Who we are
We are a Primary Care General Practitioner service and provide a wide range of integrated health services including:
- Patient consultations
- Minor surgery
- Family planning
- Complex wound care
- Chronic disease management
- Child Health Surveillance
We serve a population of 11,500 and employ 30 staff. We are based on one site at Medwyn surgery in Dorking.
What is a privacy notice?
A Privacy Notice is a statement by the organisation to patients, service users, visitors, carers, the public and staff that describes how we collect, use, retain and disclose personal information we hold. This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.
Why issue a privacy notice?
Medwyn surgery recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to our values and being transparent and open and commitment to our values of respecting diversity, acting with integrity and striving for excellence. This notice also explains what rights you have to control how we use your information.
What are we governed by?
The key pieces of legislation/guidance we are governed by are:
- Data Protection Act 1998
- Human Rights Act 1998 (Article 8)
- Access to Health Records Act 1990
- Freedom of Information Act 2000
- Health & Social Care Act 2012,2015
- Public Records Act 1958
- The Re-Use of Public Sector Information Regulations 2015
- Computer Misuse Act 1990
- The Common Law Duty of Confidentiality
- The Care Record Guarantee for England
- International Organisation for Standardisation (ISO) – Information Security Management Standards (ISMS)
- Information Security Management – NHS Code of Practice
- Records Management – Code of Practice for Health & Social Care 2016
- General Data Protection Regulations (GDPR) May 2018
Who are we governed by?
Department of Health
Care Quality Commission
Information Commissioners Office
Our doctors, nurses and registered support staff are also regulated and governed by professional bodies.
Why and how we collect information
We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate care and treatment. This is to support the provision of high quality care.
These records may include:
- Basic details such as name, address, date of birth, next of kin.
- Contact we have had such as appointments and home visits
- Details and records of treatment of care, including notes and reports about your health
- Results of x-rays, blood tests etc.
- Information from people who care for you and know you well such as health professionals and relatives
It may also include personal sensitive information such as sexuality, race, your religion or beliefs and whether you have a disability, allergies or other health conditions. It is important for us to have a complete picture as this information assists staff involved in your care to deliver and provide improved care and treatment plans.
Information is collected in several ways, via healthcare professionals, hospital letters or directly from you.
How we use information
- To help inform decisions that we make about your care
- To ensure that your treatment is safe and effective
- To work effectively with other organisations who may be involved in your care.
- To support the health of the general public
- To ensure our services can meet future needs
- To review care provided to ensure it is of the highest standard possible
- To train healthcare professionals
- For research and audit
- To prepare statistics on NHS performance
- To monitor how we spend public money.
There is huge potential to use your information to deliver care and improve health and care services across the NHS and social care. The information can be used to help:
- Improve individual care
- Understand more about disease risks and causes.
- Improve diagnosis
- Develop new treatments and prevent diseases
- Plan services
- Improve patient safety
- Evaluate Government, NHS and Social care policy.
It helps you because:
- Accurate and up to date information assists us in providing you with the best possible care.
- If you see another healthcare professional, specialist or another part of the NHS they can readily access the information they need to provide you with the best possible care
- Where possible, when using information to inform future services and provision, non-identifiable data will be used.
How information is retained and kept safe
Information is retained in secure electronic and paper records and access is restricted to only those who need to know.
It is important that information is kept safe and secure to protect your confidentiality. There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.
The Data Protection Act 1998 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. Medwyn Surgery is registered with the Information Commissioners Office (ICO)
Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.
How do we keep information confidential?
Everyone working for Medwyn Surgery is subject to the Common Law Duty of Confidentiality and the Data protection Act 1998. Information provided in confidence will only be used for the purposes to which you consent to, unless there are circumstances covered by the law.
Under the NHS Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
All Medwyn surgery staff are required to undertake annual training in data protection, confidentiality, IT/cyber security with additional training for data protection officers and IT staff.
Teaching clinicians – Some medical files are needed to teach student clinicians about rare cases. Without such materials, new doctors and nurses would not be properly prepared to treat you.
Clinical Placements – Clinical placements for students commonly take place within the NHS. Students such as student nurses, medical students, paramedics, pharmacists, will be regularly receiving training at Medwyn surgery. If staff would like a student to be present, they will ask for your permission before that episode of care. The treatment you receive will not be affected if you refuse to have a student present during your episode of care. Occasionally, for assessment purposes, students may request that their supervisor be present. You may refuse this if it makes you feel uncomfortable.
Who will the information be shared with?
To provide best possible care, sometimes we will need to share information about you with others. We may share your information with a range of Health and social Care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.
Sharing with non-NHS organisations
For your benefit, we may also need to share information from your records with non-NHS organisations, from whom you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to a third party without your explicit consent, unless the*re are exceptional circumstances such as when the health or safety of others is at risk or where the law requires the disclosure of information.
We may also be asked to share basic information about you, such as your name and parts of your address which does not include sensitive information from your health records. Generally, we would only do this to assist them to carry out their statutory duties. Examples of this are usages of healthcare services, public health or national audits. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Privacy Notice, under the Data Protection Act.
Where patient information is shared with other non-NHS organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.
Non-NHS organisations may include but are not restricted to: social services, education services, local authorities, the police, voluntary sector providers and private sector providers.
Your right to withdraw consent for us to share your personal information
You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving care.
Contacting us about your information
Each organisation has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Caldicott Guardian. The Caldicott Guardia for Medwyn Surgery is the Practice Business Manager, Mrs. Nanette Nobes. If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further then please contact:
Mrs. Nanette Nobes
Practice Business Manager
Can I access my information?
Under the Data Protection Act 1998 a person may request access to information (with some exceptions) that is held about them by an organisation. Medwyn surgery provides each patient with online access to their records but if access is required to historic paper records then please contact the surgery.
Subscribe to Our Newsletters
We like to keep our community informed.
Sign up to our newsletter service below: