Your Information and How it is Used
Coronavirus (COVID-19) response transparency notice
NHS Digital are undertaking a range of work to support the government response to the coronavirus outbreak. This notice details our legal bases for processing personal data in the course of this work.
COVID-19 purposes include but are not limited to the following purposes:
- understanding COVID-19 and risks to public health, trends in COVID-19 and such risks, and controlling and preventing the spread of COVID-19 and such risks
- identifying and understanding information about patients or potential patients with or at risk of COVID-19, information about incidents of patient exposure to COVID-19 and the management of patients with or at risk of COVID-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from COVID-19
- understanding information about patient access to health services and adult social care services as a direct or indirect result of COVID-19 and the availability and capacity of those services
- monitoring and managing the response to COVID-19 by health and social care bodies and the Government including providing information to the public about COVID-19 and its effectiveness and information about capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services
- delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with COVID-19, including the provision of information, fit notes and the provision of health care and adult social care services
- research and planning in relation to COVID-19
For more information, see these links:
Your Health and Care Records
What is patient information?
When you visit an NHS or social care service, information about you and the care you receive is recorded and stored in a health and care record. This is so that people caring for you can make the best decisions about your care.
Find out about the types of records and how to access them.
The information in your records can include your:
- Name, age and address
- Health conditions
- Treatments and medicines
- Allergies and past reactions to medications
- Tests, scans and x-ray results
- Lifestyle information, such as whether you smoke or drink
- Hospital admission and discharge information
Click on the link below for more information:
A Privacy Notice contains important information about how we use the personal and healthcare information we collect on your behalf – please read it carefully.
Your Confidential Records
You can be assured that your medical records are safe with Whiteladies Medical Group. We will only share data that identifies you under the following circumstances:
- With other health care professionals (hospital or community staff) as part of an agreed plan of treatment
- With your explicit consent, e.g. for participation in research studies
- In circumstances where it is in the interests of your health and you are not able to give consent, e.g. if you are unconscious
- Where we are obliged to divulge information under the Health & Social Care Act 2012, e.g. in the case of a national emergency or pandemic
- Where we are required to do so for health service planning purposes and you have not explicitly opted out of having your data shared (see below)
Our strict rules about confidentiality mean that we will not discuss your medical affairs even with your close family unless you give us permission to do so. This includes details of appointments you have made. If you would like your partner, parent, son/daughter or carer to be able to speak to us on your behalf, you must tell us beforehand. Please ask our Reception Team for a consent form if you require an ongoing arrangement for sharing consent. You can withdraw your consent at any time.
You have the right to control how medical information about you is shared, disseminated or sold, for purposes other than your direct medical care – so called secondary uses (or purposes).
Secondary uses include projects involved in risk stratification, population health management, national clinical audits, research, healthcare planning, commissioning of healthcare services by CCGs, commercial and even political uses. You can control your personal confidential information by opting out of data sharing. Please see this data flow chart fora summary that may help with understanding this flow of information.
Please read this page from NHS digital regarding common misconceptions with data sharing - Mythbusting social media posts about the national data opt-out
There are 2 types of data sharing:
NHS Digital Data Extraction
Your data matters to us at Whiteladies Medical Group.
In a letter to all GPs, 19 July 2021, Parliamentary Under Secretary of State Jo Churchill set out a new process for commencing data collection, moving away from a previously fixed date of 1 September.
- Your GP holds your health record, and it is used by them and other parts of the NHS for your direct care.
- NHS Digital also uses some of this data for research, planning, and improving the NHS for everyone.
About the General Practice Data for Planning and Research programme
NHS Digital is making improvements to how data is collected from general practice, this new framework for data extraction is called the General Practice Data for Planning and Research data collection (GPDPR). The goal of this new system is to:
- reduce burden on GP practices in managing access to patient data and maintain compliance with relevant data protection legislation
- improve protections through the consistent and rigorous review of all applications for access to patient data
- make it easier for patients to understand how their health and care data is being used, including increasing use of Trusted Secure Environments that avoids data flowing outside the NHS
This new NHS Digital service will collect data from GP practices in England and will analyse, publish statistical data and provide safe, secure, lawful and appropriate access to GP data for health and social care purposes. This will include planning, commissioning, policy development, public health purposes (including COVID-19) and research.
NHS Digital is engaging with the British Medical Association (BMA), Royal College of General Practitioners (RCGP) and the National Data Guardian (NDG) to ensure relevant safeguards are in place for patients and GP practices.
Protecting Patient Data
All data will be pseudonymised and encrypted by your GP system suppliers on your behalf before it is transferred to NHS Digital. Access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed, e.g. written consent for a research study.
As with the COVID-19 collection, access to the data will be through the NHS Digital Data Access Request Service (DARS) and will be subject to a robust approvals process, which includes oversight by the Independent Group Advising on Release of Data (IGARD) and a Professional Advisory Group, which is made up of representatives from the BMA and RCGP.
The NHS uses information about patients (patient data) to research, plan and improve:
- the services the NHS offer
- the treatment and care patients receive
The NHS gets this data from your GP surgery, hospitals and other healthcare providers. The organisation that collects your data is called NHS Digital.
To help improve services, NHS Digital shares this data with researchers from organisations such as universities or hospitals. This type of data-sharing has been happening for many years.
All data that is collected and shared is protected by strict rules around privacy, confidentiality and security.
If you don’t want your identifiable patient data to be shared for purposes except for your own care, you can opt-out by registering a Type 1 Opt-out or a National Data Opt-out, or both.
Please visit the NHS pages below for more information on how your data is shared and how to register a Type 1 and National Data opt-out.
Data Security and Governance
The Government has committed that access to GP data will only be via a Trusted Research Environment (TRE) and never copied or shipped outside the NHS secure environment, except where individuals have consented to their data being accessed e.g. written consent for a research study. This is intended to give both GPs and patients a very high degree of confidence that their data will be safe and their privacy protected.
The TRE will be built in line with best practice developed in projects, such as OpenSAFELY and the Office for National Statistics’ Secure Research Service.
We are also committed to adopting a transparent approach, including publishing who has run what query and used which bit of data. We are developing a TRE which will meet our specific needs and act as 'best in class'.
We commit to only begin the data collection once the TRE is in place. Further, we will ensure that the BMA, RCGP and the National Data Guardian have oversight of the proposed arrangements and are satisfied with them before data upload begins.
I can also confirm that the previously published Data Provision Notice for this collection has been withdrawn.
Once the data is collected, it will only be used for the purposes of improving health and care. Patient data is not for sale and will never be for sale.
Transparency, communications and engagement
There has been a great deal of concern regarding the lack of awareness amongst the healthcare system and patients. We recognise that we need to strengthen engagement, including opportunities for non-digital engagement and communication.
Since the programme has been paused, we have been developing an engagement and communications campaign, with the goal of ensuring that the healthcare system and patients are aware and understand what is planned, and can make informed choices. The public rightly look to and trust general practice - through a centrally driven communication campaign, with clear messages, we will seek to ensure that the introduction of this collection does not impose an additional burden on practices.
We are developing a communications strategy delivered through four phases.
- Listening - where we listen to stakeholders and gather views on how best to communicate with the profession, patients and the public and give them the opportunity to inform the development of the programme in areas such as opt-outs, trusted research environments and other significant areas
- Consultation - a series of events where we can explain the programme, listen and capture feedback and co-design the information campaign
- Demonstration - show how feedback is being used to develop the programme and shape communications to the healthcare system and the public
- Delivery - of an information campaign to inform the healthcare system and the public about changes to how their GP data is used, that utilises the first three phases to ensure the campaign is accessible, has wide reach and is effective
Data saves lives. The vaccine rollout for COVID-19 could not have been achieved without patient data. The discovery that the steroid Dexamethasone could save the lives of one third of the most vulnerable patients with COVID-19 – those on ventilators - could not have been made without patient data from GP practices in England. That insight has gone on to save a million lives around the globe. That is why this programme is so important.
The programme and I will be providing further information as the programme progresses. In the meantime, if you have any questions, you can contact the programme at firstname.lastname@example.org.
The NHS Digital web pages also provide further information at https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research#additional-information-for-gp-practices.
Q&A NHS Digitial & Data Collections
Why NHS Digital collects general practice data?
- NHS Digital is the national custodian for health and care data in England and has responsibility for standardising, collecting, analysing, publishing and sharing data and information from across the health and social care system, including general practice.
- NHS Digital collected patient data from general practices using a service called the General Practice Extraction Service (GPES), now known as GPDPR which has operated for over 10 years and now needs to be replaced.
- NHS Digital has engaged with doctors, patients, data and governance experts to design a new approach to collect data from general practice that:
- reduces burden on GP practices
- explains clearly how data is used
- supports processes that manage and enable lawful access to patient data to improve health and social care
Does NHS Digital sell my Data to third parties?
The NHS shares some data, in which nobody can identify you, with trusted third parties, in order to improve the NHS for you and everyone else.
This includes with:
- NHS planners
- university researchers
- scientists researching medicines
We only share data when there is a proven benefit to the NHS, and access is strictly controlled.
You data won't be shared with
- Your data is not shared for commercial purposes
- Your data is not shared with insurers
- Your data is not sold
Please see our Privacy Notice for further information on how else your data might be shared by the practice.
If you want any more information, please contact our Data Protection Officer email@example.com
Summary Care Record (SCR)
Your Summary Care Record is different to the above sharing for secondary uses. Your SCR is used to assist in provision of care for you. Access to SCR information means that care in other settings is safer, reducing the risk of prescribing errors. It also helps avoid delays to urgent care.
At a minimum, the SCR holds important information about;
- current medication
- allergies and details of any previous bad reactions to medicines
- the name, address, date of birth and NHS number of the patient
Additional Information in the SCR, such as details of long-term conditions, significant medical history, or specific communications needs, is now included by default for patients with an SCR, unless they have previously told the NHS that they did not want this information to be shared. There will also be a temporary change to include COVID-19 specific codes in relation to suspected, confirmed, Shielded Patient List and other COVID-19 related information within the Additional Information.
All of our patients who have not chosen to opt out have a Summary Care Record that can be accessed, with the patient’s consent, by hospital and out of hours staff.
You may choose to opt out of having a Summary Care Record. The websites below will help you to decide on the risks and benefits.
If you would like to opt out, please print off and complete the following consent form and return it to the surgery.
Anything that you discuss with any member of the Practice Team will remain confidential. The only circumstances under which we might consider passing on confidential information without your permission, would be to protect you or someone else from serious harm and in these cases we would always try to discuss this with you first.
To release information to a third party, insurance company, solicitor or other organisations we require that you sign and date a consent form for disclosure. In most instances a template will be provided by the organisation however we are happy to accept a handwritten, signed and dated letter from the patient. In some cases patients might want another individual or family member to have access to medical records; again in this case, explicit instructions are required from the patient in order to carry out their wishes.
Connecting Care is a digital care record system for sharing information in Bristol, North Somerset and South Gloucestershire. It allows instant, secure access to your health and Social care records for the professionals involved in your care.
Relevant information from your digital records is shared with people who look after you. This gives them up-to-date information, making your care safer and more efficient.
For more detailed information, click on the links below:
You have the legal right to request a copy of the information that we (NHS Digital) hold about you, in line with the General Data Protection Regulation (GDPR).
We do not hold medical records in the same format as a GP or hospital. If you want to see copies of your medical records, you should ask your GP or the health setting that provided your care or treatment.
We collect some information from medical records, so that we can carry out our duties for the health and care service in England. Read more about the information we collect and the legal basis of these collections.
Where we process data about you, you can request to see it free of charge. (A reasonable fee may be charged in some cases, for example if repeated requests are made.)
How to make a subject access request
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.