GDPR & Confidentiality
At Patient First we provide a confidential service to all our patients.
You can be sure that anything you discuss at any one of our sites, with any member of staff, will remain confidential.
Even if you are under 16 nothing will be said to anyone – including parents, other family members, care workers or tutors - without your permission.
The only reason we may have to consider passing on confidential information without your permission would be to protect you or someone else from serious harm. However, we would always try to discuss this with you first.
Third party processors
In order to deliver the best possible service, the practice will share data (where required) with other NHS bodies such as other GP practices and hospitals. In addition the practice will use carefully selected third party service providers.
When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately.
Examples of functions that may be carried out by third parties includes:
Companies that provide IT services & support, including our core clinical systems;
systems which manage patient facing services (such as our website and service accessible through the same);
data hosting service providers;
systems which facilitate appointment bookings or electronic prescription services;
document management services etc.
Further details regarding specific third party processors can be supplied on request.
We are registered with the Information Commissioner's Office. Your data is protected.
See our Privacy Poster and other related documents.
There are strict laws and regulations to ensure your health records are kept confidential and can only be accessed by health professionals directly involved in your care. There are a number of different laws that relate to health records. The two most important laws are:
Under the terms of the Data Protection Act (1998), and now the GDPR 2018, organisations such as the NHS must ensure that any personal information it gathers in the course of its work is only used for the stated purpose of gathering the information (which in this case would be to ensure that you receive a good standard of healthcare) and kept secure.
It is a criminal offence to breach the Data Protection Act (1998) and doing so can result in imprisonment.
The Human Rights Act (1998) also states that everyone has the right to have their private life respected. This includes the right to keep your health records confidential. Source: http://www.nhs.uk/nhsengland/thenhs/records/healthrecords/pages/overview.aspx
Below is a link to the NHS England 2015 Confidentiality Policy for your information.