Practice privacy notice
Ochil Medical Practice has a legal duty to explain how we use any personal information we collect about you, as a registered patient at the practice. Staff at this practice maintain records about your health and the treatment you receive in electronic and paper format.
What information do we collect about you?
We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.
How we will use your information
Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases when the law allows.
Sometimes the NHS also uses relevant information about your health to help improve NHS services and public health in Scotland – for example, to find out how many people have a particular illness or disease. If so, information that identifies you is removed if possible. If the NHS uses information that does identify you (for example, to include it in a disease register), they must explain how and why your information will be used.
Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the GDPR.
Maintaining confidentiality and accessing your records
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the UK General Data Protection Regulation (UKGDPR), the NHS Scotland Code of Practice, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected.
Risk stratification
Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including Ochil Medical Practice this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.
Invoice validation
Your information may be shared if you have received treatment to determine which health board is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
Opt-outs
You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by writing to NSS or www.spire.scot/my-choices, preventing your information from being shared outside this practice.
Retention periods
In accordance with the Records Management NHS Codes of Practice (Scotland), your healthcare records will be retained for the duration of your life and for 3 years after your death.
The Right to Rectification
If the personal information we hold about you is inaccurate or incomplete you have the right to have this corrected. If it is agreed that your personal information is inaccurate or incomplete we will aim to amend your records accordingly, normally within one month, or within two months where the request is complex. However, we will contact you as quickly as possible to explain this further if the need to extend our timescales applies to your request. Unless there is a risk to patient safety, we can restrict access to your records to ensure that the inaccurate or incomplete information is not used until amended. If for any reason we have shared your information with anyone else, perhaps during a referral to another service for example, we will notify them of the changes required so that we can ensure their records are accurate.If, on consideration of your request NHS Forth Valley does not consider the personal information to be inaccurate, then we will add a comment to your record stating your concerns about the information. If this is the case we will contact you within one month to explain our reasons for this.
If you are unhappy about how NHS Forth Valley has responded to your request for rectification we will provide you with information on how you can complain to the Information Commissioner’s Office (ICO), or how to take legal action.
Further details about this are also available on their website at www.ico.org.uk
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
The Right to Object
When NHS Forth Valley is processing your personal information for the purpose of the performance of a task carried out in the public interest or in the exercise of official authority you have the right to object to the processing and also seek that further processing of your personal information is restricted. Provided NHS Forth Valley can demonstrate compelling legitimate grounds for processing your personal information, for instance; patient safety or for evidence to support legal claims, your right will not be upheld.
What to do if you have any questions
Should you have any questions about our privacy policy or the information we hold about you, you can:
Contact the practice’s data controller via email at FV.gp25027alloa2adm@nhs.scot GP practices are data controllers for the data they hold about their patients[1]
Write to the data controller at Ochil Medical Practice, CCHC, Hallpark Road, Sauchie, FK10 3JQ
Ask to speak to the practice manager Elin Pearson
The Data Protection Officer (DPO) for Ochil Medical Practice is Deirdre Coyle, Head of Information Governance, NHS Forth Valley. Fv.informationgoverance@nhs.scot
Complaints
In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’.
Changes to our privacy policy
We regularly review our privacy policy and any updates will be published on our website, on our Reception Screen and on posters to reflect the changes. This policy is to be reviewed May 2022.
[1] BMA GPs as data controllers under the GDPR