Privacy Notice – Summary Care Record
The Summary Care Record is an English NHS development. It consists of a basic medical record held on a central government database on every patient registered with a GP surgery in England. The basic data is automatically extracted from your GP’s electronic record system and uploaded to the central system GPs are required by their contract with the NHS to allow this upload. The basic upload consists of current medication, allergies and details of any previous bad reactions to medicines, the name, address, date of birth and NHS number of the patient.
As well as this basic record additional information can be added, and this can be far reaching and detailed. However, whereas the basic data is uploaded automatically any additional data will only be uploaded if you specifically request it and with your consent.
Summary Care Records can only be viewed within the NHS on NHS smartcard controlled screens or by organisation, such as pharmacies, contracted to the NHS. You can find out more about the SCR here https://digital.nhs.uk/summary-care-records You have the right to object to our sharing your data in these circumstances and you can ask your GP to block uploads.
We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.
Data Controller Contact Details
Dr Deborah Shiel – Partner Hillview Medical Centre
Data Protection Officer Contact Details
The Surrey Heartlands CCGs DPO Support Service for GP Practices
From 4th February 2019, AJ Spinks Ltd will provide the DPO Support
Service for GP Practices and this will include:
The Surrey Heartlands Primary Care DPO Service is available
Monday-Friday 9:00 – 17:00 (excluding bank holidays) and can be
Telephone: 0203 887 6923
Self-service Portal: www.ajspinks.freshdesk.com
Purpose Of The Processing
Upload of basic and detailed additional SCR data
Lawful Basis For Processing
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following:
- Article 6 and 9 conditions of the GDPR: Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”.
Recipient Or Categories Of Recipients Of The Processed Data
The data will be shared with Health and care professionals and support staff in this surgery and at hospitals, diagnostic and treatment centres who contribute to your personal care.
Rights To Object
You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance.
Right To Access And Correct
You have the right to access the data that is being shared and have any inaccuracies corrected. We can provide copies of recordings if they have not been deleted. There is no right to have accurate medical records deleted except when ordered by a court of Law.
The data will be retained in line with the law and national guidance. www.digital.nhs.uk/RecordsManagement-Code-of-Practice-for-Health-and-Social-Care-2016 or speak to the practice.