The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.
The regulation applies from 25th May 2018 and will apply even after the UK leaves the EU.
What GDPR will mean for our patients
The GDPR sets out the key principles about processing personal data, for staff and patients.
- Data must be processed lawfully, fairly and transparently.
- It must be collected for specific, explicit and legitimate purposes.
- It must be limited to what is necessary for the purposes for which it is processed.
- Information must be accurate and kept up to date.
- Data must be held securely.
- It can only be retained for as long as it necessary for the reasons it was collected.
Patient Privacy Notice (DOCX, 118KB)
General Practice Data for Planning and Research (GPDfPR)
As well as using your information to support the delivery of care to you, your data may be used by NHS Digital to help improve the way health and social care is delivered to patients and service users throughout England. From 1 September 2021, NHS Digital will securely extract your information to provide access to patient data to the NHS and other organisations who need to use it, to improve health and social care for everyone.
NHS Digital will primarily use your information in a way that does not identify you (your information will be pseudonymised). However, they will be able to use their software to identify you in certain circumstances, and where there is a valid legal reason to do so. NHS Digital may also share your information with third parties such as Local Authorities, Primary Care Networks (PCNs), Clinical Commissioning Groups (CCGs), research organisations, including universities and pharmaceutical companies.
At the time of publication (May 2021), patients who have a “type 1” opt- out, will be excluded from this programme and will not have their data extracted for this purpose. Further information about GPDfPR can be found here: digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/transparency-notice.
We will rely on Legal Obligation (Article (6)(1)(c)), Health and Social Care (Article 9(2)(h)) and Public Health (Article (9)(2)(i)) as the legal basis for processing your data for this purpose.
Privacy Statement (DOCX, 25KB)
We share your medical records with other services treating you.
For full details, please see our patient leaflet “How We Use Your Health Records”.
Ask at reception or look on practice website
How We Use Your Health Record (DOCX, 31KB)
Easy Read - How we use your health record (EXTERNAL PDF DOWNLOAD)
Dorset SystmOne Fair Processing Notice (DOCX, 145KB)
Please use this link to access the list of Trusted Sites/ Organisations:
Sharing Data with other Healthcare Colleagues
We are changing to SystmOne computer system from 24th June 2016. We are making this change because SystmOne is the same system as used by other healthcare providers locally, including other GPs, district nurses, health visitors, and the ambulance service. We believe this interoperability will improve patient care and make it safer, as it will allow healthcare professionals to view information entered by another service.
Here are some examples where data sharing would be helpful:
- The GP wants to know when you last had your B12 injection given by the district nurse.
- The district nurse needs to check your medication.
- The ambulance service attends in an emergency and they would like to know about your medical history.
Each person accessing the system uses an NHS Smartcard, which is set up to allow appropriate access for each individual user. Access rights are carefully controlled to ensure safety of your clinical information.
NHS England aims to link information from all the different places where you receive care, such as hospital, community service and us your GP Surgery. This will allow them to compare the care you received in one area against the care you received in another.
Information will be held in a secure environment called the Health and Social Care Information Centre (HSCIC). The role of the HSCIC is to ensure that high quality data is used appropriately to improve patient care. The HSCIC has legal powers to collect and analyse data from all providers of NHS care. They are committed, and legally bound, to the very highest standards of privacy and confidentiality to ensure that your confidential information is protected at all times.
This data can also be used, with permission, for research purposes. If you do not wish to share data for research, you can opt out:
You can object to information containing data that identifies you from leaving the Practice. This will prevent identifiable information held in your record from being sent to the HSCIC secure environment. It will also prevent those who have gained special legal approval from using your health information for research.
- You can also object to any information containing data that identifies you from leaving the HSCIC secure environment. This includes information from all places you receive NHS care, such as hospitals. If you object, confidential information will not leave the HSCIC and will not be used, except in very rare circumstances for example in the event of a public health emergency. For more information visit: www.england.nhs.uk/caredata
- The law requires Doctors to provide some very limited information about certain things. The law says, for example, that Doctors must provide information to local authorities about some infectious diseases, e.g. if you had food poisoning. Very rarely, Doctors may be required to disclose information in order to detect a serious crime. Likewise, a court order can require Doctors to disclose certain information during a court case.