COAGH MEDICAL CENTRE
PRIVACY NOTICE
FOR PATIENTS
About us
Coagh Medical Centre (‘the Practice’) is a data controller. This means that we are responsible for deciding about how we hold and use personal data about you, as a patient of the Practice. This Privacy Notice makes you aware of how, and why, your personal data will be used and how long it will usually be retained for.
Main definitions
We, our, us (Coagh Medical Centre)
Personal data: Any information relating to an identified or identifiable individual
Special category personal data: Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sex life or sexual orientation.
If you have any questions about this Privacy Notice, or how we handle personal data, please contact the Practice Manager who will deal with your query. The Practice Manager can be contacted on by contacting the practice or emailing practicemanager.Z00404@gp.hscni.net
What personal information do we collect, store and use?
In connection with the provision of healthcare services to you, we will collect, store and use the following categories of personal information about you:
- Personal information (such as name, age, date of birth, gender and Health Service number).
- Contact information (such as title, address, email address, emergency and/or next-of-kin contact information and telephone numbers).
- Information provided to us relating to your family, employment, social history and lifestyle.
- Records of appointments and telephone calls with the Practice.
- Information about your legal representatives.
We also collect, store and use the following ‘special categories’ of more sensitive data about you:
- Information provided to us about your health, including your medical history, any medical conditions and/or symptoms, medications, results of investigative tests including blood tests, x-rays and imaging.
- Information about your race or ethnicity, religious beliefs, sex life and/or sexual orientation.
How do we collect and hold personal information?
We collect personal information about you from the following sources:
- You.
- Other health and social care professionals and healthcare bodies, including occupational health professionals. (For example, if you go to hospital for treatment or an operation, the hospital will end us a letter to let us know what happens. This means that your GP medical record is kept up-to-date when you receive care from other parts of the health service).
- The Business Services Organisation. (When you join our Practice from another GP Practice we will receive a copy of your previous GP records from your former Practice. The transfer of patient data between practices is co-ordinated by the Business Services Organisation).
a) How will we use information about you?
We will only use personal information when the law allows us to. Most commonly, we will use your data to:
- Provide you with health and social care, including relevant preventative advice.
- Share information with other health or social care professionals or bodies to enable them to give you appropriate advice, undertake investigations, treatments and/or provide you with care.
- To facilitate audits to:
- Quality assure the standard of care provided by the Practice.
- Allow for technical verification and assurance activities in relation to the Practice’s expenditure.
- To facilitate any investigation aimed at the prevention, detection or investigation of fraud or other financial irregularities related to the provision of healthcare.
- To comply with our legal and regulatory obligations or, where the use of information is required in the public interest. For example, we are legally obligated to report some outbreaks of infection diseases to the Public Health Authority.
- For our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your rights and interests. As a public authority it is anticipated that there are likely to be limited circumstances where such legitimate interest processing will be undertaken. or
- Where you have given consent.
We keep personal data both electronically on the Practice’s information management systems and manually in indexed filing systems.
We have set out below how we use your personal data and our reasons for doing so:
To register you for NHS care | To fulfil a public task, namely, to facilitate the provision of healthcare advice and treatment to you. All patients who receive NHS care are registered on a national database, which holds your name, address, date of birth and NHS number but does not hold details about the care you receive. In Northern Ireland this database is held by the Business Services Organisation. |
To provide you with health and social care, advice and treatment | To fulfil a public task, namely to provide you with health and social care, advice and treatment |
To provide a record of the health care and treatment provided to you | To fulfil a public task, namely to provide you with health and social care, advice and treatment. To comply with our legal and regulatory obligations. |
For safeguarding and child protection purposes | To fulfil a public task, namely, to protect vulnerable adults and/or children. To comply with our legal and regulatory obligations. |
To protect public health | To fulfil a public task, namely, safeguarding public health, for example, to prevent the spread of infectious diseases. To comply with our legal and regulatory obligations. |
Gathering and provision of information required by or relating to audits, enquiries or investigations by regulatory bodies either in relation to the standard of healthcare provided or for financial audit purposes. | To comply with our legal and regulatory obligations. |
Operational reasons such as improving efficiency, training and quality control. | To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, namely the efficient functioning of the Practice. |
Responding to Court Orders or statutory obligations to provide information. | To comply with our legal obligations. This may include, but is not limited to, the provision to the Court Service, the Police Service of Northern Ireland or the Northern Ireland Public Services Ombudsman. |
Exercise of or defending legal rights | For our legitimate interests or those of a third party |
Statutory Returns | To comply with our legal and regulatory obligations |
Personal data
In order to help us keep the personal data that we hold about you up-to-date, please promptly let us know about any changes to your address or other contact details.
How we use particularly sensitive personal information?
We will only use special category data (that is, particularly sensitive personal information) in ways that are necessary for us to fulfil our public task of providing you with health and social care and to comply with our legal and regulatory obligations.
We may also use such information if it is necessary for the purposes of, or in connection with any legal proceedings (including prospective legal proceedings), if necessary for the purpose of obtaining legal advice or otherwise necessary for the purposes of establishing, exercising or defending legal rights.
Information about criminal convictions
We anticipate that we may occasionally process information about criminal convictions.
We will collect and process information about your criminal convictions only to the extent that this may impact on our provision of health care services to you.
Automated decision making
Automated decision making may be used by us to the extent that this will enable us to provide improved health services and/or advice to our patients. For example, we may electronically search our computerised records to identify patients who are at high risk from certain diseases, such as heart disease, or unplanned admissions to hospital. This may include information being provided to the GP Practice which has been gleaned from other sources such as Health & Social Care Trust records.
Third parties with whom we may share information and why
In order to undertake our public task of providing you with healthcare service and/or to meet our legal and regulatory obligations, we may share your data, including special category data, with some, or all, of the following third parties, including third-party service providers and other bodies:
- Our staff in the Practice.
- Any individuals or bodies with whom we contract to provide services in connection with the operation of the Practice.
- Other health and social care professionals and bodies.
- The Health & Social Care Board.
- The Business Services Organisation.
- The Public Health Authority.
- The Department of Health.
- Healthcare regulatory bodies.
- The Police Service of Northern Ireland.
- The Court Service of Northern Ireland.
- The Northern Ireland Public Services Ombudsman.
We will not share information about you without your consent, unless legally allowed, or required, to do so.
Data security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know. They will only process personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breaches and will notify you and any applicable regulator (currently the Information Commissioner’s Office) of a suspected breach where we are legally required to do so.
How long will we use your information for?
We retain healthcare data in accordance with the Department of Health for Northern Ireland’s Records Disposal Schedules which can be found at:
https://www.health-ni.gov.uk/articles/records-disposal-schedules
or as required by any applicable law.
In determining the appropriate retention period for any other personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Transferring information outside the EEA
We will not transfer the personal information we collect about you to any country outside the EEA without telling you in advance that we intend to do so and what steps we have taken to ensure adequate protection for your personal information in those circumstances.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold corrected. Information contained in your medical notes will not normally be deleted, however an annotation may be made to your medical notes to correct any inaccuracies.
- Request erasure of the personal information that we hold about you. The right to request erasure is not applicable to processing that is undertaken to fulfil a public task or a legal obligation. Consequently, the right to request erasure of personal data will not normally extend to medical records kept by the Practice.
- Object to processing of personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Your right to object is not, however, an unqualified right, as there are certain circumstances in which we are legally obligated to process information.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
- Request the transfer of your personal information to another party. This right, which is also known as the right of portability does not apply to personal data which is processed to fulfil a public task or comply with a legal obligation and it not, therefore, applicable to medical records. You are, however, entitled to transfer practices and should you opt to do so the transfer of your medical notes to your new practice which will be co-ordinated via the Business Services Organisation.
If you want to review, verify or request correction of your personal data or object to the processing of your personal data please contact the Practice Manager.
Right to withdraw consent
In the event of any personal data that we are processing subject to your consent, you have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact the Practice Manager. Once we have received notification that you have withdrawn your consent, we will no longer process personal data for that purpose and, subject to our retention policy and legal obligations, we will dispose of your personal data securely.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and will provide a new privacy notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Do you need any extra help?
If you would like this notice in another format, for example audio or large print, please contact us and let us know.
Complaints
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. The ICO’s details are as follows:
The Information Commissioner’s Office – Northern Ireland 3rd Floor 14 Cromac Place, Belfast BT7 2JB Telephone: 028 9027 8757 / 0303 123 1114 Email: ni@ico.org.uk