See also our page about data sharing
Under GDPR you have a right to know how we process data about you. We are allowed to process patient information for health and social care purposes which therefore doesn’t require *** Explicit *** consent for all contacts and data. (NB this is completely different from explicit consent to examine you etc.). We will use and store the data you have provided to us to potentially contact you via post, SMS and sometimes email. This will be for the provision of care, or in the case of surveys, including those mandated by NHS England or NHS Digital to assess and enhance our services.
We are the “Data Controller” of your records but rely on third parties to provide technical facilities “Data Processors” to allow us to do this. This link from the ICO explains the different roles (PDF Document)
In Addition to our
“core” function for which we use EmisWEB software. Emis and EmisWEB act as Data Processors on our behalf. Their Privacy Notice
we also use features from
eConsult (for online consultations) Their Privacy Notice
Healthcare Computing (provide technical IT support for hardware and networked products) Their Privacy Notice
iPlato (for SMS and similar services, for appointment reminders and health notifications) Their Privacy/GDPR Notice
Connected Care (Also known as Share my Care) for sharing data/information with other NHS and Social Services providers such as the Royal Berks Hospital across Berkshire, as well as Community Services etc. https://www.shareyourcareberkshire.org/
Your right to withdraw consent for us to share your personal information (Opt-Out)
If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything. If you do not want your information to be used for any purpose beyond providing your care you can choose to opt-out. If you wish to do so, please let us know so we can code your record appropriately. We will respect your decision if you do not wish your information to be used for any purpose other than your care but in some circumstances we may still be legally required to disclose your data.
There are two main types of opt-out.
Type 1 Opt-Out
If you do not want information that identifies you to be shared outside the practice, for purposes beyond your direct care, you can register a ‘Type 1 Opt-Out’. This prevents your confidential personal information from being used other than in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease.
Type 2 Opt-Out/Now superseded, see below
NHS Digital collects information from a range of places where people receive care, such as hospitals and community services. If you do not want your personal confidential information to be shared outside of NHS Digital, for purposes other than for your direct care, you can register an objection. This NHS website explains the process and significance as well as allowing you to express your choice (This is now the only method to do so)