Fair Processing Notice

Posted by: samj - Posted on:


This document is to explain to you the types of personal data we hold about you and how we may use this information for the benefit of your health and wellbeing.  The document advises you on how we allow your electronic health record be viewed to other organisations across a variety of healthcare settings.  This is subject to your permission, via use of the computer system, SystmOne.  It informs you of your options should you wish to take further control of your SystmOne records.  The information should be carefully considered and any concerns you have about the data we hold, and how we use it, should be raised with us.

The Information we Hold about You

The personal data we hold about you

As your registered GP Practice we hold your electronic health record.  This contains sensitive information about you, your health and your wellbeing.  The following list provides an example of the type of information (both past and present) that can be held within your record: –

  • Demographic and contact details (name, date of birth, address, telephone number, email address, gender, sex, religion, marital status etc,);
  • Appointments and consultations;
  • Diagnoses (including physical disabilities and mental health conditions);
  • Medication, vaccinations, pathology results (e.g. blood tests) and allergies;
  • Social care involvement;
  • Hospital correspondence and correspondence from other health and social care settings (including x-rays, discharge letters and referrals);
  • Relationships/Next of Kin.

Why do we and other organisations need access to your personal data

Why do we need access to your personal data?

This information means we can provide you with high quality direct care in a safe and effective manner.  Being able to see your detailed record allows for an overall picture of your health and wellbeing to be assessed.  This then helps us to diagnose and prescribe appropriate courses of treatment to you.  This means that the most safe and efficient care is provided to you.  We do not want you to have to repeat your medical history and remember every detail, which may or may not be relevant, to every health and social care professional involved in your care.  Lack of access to your information may lead to misdiagnosis, inappropriate prescribing and ineffective treatment.

Why do we need to share your personal data?

We recognise that you will benefit from other health and social care providers that care for you (either currently or in the future) having access to your electronic health (and where applicable social care) records.  This is because they can then make fully informed decisions about the care you require.  The reasons for access to the detailed record, mentioned above, apply across the health and social care profession.  A shared record ensures that care providers always have the most accurate, up to date information.

What do we mean by “Direct Care”?

The term ‘Direct Care’ means a clinical health activity concerned with the prevention and investigation and treatment of illness.  It includes supporting your ability to function and improve your participation in life and society.  It also includes the assurance of safe and high quality care and treatment undertaken by one or more registered and regulated health or social care professionals and their team with whom you have a legitimate relationship for your care purposes.

It does NOT include access to information for purposes such as insurance, advertising or marketing.

We have implied your consent to make your record available to all organisations for direct care purposes

We assume that you are happy to share your detailed electronic health (and where applicable social care) record to anyone that cares for you. We therefore make your record available to all NHS commissioned services and local authorities providing health and social care services, using the clinical record computer system, SystmOne.  This allows for anyone at these organisations who have the appropriate controls to retrieve your electronic record, once you are registered for care.  However, these individuals should only legitimately access your record to provide you with care services.  They must also record your permission to view your record.

The types of organisation, which could be involved in your direct care and therefore need access to your electronic record are: –

  • GP Practices;
  • Community services (for example physiotherapy and diabetic clinics, district nurses and rehabilitation centres);
  • Referral triage centres (services determining which organisation should care for you);
  • Child Health;
  • Urgent Care (for example, A&E, Minor Injury Units (MIU) and Out of Hours Services);
  • Community hospitals;
  • Palliative care;
  • Care homes;
  • Offender health (care providers within organisations such as prisons and custody suites);
  • NHS hospitals;
  • NHS Mental Health Services;
  • Social Care – registered and regulated professionals within social care organisations coordinating care (not social care providers);
  • Community Pharmacy.

To find out more about these types or organisations please go to: http://www.tpp-uk.com/products/systmone/modules or talk to a member of your GP Practice.

If you ARE NOT happy to share your electronic record in this way, please let us know as soon as possible so that we can record your dissent (refusal of permission) and stop your record from being accessed outside of the GP Practice.  You can choose to refuse your permission for any organisation having access to your GP record.

Available Audits

Audits are useful for your understanding about the types of organisations and individual(s) who are viewing your record.  They allow you to raise any concerns about potential illegitimate or unnecessary access of your personal data with the relevant person or organisation.  The ability to audit record access is a significant benefit of electronic records over paper records as it allows for a visible trail to be available to you in the following ways: –

  • Alerts: You can opt to receive an alert via SMS or email every time an individual at any health and social care organisation attempts to record your consent to view your record.  This means that you can be confident that the appropriate people are viewing your record and you can raise concerns with any organisation where you feel this is not the case;
  • SystmOnline Record Audit: You can view which organisations have accessed your electronic health (and where applicable social care) record within SystmOnline.  Ability to access this audit in SystmOnline is controlled by your GP.  Any concerns about access can be raised with the relevant organisation.  Please see the SystmOnline eDSM functional guide for patients, which can be accessed via the Moat House Surgery;
  • Record Sharing List:  You can ask your GP Practice to show you a list of all health and social care organisations currently caring for you and whether they have recorded your consent or dissent to view your record.  If you disagree with the consent options recorded then you (or your GP) should contact those organisations and ask them to amend the setting.