GDPR Privacy Notice

 COVID-19 Privacy Notice

 

Due to the unprecedented challenges that the NHS and we, Crompton View Surgery face due to the worldwide COVID-19 pandemic, there is a greater need for public bodies to require additional collection and sharing of personal data to protect against serious threats to public health. 

In order to look after your healthcare needs in the most efficient way we, CROMPTON VIEW SURGERY may therefore need to share your personal information, including medical records, with staff from other GP Practices including Practices within our Primary Care Network, as well as other health organisations (i.e. Clinical Commissioning Groups, Commissioning Support Units, Local authorities etc.) and bodies engaged in disease surveillance for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure.

 

The Secretary of State has served notice under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI) to require organisations to process confidential patient information in the manner set out below for purposes set out in Regulation 3(1) of COPI.

 

 

Purpose of this Notice

The purpose of this Notice is to require organisations such as CROMPTON VIEW SURGERY to process confidential patient information for the purposes set out in Regulation 3(1) of COPI to support the Secretary of State’s response to Covid-19 (Covid-19 Purpose). “Processing” for these purposes is defined in Regulation 3(2) and includes dissemination of confidential patient information to persons and organisations permitted to process confidential patient information under Regulation 3(3) of COPI. This Notice is necessary to require organisations such as CROMPTON VIEW SURGERY to lawfully and efficiently process confidential patient information as set out in Regulation 3(2) of COPI for purposes defined in regulation 3(1), for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure.

 

Requirement to Process Confidential Patient Information

The Secretary of State has served notice to recipients under Regulation 3(4) that requires CROMPTON VIEW SURGERY to process confidential patient information, including disseminating to a person or organisation permitted to process confidential patient information under Regulation 3(3) of COPI, renewed 01 July 2022  until 31 October 2022

 

CROMPTON VIEW SURGERY is only required to process such confidential patient information:

 

  • where the confidential patient information to be processed is required for a Covid-19 Purpose and will be processed solely for that Covid-19 Purpose in accordance with Regulation 7 of COPI
  • From 01 July 2022 until 31 October 2022.

 

 

 

Covid-19 Purpose.

A Covid-19 Purpose includes but is not limited to the following:

  • understanding Covid-19 and risks to public health, trends in Covid-19 and such risks, and controlling and preventing the spread of Covid-19 and such risks
  • identifying and understanding information about patients or potential patients with or at risk of Covid-19, information about incidents of patient exposure to Covid-19 and the management of patients with or at risk of Covid-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from Covid-19
  • understanding information about patient access to health services and adult social care services and the need for wider care of patients and vulnerable groups as a direct or indirect result of Covid-19 and the availability and capacity of those services or that care
  • monitoring and managing the response to Covid-19 by health and social care bodies and the Government including providing information to the public about Covid-19 and its effectiveness and information about capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services
  • delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with Covid-19, including the provision of information, fit notes and the provision of health care and adult social care services
  • research and planning in relation to Covid-19.

 

Recording of processing

 A record will be kept by CROMPTON VIEW SURGERY of all data processed under this Notice.

 

Sending Public Health Messages

Data protection and electronic communication laws will not stop CROMPTON VIEW SURGERY from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.

 

 

Digital Consultations

 

It may also be necessary, where the latest technology allows CROMPTON VIEW SURGERY to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.


Research and Pandemic Planning

 

The Secretary of State has directed NHS Digital to collect, process and analyse data in connection with COVID-19 to support the Secretary of State’s response to COVID-19 and support various COVID-19 purposes set out in the COVID-19 Public Health Directions 2020, 17 March 2020 (as amended) (COVID-19 Direction) and below. This enables NHS Digital to collect data and analyse and link the data for COVID-19 purposes with other data held by NHS Digital. 

 

The purpose of the data collection is also to respond to the intense demand for General Practice data to be shared in support of vital planning and research for COVID-19 purposes, including under the general legal notice issued by the Secretary of State under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI). 

 NHS Digital has therefore been requested by the joint co-chairs of the Joint GP IT Committee (JGPITC) (the BMA and RCGP) to provide a tactical solution during the period of the COVID-19 pandemic to meet this demand and to relieve the growing burden and responsibility on General Practices. On 15 April 2020 the BMA and RCGP therefore gave their support via JGPITC to NHS Digital’s proposal to use the General Practice Extraction Service (GPES) to deliver a data collection from General Practices, at scale and pace, as a tactical solution to support the COVID-19 response in the pandemic emergency period.

 

It is a requirement of the JGPITC that all requests by organisations to access and use this data will need to be made via the NHSX SPOC COVID-19 request process, that will triage and prioritise these requests and refer appropriate requests on to the NHS Digital Data Access Request Service (DARS).   NHS Digital will consult with representatives of the BMA and the RCGP on all requests for access to the data. An outline of the process for this agreed with the BMA and the RCGP is published here. Requests by organisations to access record level data from this collection will also be subject to Independent Group Advising on the Release of Data (IGARD) consideration. Data applicants will need to demonstrate they have a lawful basis to access the data for COVID-19 purposes. 

 

 

Benefits of this sharing

 

Organisations, including the Government, health and social care organisations and researchers need access to this vital data for a range of COVID-19 purposes, to help plan, monitor and manage the national response to the COVID-19 pandemic, which will help save lives. COVID-19 purposes for which this data may be analysed and used may include:

 

  • understanding COVID-19 and risks to public health, trends in COVID-19 and such risks, and controlling and preventing the spread of COVID-19 and such risks

 

  • identifying and understanding information about patients or potential patients with, or at risk of COVID-19, information about incidents of patient exposure to COVID-19 and the management of patients with or at risk of COVID-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from COVID19

 

  • understanding information about patient access to health services and adult social care services as a direct or indirect result of COVID-19, and the availability and capacity of those services • monitoring and managing the response to COVID-19 by health and social care bodies and the Government including providing information to the public about COVID-19 and its effectiveness and information about capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services

 

  • delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with COVID-19, including the provision of information, fit notes and the provision of health care and adult social care services; and

 

  • research and planning in relation to COVID-19.

 

Data may be analysed and linked to other data held by NHS Digital or held by other organisations to which access to the data is granted for COVID-19 purposes, through the process described above.

 

Data will be collected nationally from all GP Practices by NHS Digital every fortnight. All requests to access this data will be triaged through the NHSX SPOC COVID-19 request process and assessed and fulfilled by NHS Digital through DARS. This will significantly reduce the burden on General Practice at a time when demand on resources is high, enabling General Practice to focus on delivering health care and support to patients. It will also reduce compliance burden and risk for General Practice associated with sharing data and complying with the terms of the general legal notice issued under COPI, which applies to General Practices.

 

 

Legal Basis for this collection

 

NHS Digital has been directed by the Secretary of State under section 254 of the 2012 Act under the COVID-19 Direction to establish and operate a system for the collection and analysis of the information specified for this service: GPES Data for Pandemic Planning and Research (COVID-19). A copy of the COVID-19 Direction is published here:  https://digital.nhs.uk//about-nhs-digital/corporate-information-and-documents/directions-anddata-provision-notices/secretary-of-state-directions/covid-19-public-health-directions-2020.

 

Details of the information to be collected can be found on the NHS Digital website – Specification of this DPN. Type 1 objections will be upheld in collecting this data from General Practices and therefore the data for those patients who have registered a Type 1 objection with their GP will not be collected. The Type 1 objection prevents an individual’s personal identifiable confidential information from being shared outside of their GP Practice except when it is being used for the purposes of their direct care. The National Data Opt-Out will not apply to the collection of the data, as this is a collection which is required by law. 

 

This information is required by NHS Digital under section 259(1)(a) of the 2012 Act to comply with the COVID-19 Direction. In line with section 259(5) of the 2012 Act, all organisations in England that are within the scope of this Notice, as identified below under Health and Social Care Bodies within the scope of the collection, must comply with the requirement and provide information to NHS Digital in the form, manner and for the period specified in this Notice.   This Notice is issued in accordance with the procedure published as part of NHS Digital’s duty under section 259(8) of the 2012 Act. 

 

In August 2020, the NHS announced that the seasonal national flu immunisation programme criteria for 2020 - 2021 will be expanded to include patients on the SPL. Therefore, to provide information that will support the identification of patients at moderate or high risk of complications from flu, a revision to the weekly extract of data has taken place. This, version three of the extract for the purpose of maintaining and updating the SPL, will continue until the expiry of the COVID-19 Direction. This is currently 30th June 2022.  The frequency of the data collection may change in response to demand.

 

Data collection extracted on a weekly basis week commencing 13 April 2020

Revised weekly data collection. The first collection is due week commencing 28 September 2020

 

 

All patients with defined long-term medical conditions which pose a COVID-19 risk, identified as clinically extremely vulnerable to that risk and/or on certain drug treatments as below:

All patients with defined long-term medical conditions which pose a COVID-19 risk, identified as clinically extremely vulnerable/potentially clinically vulnerable to that risk and/or on certain drug treatments as below:

Medical Conditions that provide information on clinically vulnerable patients

·         Severe asthma and dust related lung disease with relevant treatment in the last 12 months (asthma treatment & prednisolone OR high dose cortiscosteroid safety card)

·         COPD emphysema, and associated lung diseases with relevant treatment in the last 12 months (COPD drugs OR high dose high dose cortiscosteroid safety card

·         Non-asthma and non-COPD respiratory disease

·         Cancer(haem and others)

·         Genetic, metabolic or autoimmune disease

·         Immunosuppression drugs in the last 12 months

·         Flu-like symptoms or respiratory tract infections from 1 November 2019

·         Transplants with severe Immunosuppression drug treatment in the last 12 months

·         Pregnant in last 9 months  

Medical Conditions that provide information on clinically vulnerable patients

·         Severe asthma and dust related lung disease with relevant treatment in the last 12 months (asthma treatment & prednisolone OR high dose cortiscosteroid safety card)

·         COPD emphysema, and associated lung diseases with relevant treatment in the last 12 months (COPD drugs OR high dose high dose cortiscosteroid safety card

·         Non-asthma and non-COPD respiratory disease

·         Cancer(haem and others)

·         Genetic, metabolic or autoimmune disease

·         Immunosuppression drugs in the last 12 months

·         Flu-like symptoms or respiratory tract infections from 1 November 2019

·         Transplants with severe Immunosuppression drug treatment in the last 12 months

·         Pregnant in last 9 months 

 

No change

·         Patients designated separately as at risk from COVID-19 using high/medium/low risk SNOWED CT Codes, for example

·         Patients designated separately as at risk from COVID-19 using high/medium/low risk SNOWED CT Codes, for example

 

No change

Patients with a COVID-19 activity code

Patients with a COVID-19 activity code

 

No change

 

Clinically vulnerable patients (eligible for seasonal flu vaccination)

·         Chronic Respiratory disease

·         Unresolved asthma with recent asthma drug treatment (in the last 12 months) or has ever had an emergency hospital admission due to asthma

·         Chronic heart disease

·         Unresolved chronic kidney disease stage3,4 and 5

·         Unresolved diabetes mellitus

·         Unresolved immunosuppression diagnosis

·         Immunosuppression procedure in the last 12 months

·         Chronic Liver disease

·         Chronic neurological disease

·         Pregnant in the last 9 months (different cluster to clinically extremely vulnerable group)

·         In patients aged 16 and over : BMI of 40+ in the last 12 months

·         In patients aged 16 and over : Latest BMI in the last 3 years was 40+

·         Learning disability (including Down’s)

·         Has a “requires flu vaccination” code

·         Identified as a healthcare worker in the last 12 months

·         Household contact of an immunocompromised individual

 

Other Potentially clinically Vulnerable patients

·         Unresolved hypertension

·         Pulmonary hypertension

·         Dementia

·         Systemic lupus

·         Discoid and non-systemic lupus

·         Psoriasis

·         Rheumatoid arthritis and associated disorders

 

Additional Data items for Patients from the above groups

·         Latest ethnic category code (all groups)

·         Earliest code indicating that the patient has died (all groups)

·         Latest smoking status (all groups)

·         Blood pressure from the last 2 years (all groups)

·         In patients aged 16 and over: all BMI and weight in last 5 years plus height (all groups)

·         IFCC-HbA1c in the last 2 years (for diabetic patients in the flu group only)

·         Latest COPD resolved and admission codes (for COPD Patients in the clinically extreme vulnerable group only)

·         ACE inhibitors, ARBs and non-steroidal anti-inflammatory drugs in the last 12 months (all groups)

·         Latest asthma emergency admission codes (for asthma patients in flu group only)

·         Asthma-related drug treatments in the last 12 months (for asthma patients in the flu group only)

 

 

 

 

The Secretary of State has directed NHS Digital to collect, process and analyse data in connection with COVID-19 to support the Secretary of State’s response to COVID-19 and support various COVID-19 purposes set out in the COVID-19 Public Health Directions 2020, 17 March 2020 (COVID-19 Direction) (as amended) (COVID-19) Direction) and below. This enables NHS Digital to collect data and analyse and link the data for COVID-19 purposes with other data held by NHS Digital. The rationale for changing the data extraction is that the initial data collection was based on an existing specification for flu vaccination eligibility. This data extraction was then refined in order to more accurately reflect the patients who are clinically extremely vulnerable to COVID-19 and also to minimise the data we are collecting. A further refinement of the data extraction has taken place leading to the inclusion of new data being extracted. This will provide information to inform vaccination programmes. This General Practice Extraction

 

Service (GPES) data will be extracted weekly and be used to assist in producing a weekly update of the SPL. The objective of this collection is on an ongoing basis to identify patients registered at General Practices who may be: • clinically extremely vulnerable if they contract COVID-19 • at moderate or high risk of complications from flu or COVID-19. The data collected will be analysed and linked with other data NHS Digital or other organisations hold to identify: • a list of clinically extremely vulnerable patients who will be advised to take shielding measures to protect themselves. Advice given to these patients has been published by Public Health England and is available here: https://www.gov.uk/government/publications/guidance-on-shielding-and-protectingextremely-vulnerable-persons-from-covid-19/guidance-on-shielding-and-protectingextremely-vulnerable-persons-from-covid-19#what-do-we-mean-by-extremelyvulnerable • a list of patients at moderate or high risk of complications from flu to inform the flu call/recall vaccination programme.

 

 

Further information on the flu programme can be found here: Coronavirus (england.nhs.uk)

 

The extract may also be used for future direct care purposes relating to the COVID-19 outbreak. The methodology NHS Digital has used to produce the SPL is explained in detail and is published on the NHS Digital SPL website page here:

 

https://digital.nhs.uk/coronavirus/shielded-patient-list Patients

 

added to the SPL will be contacted by post, email (and/or SMS message where this is necessary) by the NHS on behalf of the Chief Medical Officer, Chris Whitty, to:

 

 

  • offer a flu vaccination or to contact non-responders who remain unvaccinated (as per NHS England specifications for the service). The SPL will also be used to inform GPs of their individual patients on the SPL, by flagging those patient records on GP patient record systems. The SPL will be shared with a variety of other organisations involved in the care and support of those patients and for planning, commissioning and research purposes associated with COVID-19. Full details of those with whom information has been shared can be found on the NHS Digital SPL website here:

https://digital.nhs.uk/coronavirus/shielded-patient-list/distribution.

 

Requests by organisations to access record level data from this collection will be subject to Independent Group Advising on the Release of Data (IGARD) consideration. Data applicants will need to demonstrate they have a lawful basis to access the data for COVID-19 purposes.

 

Benefits of the collection

 

Organisations, including Government, health and social care organisations need to access this vital data for a range of COVID-19 purposes, to help plan, monitor and manage the national response to the COVID-19 pandemic, which will help save lives. COVID-19 purposes for which this data may be analysed and used may include: • understanding COVID-19 and risks to public health, trends in COVID-19 and such risks, and controlling and preventing the spread of COVID-19 and such risks • identifying and understanding information about patients or potential patients with, or at risk of COVID-19, information about incidents of patient exposure to COVID-19 and the management of patients with or at risk of COVID-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from COVID19. Data will be analysed and linked to other data held by NHS Digital or held by other organisations to which access to the data is granted for COVID-19 purposes, through the process described above. Data will be collected nationally from all General Practices by NHS Digital every week. All requests to access this data will be through Data Access Request Service (DARS). This will significantly reduce the burden on General Practice at a time when demand on resources is high, enabling General Practice to focus on delivering health care and support to patients. It will also reduce compliance burden and risk for General Practice associated with sharing data and complying with the terms of the general legal notice issued under the National Health Service (Control of Patient Information Regulations) 2002 (COPI), which applies to General Practices Patients facing the greatest risk if they contract COVID-19 and/or are in the moderate to high risk of complications from flu:

 

  • will be identified and known to health organisations
  • will have a greater awareness of the recommended preventative shielding measures
  • will be able to follow clear advice
  • will be able to ask for help and support, including social care support and essential food supplies, through the Extremely Vulnerable Persons service operated by gov.uk.

 

It will enable the SPL to be updated weekly to identify new patients and changes to patients on the List and will enable support provisions to be more dynamic and responsive to both social and clinical need.

 

It will also enable vital planning, commissioning, and research to be carried out for COVID-19 purposes. If patients facing the greatest risk follow advice, it is hoped that this will contribute to the delay and mitigation of the spread of COVID-19 and save lives.

 

 

Visitors to The Practice

 

We have an obligation to protect our staff and employees’ health, so it is reasonable for staff at CROMPTON VIEW SURGERY to ask any visitors to our practice to tell us if they have visited a particular country, or are experiencing COVID-19 symptoms. This must only be in pre-approved circumstances and we would also ask all patients to consider government advice on the NHS 111 website and not attend the practice.

 

Where it is necessary for us to collect information and specific health data about visitors to our practice, we will not collect more information than we need, and we will ensure that any information collected is treated with the appropriate safeguards.

 

 

 Review and Expiry of this Notice

This Notice will be reviewed on or before 31 October 2022 and may be extended by The Secretary of State.  If no further notice is sent to CROMPTON VIEW SURGERY by The Secretary of State this Notice will expire on 31 October 2022.

 

GDPR LEAFLET

DATA PROTECTION NOTICE

 

Children’s Privacy Notice

 

WHAT IS A PRIVACY NOTICE AND WHY DOES IT APPLY TO ME?

 

A Privacy Notice tells people how organisations use information that they hold about them. A new law called the UK General Data Protection Regulation 2016, also known as UKGDPR, says that we need to provide you with this Privacy Notice and let you know:

 

  • What information we hold about you
  • How we keep this especially important information safe and secure and where we keep it
  • How we use your information
  • Who we share your information with
  • What your rights are
  • When the law gives us permission to use your information

 

WHY DOES THE LAW GIVE YOU PERMISSION TO USE MY INFORMATION?

The law gives us permission to use your information in situations where we need it to take care of you. Because information about your health is very personal, sensitive and private to you, the law is very strict about how we use it.

So, before we can use your information in the ways we have set out in this Privacy Notice, we have to have a good reason in law, which is called a ‘lawful basis’.  Not only do we have to do that, but we also have to show that your information falls into a special group or category, because it is very sensitive. By doing this the law makes sure we only use your information to look after you and that we do not use it for any other reason.


If you would like more information about this please ask to speak to our Data Protection Officer (DPO) mentioned in this Privacy Notice who will explain this in more detail.

ABOUT US

We, at the Crompton View Surgery at Crompton Health Centre, we are responsible for collecting, storing and handling your information when you registered with us as a patient. Because we do this, the law says we are Data Controllers. Sometimes we may use your information for a particular purpose and when we do so, the law says we are Data Processors.

 

WHAT INFORMATION DO YOU HOLD ABOUT ME?

We hold information about you such as:

  • Your name
  • Address
  • Mobile number
  • Information about your parent(s) or person with parental responsibility
  • All your health records
  • Appointment records
  • Visits to see your GP
  • Treatments you have had
  • Medicines prescribed for you and any other information to help us look after you

 

HOW DO YOU KEEP IT SAFE?

  • The law says that we must do all we can to keep your information private, safe and secure.
  • We use secure computer systems and we make sure that any written information held about you is under lock and key and kept in a safe place. This includes taking great care with any passwords we use which we change on a regular basis. We also train our staff to respect your privacy and deal with your information in a manner that makes sure it is always kept and dealt with in a safe way.

 

 

WHAT DO YOU DO WITH MY INFORMATION?

  • We only usually use your information to help us care for you. That means we might need to share your information with other people who are concerned and involved with looking after your health.
  • We might need to share your information with the police, courts, social services, solicitors and other people who have a right to your information, but we always make sure that they have a legal right to see it (or have a copy of it) before we provide it to them.

 

WHO ELSE WILL SEE MY INFORMATION?

  • Usually only doctors, nurses and other people who work with us are allowed to see your information.
  • Sometimes though, if you need to go to the hospital or be seen by a special doctor, we will share your information with them but this only so that we can take care of you.
  • Sometimes we might be asked to take part in medical research that might help you in the future. We will always ask you or your parent(s) or adult with parental responsibility if we can share your information if this happens.
  • Possibly the police, social services, the courts and other organisations and people who may have a legal right to see your information.

 

WHAT ARE MY RIGHTS?

  • If you want to see what information we hold about you then you have a right to see it and you can ask for it.
  • To ask for your information you will usually need to put your request in writing and tell us what information you want us to give you.
  • We usually need to answer you within one month. Your parent(s) or adult with parental responsibility can help you with is if you need help.
  • Usually we will give this to you free of charge.
  • If you think there are any errors in the information we hold about you then you can ask us to correct it but the law says we can’t remove any of the information we hold about you even if you ask us to. This is because we need this information to take care of you.
  • You have a right to ask us not to share your information.
  • If you would like to talk to us about not sharing your information, even if this means you don’t want us to share your information with your parent(s) or adult with parental responsibility, please let us know. We will be happy to help.

 

WHAT IF I HAVE A QUESTION?

  • A member of our staff/receptionist will be happy to talk to you about any questions you may have and we will do our best to help you.
  • The Surgery has a person called a Data Protection Officer (DPO) who deals with all queries about patient information. Our receptionist may put you in touch with this person who will listen to your concerns and give you the advice you need.
  • Our DPO is called Paul Couldrey and he can be contacted at Couldrey@me.com.

 

WHAT IF I HAVE A SERIOUS COMPLAINT ABOUT HOW YOU LOOK AFTER MY INFORMATION?

  • We will always do our best to look after your information and to answer your questions.
  • If you are still not happy with something we have done with your information you can speak to our DPO.
  • If our DPO has not been able to help you or if you prefer not to speak to our DPO then you have a right to pass your complaint to an organisation called the Information Commissioner’s Office (ICO) who will look into what has gone wrong. For more information visit ico.org.uk

 

UPDATES TO THIS PRIVACY NOTICE

  • The law says we must keep all information we provide in this Privacy Notice up to date.
  • This Privacy Notice was last updated on 08/10/2021 and will be reviewed on 08/10/2022



Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website