will help explain some of the ways your information may be used and you may want to have a look at them to get a better understanding before getting involved in the details below.
Grove Medical Centre takes your privacy very seriously. We are registered with the Information Commissioner’s Office (ICO) as a Data Controller and our registration number is Z5677133.
If you have any questions or wish to make a request in relation to your information, please contact us at;
Grove Medical Centre
Our Data Protection Officer (DPO) may be contacted at:
The records we keep about you are called your ‘health care record’ and may be stored in paper form or on computer and electronic systems and will include;
- Personal data, basic details about you, such as address, date of birth, NHS number, and next of kin
- Sensitive personal data which may include (but is not limited to) information about your health, health care and treatments you may have received, racial or ethnic origin or genetic information
We have a duty of confidence attached to information we hold and process and apply Common Law Duty of Confidentiality requirements.
Where a legal basis does not exist to use your personal or confidential information we will not do so.
Healthcare providers are permitted to collect, store, use and share your information under Data Protection Legislation which has a specific section related to healthcare information.
What do we do with your information?
There are a number of uses to which we may put your information. This could include;
- Referring you to other healthcare providers when you need other service or tests
- Sharing samples with laboratories for testing (like blood samples)
- Sharing test results with hospitals or community services (like blood test results)
- Allowing out of hours or extended hours GPs to look at your health record when you are going to an appointment
- Sending prescriptions to a pharmacy
- Texting you in relation to healthcare services
- Labelled samples which are provided to the courier for delivery to pathology
- Sharing reports with the coroner
- Producing medical reports on request from third parties such as the DVLA or your employer where we have your consent to do so
- Transferring Patient records to Primary Care Support England
We may also receive information about you from other organisations. For example;
- Reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital
A list of the partners that we usually share with is included at the end of this notice.
Grove Medical Centre has signed a Suffolk Wide Information Sharing Agreement which allows health and social care providers to agree a secure and lawful way to share your information.
What else do we do with your information?
Along with activities related directly to your care, we also use information in ways which allow us to check that care is safe and provide data for the improvement and planning of services.
- Quality / payment / performance reports are provided to service commissioners
- As part of clinical research – information that identifies you will be removed, unless you have consented to being identified
- Undertaking clinical audits within the practice
- Supporting staff training
- Incident and complaint management
CCTV is in place in the car park and public areas of our practice.
It has been installed solely for the safety and security of our patients and staff to prevent and deter crime.
Images are recorded 24 hours a day and stored on the hard drives of the recording devices that are situated in secure areas and only authorised staff and those delivering technical support services will have access to the system.
The CCTV only records images and does not record audio.
All CCTV recordings are stored on our recording devices for thirty days before being deleted.
There are signs in the practice telling you that CCTV is in place.
We will only ever share information with the relevant authorities in connection with the safety and security of patients and staff and will not share with any other third parties.
Visitors to the practice have the right to request to see images of themselves on CCTV as part of a request made under the privacy legislation. Like all subject access requests, it should be made in writing.
We have followed the CCTV guidelines produced by the Information Commissioners’ Office.
Sharing when Required by Law
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.
Information Access and Rights
Data protection law provides you with a number of rights that the practice is committed to supporting you with;
Right to Access
You have the right to obtain:
- confirmation that your information is being used, stored or shared by the practice
- a copy of information held about you
We offer patients access to view their medical record on-line, together with other services such as ordering prescriptions and booking appointments via GP On-Line. You may register for this service subject to some rules and guidance which is on this website.
Access to your medical record is limited but should provide you with the information you need. If you require additional or more detailed information you may make a subject access request to the practice.
We will respond to your request within one month of receipt or will tell you when it might take longer.
We are required to validate your identity including the identity of someone making a request on your behalf
Right to Object or Withdrawn Consent
We mainly use, store and share your information because we are permitted to do so in order to deliver your healthcare but you do have a right to object to us doing this.
Where we are using, storing and sharing your information based on explicit consent you have provided, you have a right to withdraw that consent at any time.
Our Data Protection Officer will be happy to speak with you about any concerns you have.
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it. However there may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this. You may request that the information is not used until such time as the issue has been resolved to your satisfaction.
We will respond to your request within one month of receipt or will tell you when it might take longer.
You also have the right to make a complaint and request investigations into the way your information is used. Please contact our Data Protection Officer who will be able to help you.
If you believe that your complaint has not been satisfactorily dealt with you may contact the Information Commissioners Office at:
Information Commissioner's Office
Telephone: 0303 123 1113 or 01625 545 745
or visit their website at:
Information Commissioners Office
Sometimes your information will be used to identify whether you need particular support from us.
Those involved in your care might look at particular ‘indicators’ (such as particular conditions) and contact you or take action for healthcare purposes. For example, this might be to prevent you from having to visit accident and emergency by supporting you in your own home or in the community.
We will use automated technology to help us to identify people that might require support but ultimately, the decision about how or whether to provide extra support you is made by those involved in your care.
Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.
Suffolk GP Federation
Our practice uses Suffolk GP Federation to support us in the delivery of some of our services such as providing appointments when our practice is closed or providing some community based services.
Please click the link below for more information about who they are and what they do.
The practice uses third parties to provide services that involve your information such as;
- Removal and destruction of confidential waste
- Provision of clinical systems
- Provision of connectively and servers
- Digital dictation services
Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery)
We have contracts in place with these third parties that prevent them from using it in any other way than instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.
How do we protect your Information?
We are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;
Staff receive annual training about protecting and using personal data
Policies are in place for staff to follow and are regularly reviewed
We check that only the minimum amount of data is shared or accessed
We use ‘smartcards’ to access systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
We report and manage incidents to make sure we learn from them and improve
We put in place contracts that require providers and suppliers to protect your data as well
We do not send your data outside of the EEA
How Long Do We Keep Your Information?
In line with the Department of Health Code of Practice, we will retain / store your health record for your lifetime. When a patient dies, we will review the record and generally it will be destroyed 10 years later, unless there is a reason to keep it for longer.
If you move away or register with another practice, we will send your records to the new practice.
Where can I get more information?
The following links provide information regarding the processing of data;
- The Information Commissioners Office which contains lots of information for individuals and organisations;
- The main piece of legislation in the UK which governs how organisations process personal information is “The Data Protection Act 2018”. This is a link to the legislation;
- The NHS has produced a document which can be found at:
- GP services are commissioned for the people of East Suffolk by the Ipswich and East Suffolk Clinical Commissioning Group (CCG) their website is here;
- Information from the NHS on “Care Data” security and consent can be found here
Grove Medical Centre Routine Sharing Partners
Please click on Table of sharing partners January 2019 to see a list of our sharing partners.