We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice Direct Care
Routine Care and Referrals
This practice keeps data on you relating to who you are, where you live, what you do, your family, possibly your friends, your employers, your habits, your problems and diagnoses, the reasons you seek help, your appointments, where you are seen and when you are seen, who by, referrals to specialists and other healthcare providers, tests carried out here and in other places, investigations and scans, treatments and outcomes of treatments, your treatment history, the observations and opinions of other healthcare workers, within and without the NHS as well as comments and aide memoires reasonably made by healthcare professionals in this practice who are appropriately involved in your health care.
When registering for NHS care, all patients who receive NHS care are registered on a national database, the database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS Data.
GPs have always delegated tasks and responsibilities to others that work with them in their surgeries, on average an NHS GP has between 1,500 to 2,500 patients for whom he or she is accountable. It is not possible for the GP to provide hands on personal care for each and every one of those patients in those circumstances, for this reason GPs share your care with others, predominantly within the surgery but occasionally with outside organisations. If your health needs require care from others elsewhere outside this practice we will exchange with them whatever information about you that is necessary for them to provide that care. When you make contact with healthcare providers outside the practice but within the NHS it is usual for them to send us information relating to that encounter. We will retain part or all of those reports. Normally we will receive equivalent reports of contacts you have with non NHS services but this is not always the case.
Your consent to this sharing of data, within the practice and with those others outside the practice is assumed and is allowed by the Law.
People who have access to your information will only normally have access to that which they need to fulfil their roles, for instance admin staff will normally only see your name, address, contact details, appointment history and registration details in order to book appointments, the practice nurses will normally have access to your immunisation, treatment, significant active and important past histories, your allergies and relevant recent contacts whilst the GP you see or speak to will normally have access to everything in your record.
You have the right to object to our sharing your data in these circumstances but we have an overriding responsibility to do what is in your best interests. Please see below.
We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.
Data Controller contact details
The New Surgery
128 Canterbury Road
Folkestone
CT19 5SR
Data Protection Officer contact details
The Data Protection Officer (DPO) is Dr M Mukherjee.
Purpose of the processing
Direct Care is care delivered to the individual alone, most of which is provided in the surgery or at the Urgent Treatment Centre After a patient agrees to a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care.
ACR project for patients with diabetes
The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and confirm that you wish them to send you a test kit.
This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care. Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care.
Further information about this is available on the Minuteful website
Lawful basis for processing
The processing of personal data in the delivery of direct care and for providers' administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:
- Article 6(1)(e) '...necessary for the performance of a task carried out in the public interest or in the exercise of official authority...'.
- Article 9(2)(h) 'necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...'
We will also recognise your rights established under UK case law collectively known as the "Common Law Duty of Confidentiality"
Recipient or categories of recipients of the processed data
The data will be shared with Health and care professionals and support staff in this surgery and at hospitals, diagnostic and treatment centres who contribute to your personal care.
Rights to object
You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance.
Right to Access and Correct
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.
Retention Period
The data will be retained in line with the law and national guidance.
View Records Management Code of Practice for Health and Social Care 2016 or speak to the practice.
Right to Complain
You have the right to complain to the Information Commissioner's Office.
There are National Offices for Scotland, Northern Ireland and Wales (see ICO website).
Common Law Duty of Confidentiality
Common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as 'judge-made' or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent.
The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider's consent.
In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.
Three Circumstances Making Disclosure of Confidential Information Lawful:
- Where the individual to whom the information relates has consented;
- Where disclosure is in the public interest; and
- Where there is a legal duty to do so, for example, a court order.
There is a more in-depth Privacy Notice available. If you wish to view this, please contact the practice.
Emergencies
There are occasions when intervention is necessary in order to save or protect a patients life or to prevent them from serious immediate harm, for instance during a collapse or diabetic coma or serious injury or accident. In many of these circumstances the patient may be unconscious or too ill to communicate. In these circumstances we have an overriding duty to try to protect and treat the patient. If necessary we will share your information and possibly sensitive confidential information with other emergency healthcare services, the police or fire brigade, so that you can receive the best treatment.
The law acknowledges this and provides supporting legal justifications.
Individuals have the right to make pre-determined decisions about the type and extend of care they will receive should they fall ill in the future, these are known as “Advance Directives”. If lodged in your records these will normally be honoured despite the observations in the first paragraph.
Data Controller contact details
The New Surgery
128 Canterbury Road
Folkestone
CT19 5SR
Data Protection Officer contact details
The Data Protection Officer (DPO) is Dr M Mukherjee.
Purpose of the processing
Doctors have a professional responsibility to share data in emergencies to protect their patients or other persons. Often in emergency situations the patient is unable to provide consent.
Lawful basis for processing
This is a Direct Care purpose. There is a specific legal justification;
- Article 6(1)(d) “processing is necessary to protect the vital interests of the data subject or of another natural person”
And
- Article 9(2)(c) “processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent”
Or alternatively
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
We will also recognise your rights established under UK case law, collectively known as the “Common Law Duty of Confidentiality”
Recipient or categories of recipients of the shared data
The data will be shared with Healthcare professionals and other workers in emergency and out of hours services and at local hospitals, diagnostic and treatment centres. (if preferred list actual named services).
Rights to object
You have the right to object to some or all of the information being shared with the recipients. Contact the Data Controller or the practice.
You also have the right to have an “Advance Directive” placed in your records and brought to the attention of relevant healthcare workers or staff.
Right to access and correct
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law. If we share or process your data in an emergency when you have not been able to consent, we will notify you at the earliest opportunity.
Retention period
The data will be retained in line with the law and national guidance.
Right to Complain
You have the right to complain to the Information Commissioner's Office.
There are National Offices for Scotland, Northern Ireland and Wales (see ICO website).
There is a more in-depth Privacy Notice, if you wish to view this please contact the practice.
Direct Care Privacy Notice
The New Surgery uses your information to provide you with healthcare.
This practice keeps medical records confidential and complies with data protection legislation.
We hold your medical record so that we can provide you with safe care and treatment.
We are required by law to provide you with the following information about how we handle your information. Our full list of Privacy Notices can be found under About Our Surgery.
Data Controller contact details
The New Surgery
128 Canterbury Road
Folkestone
CT19 5SR
Purpose of the processing
To give direct health or social care to individual patients.
For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
A list of Practice processing activities can be found here - About Our Surgery.
Information we collect and use
- Special data information including racial or ethnic origin; religious or philosophical beliefs; genetic data; biometric data (where used for identification purposes); data concerning health; data concerning a person’s sex life; and data concerning a person’s sexual orientation.
- Demographics: name, address, date of birth, postcode, and NHS number
- Medical history
- Adult and Children safeguarding information
- Third party identifying data: basic details about other individuals that may be involved in providing your care and support services, e.g. emergency contacts, relatives, mobility services providers, home care support.
Lawful basis for processing
These purposes are supported under the following sections of the UK General Data Protection Regulations:
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
- Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018
The legal obligation relies on the Health and Social Care Act 2012 s251(b) (as amended by the Health and Social Care (Safety and Quality) Act 2015 which created a statutory ‘duty to share’).
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” to keep information about you confidential.
Recipient or categories of recipients of the processed data
Please see our main privacy notice for a full list of organisation we share information with
The Practice may also receive information about your health from these organisations who are involved in providing you with health and social care. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.
NHS Summary Care Record
The Summary Care Record is an electronic record of important patient information created from GP Medical Records. They can be seen and used by authorized staff in other areas of the health and social care system involved in a patient’s direct care.
Read the Summary Care Record on the NHS Digital website
National Screening Programmes
The NHS provides national screening programmes so that certain diseases can be detected at an early stage. The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme.
More information regarding screening programmes can be found on the UK Gov website
Kent and Medway Care Record (KMCR)
The New Surgery are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform.
This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data.
Population Health Management
Your information is passed, with all identifiers removed to NHS Kent and Medway for public health management. This enables the Practice to identify the appropriate level of care and services for distinct groups of patients. It is the process of assigning a risk status to patients, then using this information to direct care and improve overall health outcomes.
National Data Opt-out
The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning.
The National Data opt-out can be applied online
It is worth noting that in a small number of exceptional circumstances, where senior health care professionals can decide to share information based on public interest, and in these cases the National Data Opt-out does not apply.
The Confidentiality Advisory Group (CAG) considers applications for the use of patient data without consent under the following regulations of Control of Patient Information Regulations 2002 , Section 251 of the NHS Act 2006:
- Regulation 2 – for diagnosis and treatment of cancer
- Regulation 5 – for general medical and research purpose
Specific exemptions to the national data opt-out policy have been made for disclosure of data for:
- Public Health England National Disease Registers
- Assuring Transformation
- National patient experience surveys
There are also specific policy considerations for NHS Digital, as the national safe haven of health and care data with specific powers under the Health and Social Care Act 2012. National data opt-outs do not apply where NHS Digital indicate data should be provided to them under s259 of the Health and Social Care Act 2012.