In compliance with the principals of the General Data Protection Regulation (GDPR), which become law of 25th May 2018, Park Medical Practice makes the following declaration;
As controllers of personal patient and staff data, we pledge to be open and transparent about how data are used and that the data are handled in line with individuals’ reasonable expectations. We pledge to process the data we hold fairly, lawfully and transparently.
Disclosures required by law
In order to comply with its legal obligations, this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012.
This practice contributes to national clinical audits and will send the data which are required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form, for example, the clinical code for diabetes or high blood pressure.
Disclosures for health management purposes
This practice contributes to medical audit for the purpose of health management for example the National Diabetes Audit, Inform.
Patient & Staff data processing
We will process patient data under the lawful basis under Article 6 (1)(e) and 9(2)(h) for the provision of direct patient care. Examples of where this may happen are;
- referrals to or liaison with other healthcare providers
- Contacting patients via post, telephone, mobile (including text messages regarding appointments & health information) or email
We will process staff data under the lawful basis under Article 6 (1)(b) for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. We may also provide staff information to occupational health providers under Article 9(2)(h) for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee.
We may record CCTV under the lawful basis under Article 6(1)(e) for the performance of a task carried out in the public interest (e.g. prevention or detection of crime).
The GDPR introduces the right to have personal data removed, this in known as “the right to be forgotten”. Individuals can make a request and the practice will respond within one month; however this right is not absolute and only applies in certain circumstances.
If you have any questions or concerns that you would like to raise with the practice, you can contact us using the following details;
Practice contact address
The Park Medical Practice, Cottam Lane Surgery, Cottam Lane, Ashton Preston PR2 1JR
Where local resolution cannot be found, staff and patients have the right to lodge a complaint with the Information Commissioners Office (ICO). www.ico.org.uk