Privacy Notice

Manor Brook Medical Centre uses personal and confidential information for a number of purposes. Our privacy notice provides a summary of how we use your information.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with existing laws and with guidance from organisations that govern the provision of healthcare in England such as the Department of Health and the General Medical Council.

Information on this page explains our privacy policy and how we will use and protect any information about you that you give us.

This privacy notices explains:

  • What personal and healthcare information do we collect about you?
  • Why we collect information about you?
  • How we keep your information secure?
  • Who we share your information with?
  • How long do we hold information for?
  • Your rights as a patient
  • Key Contacts, Summary Care Record and London Care Record

What type of information do we collect about you?

 To be able to be able to provide you with care and for our other purposes we need to collect information about you. This includes:

  • Your contact details (such as your name, age, gender, ethnicity, address and email address)
  • Details and contact numbers of your next of kin
  • Details in relation to your medical history
  • The reason for your visit to the organisation
  • Any contact the organisation and/or your practice has had with you including appointments (emergency or scheduled), clinic visits, etc.
  • Notes and reports about your health, details of diagnosis and consultations with our GPs and other health professionals within the healthcare environment involved in your direct healthcare
  • Details about the treatment and care received
  • Results of investigations such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you
  • Recordings of telephone conversations between yourself and the organisation
  • The Practice also records CCTV images for the prevention and detection of crime

Why we collect information about you?

  • The main reason we collect information about you is for your direct care and treatment, this includes to ensure safe and high-quality care for all our patients. We also collect and use information for other purposes such as research.
  • Other reasons for collection of information may include: safety of patient and staff, prevention and detection of crime

Further details on why we collect personal data about you can be found further below under the section ‘Specific Privacy Notices’

Your data is collected for the purpose of providing direct patient care; however, we are able to disclose this information if it is required by law, if you give consent or if it is justified in the public interest.

How we keep your information secure?

All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. All the personal data we process is processed by our staff in the UK. However, for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.

No third parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. We have data protection processes in place to oversee the effective and secure processing of your personal and/or special category data.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the UK General Data Protection Regulations (which is overseen by the Information Commissioner’s Office), The Data Protection Act 2018, Human Rights Act, the Common Law Duty of Confidentiality and the NHS Codes of Confidentiality and Security. Every staff member who works for an NHS organisation has a legal obligation to maintain the confidentiality of patient information.

All of our staff, contractors and locums receive appropriate and regular training to ensure they are aware of their personal responsibilities and have legal and contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff have access to personal information where it is appropriate to their role and this is strictly on a need-to-know basis. If a sub-contractor acts as a data processor for Manor Brook Medical Centre an appropriate contract (Article 24-28) will be established for the processing of your information.

Our organisational policy is to respect the privacy of our patients, their families and our staff and to maintain compliance with the UK General Data Protection Regulation (UK GDPR), The Data Protection Act 2018and all UK specific data protection requirements. Our policy is to ensure all personal data related to our patients will be protected.

Who we share your information with?

In order to comply with its legal obligations, this organisation may have to send data to NHS England when directed by the Secretary of State for Health under the Health and Social Care Act.

Additionally, we may have to contribute to national clinical audits and will send the data that is required by NHS Digital as the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure.

Under the UK General Data Protection Regulation, where we are providing direct care to you, or managing your direct care, we will be lawfully using your information in accordance with:

  • Article 6, 1, (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Article 9, 2, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems

 For the lawful bases for the processing and collection of your data outside of the above, you can locate these in the individual specific privacy notices linked below.

Whenever you use a health or care service, such as attending the local hospital or using the district nursing service, clinical information about you is collected to help ensure you get the best possible care and treatment. This information may be passed to other approved organisations where there is a legal basis to do so, to help with planning services, improving care, researching to develop new treatments and preventing illness. All of this helps in providing better care to you and your family and future generations.

However, as explained in this privacy notice, confidential information about your health and care is only used in this way as allowed by law and would never be used for any other purpose without your clear and explicit consent.

We may pass your personal information on to the following people or organisations because these organisations may require your information to assist them in the provision of your direct healthcare needs. It therefore may be important for them to be able to access your information in order to ensure they may deliver their services to you:

  • Hospital professionals (such as doctors, consultants, nurses etc.)
  • Other GPs/doctors
  • Primary Care Networks
  • NHS Trusts/Foundation Trusts/Specialist Trusts
  • NHS Integrated Care Boards,
  • NHS England (NHSE)
  • Multi-agency Safeguarding Hub (MASH)
  • Independent contractors such as dentists, opticians, pharmacists
  • Any other person who is involved in providing services related to your general healthcare including mental health professionals
  • Private sector providers including pharmaceutical companies to allow for the provision of medical equipment, dressings, hosiery etc.
  • Voluntary sector providers
  • Ambulance Trusts
  • Integrated Care Systems. Local authority, Social care services, Education services
  • Information may also be shared with appropriate or authorised organisations like the police and the court for the purpose of investigation, court proceeding and prevention and detection of crime where we are required to
  • Other ‘data processors’, e.g., Diabetes UK

How long do we keep your personal information?

We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records Management Code of Practice for health and social care and national archives requirements.

More information on records retention can be found online at: NHSX – Records Management Code of Practice 2022.

Your rights as a patient

The law gives you certain rights to your personal and healthcare information that we hold as set out below:

 

Access and Subject Access Requests  

You have the right to ask us for copies of your personal information. Please speak to reception regarding SAR forms or online access to records

 
Correction We want to make sure that your personal information is accurate and up to date.

 

If you believe that entries within your GP record are inaccurate, incorrect or misleading then please do let us know. You can make a request for rectification verbally or in writing
Removal You have the right to ask us to erase your personal information in certain circumstances. You can make a request for rectification verbally or in writing. This is not an absolute right, and certain exemptions do apply.

Please be aware that an alteration to an electronic record, or deletion of an entry in it, is always preserved (together with the original entry) as part of the electronic audit trail.
Objection You have the right to object your information been shared with anyone else without your consent. However, this right is not absolute, and this right may be limited under certain situations if there is good reason or in public interest.

 

Please contact the Practice for further information.
Transfer You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form), to another organisation but we will require your clear consent to be able to do this.

Summary care records

During the height of the Covid-19 pandemic, changes were made to the Summary Care Record (SCR) to make additional patient information available to all appropriate clinicians when and where they needed it to support direct patient care, leading to improvements in both care and outcomes.

The full supplementary privacy notice for the Summary Care Record has been published by NHS Digital here.

London Care Record

This practice uses a shared record system called the London Care Record. The London Care Record is a secure view of your health and care information and lets health and care professionals involved in your care see important details about your health when and where they need them. Having a single, secure view of your information helps speed up communication between care professionals across London, improves the safety of care and can save lives.

https://www.youtube.com/embed/enuxS5fttTA” title=”YouTube video player” frameborder=”0″ allow=”accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share” allowfullscreen></iframe>

London Care Record can only be lawfully looked at by staff who are directly involved in your care. Your information isn’t available to anyone who doesn’t need it to provide treatment, care and support to you. Your details are kept safe and won’t be made public, passed on to a third party who is not directly involved in your care, used for advertising or sold.

For more information, please read the London Care Record privacy notice for South East London here: SEL-ICS-Privacy-Notice-SEL-London-Care-Record-v1.0-updated.pdf (selondonics.org)

Opting out of the London Care Record

You have the right to object to your information being available through London Care Record. Although patients have the right to object and request restrictions on sharing their records, there may be instances where this request will not be upheld due to a clinical need as determined by the direct care giver. Please discuss this with your GP/ health and social care worker and you can find further information in this London Care Record leaflet.

For further information and advice about data protection or your right to object to sharing your data you can contact the team at Lewisham and Greenwich Trust who manage the London Care Record for South East London www.lewishamandgreenwich.nhs.uk/london-care-record or you can call 020 3192 6011 and leave your name and number for someone to contact you.

If you have already requested to stop sharing on ConnectCare/Local Care Record in South East London, then you will not have to request this again for London Care Record.

Key contacts for data and privacy are:

If you have any queries, concerns or are unhappy about any of our services,

please contact the Practice Manager on 020 8269 2040.

If you would like any further information about primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing or your medical records, then please do contact the surgery’s Caldicott Guardian / Information Governance lead / Data Protection Officer:

Data Protection Officer: Mr David Birkenshaw, [email protected]

Caldicott Guardian: Dr Jonathan Kingston

Senior Information Risk Owner:  Dr Shikha Singh

Information Governance Lead: Ms Harinder Ganger

​Manor Brook Medical Centre is registered with the Information Commissioners Office (ICO) to describe the purposes for which they process personal and sensitive information.

Information Commissioner’s Office Details

If you are unhappy with how information has been handled, please speak to Practice Manager first or for independent advice about data protection, privacy, and data sharing issues, you can contact:

The Information Commissioner

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Phone: 08456 30 60 60

Website: www.ico.gov.uk

Make a complaint – ICO)

Opting out of sharing your data

You can choose whether or not your data is used for research and planning. There are different types of data-sharing you can opt out of.

  1. Stop your GP surgery from sharing your data. This is called a Type 1 Opt-out.

To do this you need to fill in an opt-out form and return it to your GP surgery https://assets.nhs.uk/nhsuk-cms/documents/Type1Opt-outform.docx

Only your GP surgery can process your opt-out form. They will be able to tell you if, and when, you have been opted out.

If you choose a Type 1 Opt-out, your GP will not share your data for research and planning. However, NHS Digital will still be able to collect and share data from other healthcare providers, such as hospitals. We will also still be able to share your data for your direct care, or to provide you with healthcare or treatment.

Find out more about Type 1 Opt-out from NHS Digital’s transparency notice

  1. Stop NHS Digital and other health and care organisations from sharing your data for research and planning. This is called the National Data Opt-out.

To opt out online or find out more, visit Make your choice.

If you choose this opt-out, NHS Digital and other health and care organisations will not be able to share any of your personal data with other organisations for research and planning, except in certain situations. For example, when required by law.

If you want to check if you have opted out, you can enter your details again at Make your choice or check your settings in the NHS App.

You can opt out, or opt back in again, at any time.

Specific Privacy Notices