GENERAL DATA PROTECTION REGULATION – PRIVACY NOTICE
The General Data Protection Regulation (GDPR) came into force on 25 May 2018, superseding the current Data Protection Act (1998).
Under the terms of the new GDPR, a privacy notice is required to explain to our patients what personal data is held about them and how it is collected and processed.
How we obtain your personal data
Information provided by you
Via information held within our practice welcome pack, you willingly provide us with personal data on your registration form. This includes name, address, date of birth, landline phone number, mobile phone number, email address, previous medication history and any chronic disease health concerns.
We may also keep information contained in any correspondence or conversations you may have with us.
Information collected from other sources
By registering with the practice, you consent to your medical history from your previous practice(s) being sent to the practice. The provision of this information is essential in order that we can deliver personal care and medical treatment.
We often obtain information from hospitals, pharmacies and other medical practitioners to whom you will already have submitted your personal data.
How we use your personal data
The non clinical team use your information to make appointments for you, to generate prescriptions, to electronically file hospital and clinic records, and to provide test results as requested by you. The non clinical team will only access your medical information on a “need to know” basis in order to perform their duties.
If you have opted into this service your mobile phone number is used to send you text reminders of your appointments or to inform you of any health promotion clinics such as flu clinics and other clinics you may attend.
The clinical team use your information to provide you with care and medical treatment.
We undertake at all times to protect your personal data in a manner which is consistent with the practice team’s duty of confidentiality and the requirements of the General Data Protection Regulation. We will also take all reasonable measures to protect your personal data stored in paper files and on our electronic system.
We will keep information about you confidential and will only disclose any information with third parties if it is in your interests to do so and when we are sure that the party with whom we are sharing information is a medical practitioner with whom you have already shared personal information. For example, we might give your mobile phone number to a hospital which wishes to contact you about an appointment which has been made for you.
With your written or verbal consent, we will share information about you with a carer.
Information shared with solicitors and insurance companies is only done so when we are sure you have given your express consent.
Information will be shared with legal agencies and the police on production of a court order or if by not doing so the practice would be breaking the law.
How long do we keep this information about you?
We will keep your paper and electronic (hospital/clinic) records as long as you are a patient at the practice. If you leave the practice, these will be returned to Shared Services in Carmarthen. The practice will retain information held on its clinical system relating to consultations, immunisations, medical history and prescribing, but this information will be archived.
Patient (Data Subject) Rights
Right to be informed
This privacy notice informs you of your rights.
Right of access
The General Data Protection Regulation (GDPR) grants you the right to access particular personal data which we hold about you. This is referred to as a subject access request. We will respond promptly and at least within one calendar month from the date of receiving the request and all necessary information in writing from you.
Right to rectification
If considered appropriate, a retrospective entry can be made by a clinician if you have concerns regarding the accuracy of your clinical record. You will also have the right to have incomplete personal data completed, if necessary by providing a signed and dated supplementary statement. We will respond to the request for rectification at least within one calendar month.
Right to erasure
You have the right to request erasure of personal information concerning you if this is no longer relevant.
Right to restrict processing
Subject to exemptions, you will have the right to obtain from us restriction of processing if:
- The accuracy of the personal information is contested by you.
- We no longer need the personal information for the purpose of delivering personal care and medical treatment
Right to object
You have the right to object to processing of your data for direct marketing or for the purposes of scientific/historical research and statistics.
Right of data portability
We can respond to a request from you for the supply of your personal information in an electronic format, which you then have the right to transmit elsewhere.
Rights in relation to automated decision
Patients have the right not to be subject to a decision based on automated processing. Patients have the right to (a) obtain human intervention, (b) express their point of view, and (c) obtain an explanation of the decision and challenge it.
Invoking your rights
If you would like to invoke any of the above data subject rights with the practice, please write to the Practice Manager, Caereinion Medical Practice, Llanfair Caereinion, Powys, SY21 0RT.
Questions and queries
If you have a complaint regarding the use of your personal information, please write to the Practice Manager, Caereinion Medical Practice, Llanfair Caereinion, Powys, SY21 0RT.
Information Commissioner's Office - Wales · Phone 01625 545297
2Nd Floor, Churchill House, Churchill Way, Cardiff CF10 2HH