This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.
 

Fair Processing Notice

Privacy Notice

BrisDoc is a GP-led organisation which was initially formed in 2001 by local GPs in South Bristol.  Today, BrisDoc continues to be owned and run by its workforce, as part of the NHS family, most of whom live and work in the community we serve.

BrisDoc works exclusively for the NHS and provides the following services:

  • An Out of Hours Service – for urgent care when your regular GP Practice is closed, covering the population of Bristol, North Somerset and South Gloucestershire
  • GP Services at the Bristol Royal Infirmary and Southmead Hospital that assess ambulatory (lower risk) patients who may otherwise need an admission to hospital
  • Broadmead Medical Centre – our city centre, extended hours GP Practice and Walk-in service
  • Northville Family Practice – GP surgery
  • Bishopston Medical Practice – GP surgery
  • Charlotte Keel Medical Centre – GP surgery
  • Homeless Health Service – GP surgery dedicated to those who are homeless or in vulnerable housing

Combined, BrisDoc provides services 24/7 with a focus on prioritising patient care in our local community.

What is a Privacy Notice?

A privacy notice is a statement that describes how BrisDoc collects, uses, retains and discloses your Patient Data. Different Organisations sometimes use different terms and it can be referred to as a privacy statement, a fair processing notice or a privacy policy.

To ensure that we process your personal data fairly and lawfully we are required to inform you:

  • Why we need your data
  • How it will be used and
  • With whom it may be shared.

For the purposes of the General Data Protection Regulations (GDPR), BrisDoc is a “Data Controller”, registered as such with the Information Commissioner’s Office (notification number Z9771266).

The Data Protection Act 1998 is now part of the General Data Protection Regulation (GDPR) from 25 May 2018. The aim of GDPR is to standardise Data Protection Regulations across Europe. These new rules are similar to the Data Protection Act, but further strengthen rights, and empower individuals by giving you more control over your personal data, bringing a new age of compliance and accountability.

How your information is used, and your rights explained:

This Privacy Notice confirms BrisDoc has all the relevant processes and procedures in place to deal with those wishing to exercise their rights, and to assure patients and the public that information held by BrisDoc, in all formats, is processed and shared, where appropriate, fairly, lawfully and securely.

GDPR states those who record and process personal information must be open about how the information is used, and must ensure personal data is:

  1. Processed lawfully, fairly and in a transparent manner
  2. Collected for specific, lawful and legitimate purposes
  3. Adequate, relevant and limited to what is necessary for the purpose
  4. Accurate and up to date
  5. Kept for no longer than necessary
  6. Protected and processed securely.

BrisDoc uses personal, sensitive, medical and confidential information for a number of specific purposes in order to provide individual care, and to support improving health care and services, through research and planning across a range of services and locations throughout Bristol, North Somerset and South Gloucestershire. Information processed by BrisDoc is done:

  • To provide safe and effective preventative healthcare services and patient care
  • For tasks carried out in the public interest/public health
  • To plan future services
  • For historical, statistical or research purposes
  • Under Legal obligation or performance of an NHS contract
  • For the purpose of carrying out obligations under Employment Law
  • To contact you with regards to services you have received from us
  • To investigate complaints and legal claims
  • To prevent serious crime and fraud.

Lawful basis for processing

Processing of data as described in this notice is supported under the following sections of the GDPR:

Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” 

What laws are relevant to the handling of personal information?

The UK and European law determines how organisations can use personal information. The key legislation and guidance governing the use of information are listed below:

  • European Data Protection Regulation (formerly The Data Protection Act 1998)
  • The Human Rights Act 1998
  • Freedom of Information (Scotland) Act 2002
  • Computer Misuse Act 1998
  • Access to Health Records Act 1990
  • Health and Social Care Act 2015
  • The Human Rights Act 1998
  • Common law Duty of Confidentiality
  • NHS Codes of Practice

Information we collect about you

The health care professionals who provide you with care maintain records about your health and can usually view records of any treatment or care you have received previously (e.g. from Hospitals, GP Surgeries, A&E, etc.). These records help to provide you with the best possible healthcare.

Records which BrisDoc will hold about you when you have used one of our services may include the following:

  • Details about you, such as your address, contact details and next of kin
  • Any contact we have had with you, such as appointments, telephone consultations, visits to our Primary Care Centres/Clinics/Surgeries or home visits to you by us
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations, such as laboratory tests and x-rays.
  • Relevant information from other health professionals, relatives or those who care for you

Consent, Data Processing and Data Sharing:

  • For most purposes, we will only process your Patient Data with your consent. If consent is given, all patients have the right to withdraw their consent at any time.
  • There will be occasions when Patient Data will be shared without consent, particularly to protect vulnerable adults and children, to prevent serious crime or to protect public health.
  • Where consent is required and the Patient lacks the capacity to give consent, a legal representative, power of attorney, parent/guardian may consent on their behalf or, in a situation of clinical urgency, the clinician may access Patient Data in the best interests of providing good patient care. Your clinician/care provider will discuss with you the reasons for this where feasible.
  • There are specific and clearly defined circumstances where we are required by law to share patient information which can identify you.
  • BrisDoc has an obligation to assist in the prevention of crime and we may supply information to the Police, provided we are satisfied that the request is connected to an investigation and that disclosure would be lawful and proportionate.
  • BrisDoc has a legal obligation to safeguard public funds and we reserve the right to check information you have provided for accuracy, in order to detect fraud. We participate in anti-fraud data matching exercises carried out by other agencies such as the NHS Counter Fraud Authority.
  • BrisDoc will share data with local GP Practices, NHS Trusts and Hospitals, Ambulance Services, NHS111 and Community healthcare providers who are directly involved in your care.
  • BrisDoc does not sell or otherwise share personal details to any external or third-party organisations.
  • Wherever possible we will use only anonymised data for research, audit and planning purposes.
  • A number of statistical analytical exercises may be carried out on the information we hold in order to monitor our performance and to improve our service. These statistics may be published or shared with other organisations, but no individual will be possible to identify from the data.

Data Confidentiality and Data Security

  • BrisDoc is committed to taking all reasonable measures to ensure the confidentiality and security of sensitive personal data for which we are responsible, whether computerised or on paper
  • All patients and employees have the right to be informed if they have been involved in a personal data breach
  • All staff are required to undertake annual information governance training and to be familiar with information governance policies and procedures
  • Everyone working for the NHS is subject to the NHS Code of Confidentiality Information provided in confidence will only be used for the purposes advised and normally consented to by the service user, unless required or permitted by the law
  • We make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed
  • Our Senior Information Risk Owner (SIRO) is accountable for the management of all information assets and any associated risks and incidents
  • The BrisDoc Caldicott Guardian, has the responsibility to ensure the protection of patient confidentiality throughout the organisation in accordance with your legal rights
  • Our Data Protection Officer Monitors compliance, Data Protection Policies and Procedures on behalf of the Controller
  • Should we name the above?

They can be contacted by writing to:

Senior Information Risk Owner /Caldicott Guardian/ Data Protection Officer
BrisDoc Healthcare Services

Unit 21 Osprey Court

Bristol

BS14 0BB

How can I access my personal data?

If you would like to receive a copy of all or part of your medical record, you have the right to request this under a Subject Access Request.

There will be no charge for receiving copies of your medical information held by BrisDoc, but there may be a charge for additional copies or if you have received it previously (what does this mean?). If preferred, an electronic copy can be requested. Your right is to the data relating to you and you only, and not necessarily the record itself which can, where appropriate, be redacted if third parties are named.

The Act gives you the statutory right of access to any health record whether manual (paper) or computerised (although  different  regulations apply for access to a deceased persons’ notes). You can authorise someone else to make the application on your behalf and if you have parental responsibility you may make an application to see your child’s notes. In certain circumstances, your records or part of your records may be withheld. If this is the case the reason(s) will be discussed with you.

If you are not satisfied with the response you receive you may refer your complaint to an independent arbiter such as the Information Commissioner.

How long do I need to wait to receive a copy of my medical record?

Requests for access to medical records should be completed within 30 days of receipt of request. This can be extended by up to an additional 60 days, if the request is deemed complex, requires additional clarification or multiple requests have been made. BrisDoc will provide a clear explanation as to why this timescale might be extended in the event of a complex query.

If you would like a copy of some or all of your personal information, please contact the Practice Manager of the surgery and/or the Information Requests Coordinator (at the address below). Email address?

BrisDoc Healthcare Services

Unit 21 Osprey Court

Bristol

BS14 0BB

What if I believe data held about me is incorrect or inaccurate?

If at any time you feel information held by BrisDoc relating to you is incorrect, please notify us and it will be investigated. Rectification requests on non factual information, or opinions, are unlikely to be successful, but will be assessed on a case by case basis.

You may exercise your right to object to data being processed if you believe data about you is being collected, processed or shared unlawfully, and whilst this is investigated, it may be restricted until a decision is made. You have the right to withdraw your consent to data processing and usage at any time. On investigation, it is the responsibility of BrisDoc to justify why we are continuing to process the data or if the objection will be upheld.

You also have the right to object to direct marketing at any time and ask for it to stop. Why would this happen?

BrisDoc is not involved with ‘selling’ goods or services, but may use data held to invite people to attend for screening or vaccinations.

When we receive any request to access, edit or delete personal identifiable information, we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

If at any time you feel information held by NHS Western Isles relating to you is incorrect, please notify us and it will be investigated. Rectification requests on non factual information, or opinions, are unlikely to be successful but will be assessed on a case by case basis.

You may exercise your right to object to data being processed if you believe data about you is being collected, processed or shared unlawfully, and whilst this is investigated, it may be restricted until a decision is made. You have the right to withdraw your consent to data processing and usage at any time. On investigation, it is the responsibility of NHS Western Isles to justify why we are continuing to process the data or if the objection will be upheld. You also have the right to object to direct marketing at any time and ask for it to stop. NHS Western Isles would never be ‘selling’ goods or services, but may be inviting people to attend for screening or vaccinations.

How can I remove my information from your records/systems?

GDPR gives you the right to request the erasure of data. In a healthcare setting, it would be very uncommon for such a request to be approved, as the risks associated with removal or deletion of health information could seriously harm or endanger a patient/staff member. Patients’ records also become legal documents in some cases, and BrisDoc has a legal obligation under employment contracts and various legislation to retain all documentation. Please direct any such request or concern to the service manager and/or Data Protection Officer (at address below).

BrisDoc Healthcare Services

Unit 21 Osprey Court

Bristol

BS14 0BB

How long is my health information kept?

BrisDoc applies to its records the retention and destruction schedules contained in Records Management NHS Code of Practice for Health and Social Care. The table below lists a subset of the retention periods.

 Record Type Record Retention Period 
Adult Health Record10 years after date of last entry or 3 years after death if earlier
Children and Young Peoples RecordsRetain until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 3 years after death
Complaints8 years from completion of action

What if I want my data transferred to another organisation?

The right to portability ensures a person has a right to request their data in a structured, commonly used readable format, in order to be transferred to another system or organisation. The processing has to have been carried out automatically by electronic means but can include data observed by the use of a service or device (for example, X-rays or ECG tracings). Portability is not erasure, but simply another possible format for disclosure of certain information.

If you believe any decisions are being made by an automated decision making process you can object to this, unless necessary for the performance of a contract or authorised by law. GDPR states this right may be exercised in order to ensure some sort of human element/involvement in the decision making process, giving patients a right to express their view or contest the decision and to have an explanation about what is being done.

What do I do if I have a Complaint?

It is BrisDocs’ aim  to provide you with the best possible care , and ensure you have a positive experience. However, if you have been unhappy with any aspects of your care, you can raise any issues with us by contacting:

Complaints Officer

BrisDoc Healthcare Services

Unit 21 Osprey Court

Bristol

BS14 0BB

For independent advice about data protection, privacy and data-sharing issues,  we are unable to resolve your complaint you can contact:

The Information Commissioner

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113     Website: www.ico.gov.uk

Reviews of and Changes to our Fair Processing Notice

We will keep our Privacy Notice under regular review.

This notice was last reviewed May 2018



 
Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website