Supplementary Privacy Note on Covid-19 for Service User
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak.
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, support health and social care services and protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency, it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital, NHS England and Improvement, arms-length bodies (such as Public Health England), local authorities, health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and someFAQs on this law are also available.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes national data opt–outs. However, in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to subject access requests, freedom of information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs, we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency, we may offer you a consultation via telephone or videoconferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Find further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms, we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.
Your Information
We take your privacy very seriously. We are registered with the Information Commissioner’s Office as a Data Controller and our registration number can be found by searching the ICO Register using This Link? If you have any questions or wish to make a request in relation to your information, please contact us using the details on our main page or contact our Data Protection Officer at?
We aim to provide you with the highest quality health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you?
Your doctor and other health professionals caring for you, such as nurses or physiotherapists, keep records about your health and treatment so that they are able to provide you with the best possible care.
These records are called your ‘health care record’ and may be stored in paper form or on a computer and electronic systems and may include Personal Data; basic details about you, such as an address, date of birth, NHS number, and next of kin as well as Sensitive Personal Data; contact we have had with you, such as clinical visits notes and reports about your health details and records about your treatment and care results of x-rays, laboratory tests etc.
Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information
What do We do With Your Information?
What We Do With Your Information –Updated 18th April 2019
Refer you to other healthcare providers when you need other service or tests.
- Discuss or share information about your health or care with other health or social care providers.
- Share samples with laboratories for testing (like blood samples).
- Share test results with hospitals or community services (like blood test results).
- Allow out of hours or extended hours GPs to look at your health record when you are going to an appointment.
- Send prescriptions to a pharmacy.
- Text patients in relation to healthcare services.
- Samples are provided to the courier for delivery to the pathology.
- Share reports with the coroner
Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital.
Produce medical reports on request from third parties such as the DVLA or your employer.
Movement of Patient records to Primary Care Support England.
14th April 2019: Amended to include “Discuss or share information about your health or care with other health or social care providers”
How Do We Keep Your Information Safe?
We are committed to ensuring the security and confidentiality of your information.
We are committed to ensuring the security and confidentiality of your information.
There are a number of ways we do this:
Does staff receive annual training about protecting and using personal data?
Policies are in place for staff to follow and are regularly reviewed?
We check that only the minimum amount of data is shared or accessed.
We use ‘smartcards’ to access systems, this helps to ensure that the right people are accessing data – people with a ‘need to know”.
We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information.
We report and manage incidents to make sure we learn from them and improve
We put in place contracts that require providers and suppliers to protect your data as well.
We do not send your data outside of the EEA.
What Else Do We Use Your Information For?
Along with activities related directly to your care, we also use information in ways that allow us to check that care is safe and provide data for the improvement and planning of services.
Quality/payment/performance reports are provided to service commissioners.
As part of clinical research – information that identifies you will be removed, unless you have consented to be identified.
- Undertaking clinical audits within the practice.
- Supporting staff training.
- Incident and complaint management.
How Long Do We Keep Your Information?
In line with the Department of Health Code, we will retain/store your health record for your lifetime.
When a patient dies, we will send your record to Primary Care Services England to review the record and generally, it will be destroyed 10 years later, unless there is a reason to keep it for longer?
If you move away or register with another practice, we will send your records to the new practice.
How we Handle Your Data – Video