Privacy policy

Who we are

Our surgery is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the General Data Protection Regulations & Data Protection Act 2018. Our registration number is CRT1-12461369981.

13 members of staff are employed at Holmlands Medical Centre.

Why we collect personal information about you

The healthcare professionals employed by the surgery require personal information in order to provide healthcare services. This includes (but is not limited to) details related to your living situation and anything that may have an impact on your health. Details that allow for the proper maintenance of contact details are also required.

These details will typically be used for direct care but may be utilised to improve healthcare services. This information needs to be collected, held and maintained as accurately as possible in order to provide you with the best care possible.

This personal information may be held in a variety of formats, including paper records, electronically, on computer systems or within video and audio files.

In some cases the information may be collected for other reasons, you will be informed if this is the case.

What personal information we collect about you and how we obtain it

Personal information about you is collected in a number of ways. This can be referral details from our staff, other third parties or hospitals, directly from you or your authorised representative.

We will likely hold the following basic personal information about you: your name, address (including correspondence), telephone numbers, date of birth, next of kin contacts, etc.

We might also hold your email address, marital status, occupation, overseas status, place of birth and preferred name or maiden name.

In addition to the above, we may hold sensitive personal information about you which could include:

  • notes and reports about your health, treatment and care, including your medical conditions, results of investigations (such as x-rays and laboratory tests), future care you may need, personal information from people who care for and know you (such as relatives and health or social care professionals), and other personal information such as smoking status and any learning disabilities
  • your religion and ethnic origin
  • whether or not you are subject to any protection orders regarding your health, wellbeing and human rights (safeguarding status)

It is important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care plans in accordance with your needs. Details not related to this allow us to contact you about your care when appropriate.

What our legal basis is for processing personal information

We adhere to the legal bases for processing as laid out by the General Data Protection Regulations 2016. There are different legal bases that are employed depending on the circumstances and the data processed, however we most commonly rely on the following:

  • Personal data: Article 6.1(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Personal data including special category (health) data: Article 9.2(h) Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.

The relevant legislation can be found at:

What we do with your personal information, who we share it with, and why

Your records are used to directly, manage and deliver healthcare to you to ensure that:

  • staff members involved in your care have accurate and up to date information in order for them to assess and advise on the most appropriate care for you
  • staff members have the information they need to be able to assess and improve the quality and type of care you receive
  • appropriate information is available if you see another healthcare professional or are referred to a specialist, social care, another part of the NHS, or healthcare provider

The personal information we collect about you may also be used to:

  • remind you about your appointments and send you relevant correspondence
  • review the care we provide to ensure it is of the highest standard and quality (e.g. through audit or service improvement)
  • support the funding of your care (e.g. with commissioning organisations)
  • prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory bodies
  • help train and educate healthcare professionals
  • report and investigate complaints, claims and untoward incidents
  • report events to the appropriate authorities when we are required to do so by law
  • review your suitability for research study or clinical trials
  • contact you with regards to patient satisfaction surveys relating to services you have used within our surgery so as to further improve our services to patients

Unless a legal basis allows otherwise we will, where possible, always look to anonymise/pseudonymise your personal information so as to protect patient confidentiality. We will only use/share the minimum information necessary.

Our use of third-party processors

To enable the effective use and management of the surgery’s patient information, we utilise approved and secure clinical systems to process our patient information. The systems that are contracted to maintain and store personal and confidential information on our behalf are:

  • EMIS Web

How we maintain your records

Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.

We hold and process your information in accordance with the Data Protection Act 2018 as amended by the GDPR 2016. In addition, those working for the NHS must comply with the Common Law Duty of Confidentiality this also includes various national and professional standards and requirements.

We have a duty to:

  • maintain full and accurate records of the care we provide to you
  • keep records about you confidential and secure
  • provide information in a format that is accessible to you

Some services in the surgery provide the option to communicate with patients via email. Please be aware that the surgery cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk.

Further information can be found in our Data Security and Protection and Information Governance policies.

What your rights are

If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The General Data Protection Regulation gives you certain rights, including the following:

GDPR rights

  • Request access to the personal data we hold about you (e.g. in health records).
  • Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. This is also explained in our Access to Health Record Policy and Disclosure of Personal Data Procedure.
  • Object to the use of your personal information: In certain circumstances, you may also have the right to ‘object’ to the processing (i.e. sharing) of your information. Where the surgery processes personal data about you on the basis of being required to do so for the performance of a task in the public interest/exercise of official authority, you have a right to object to the processing. You must have an objection on grounds relating to your particular situation. If you raise an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
  • Refuse/withdraw consent to the sharing of your health records: Under the Data Protection Act 2018 and General Data Protection Regulations, we are authorised to process (i.e. share) your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.
  • Request your personal information to be transferred to other providers on certain occasions.

Notice on recording

In certain instances the surgery may record phone calls or video consultations.

For phone calls, call recording occurs either in relation to patient care or may be stored to provide an accurate and objective record for the protection of staff and patients alike as it may be used in cases of legal defence or prosecution.

For video communications, changes in the provision of healthcare outside of the usual methods this is delivered has been instituted in many NHS organisations. For this purpose, video consultations may sometimes be recorded to provide an accurate record of the healthcare provided.

While the recording of these consultations proceeds under the legal basis’ noted elsewhere in this privacy notice, service users may be asked for their consent to continue with a recorded consultation. Please be aware that this consent does not form the legal basis for which this data is processed, but is requested to allow service users to opt-out of care provided in this manner.

How long we keep your information for

All records held by the surgery will be kept for the duration specified by national guidance from the Department of Health:

Records management: code of practice for health and social care

We will keep a copy of your information in our surgery for as long as you are registered with our surgery. If you leave the surgery, we will ensure that a copy of anything we hold is passed on to your new GP. Your record status will be marked as ‘inactive’ in our clinical system but it will not be deleted.

Confidential information is securely destroyed in accordance with this code of practice.

National data opt-out programme

Holmlands Medical Centre is one of many organisation working in the health and care system to improve care for patients and the public. The information collected about you whenever you use a health or care service can be provided to other approved organisations, where there is a legal basis, to help with planning services, improving quality and standards of care provided, monitoring safety, research into developing new treatments and preventing illness.

All these uses help to provide better health care for you, your family and future generations. Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

You can find out more about the wider use of confidential personal information and to register your choice to opt out by visiting https://www.nhs.uk/your-nhs-data-matters.

Data Protection Officer

AddressMid-Mersey Digital Alliance
Information Governance Team
Alexandra Business Park
Court Building
Prescot Road
St Helens
WA10 3TP
EmailIG@midmerseyda.nhs.uk

Practice Information Governance Lead

Contact nameDr P Srivastava
AddressHolmlands Medical Centre
16 Holmlands Drive
Prenton
Birkenhead
CH43 0TX
Telephone0151 608 7750

Practice Caldicott Guardian

Contact nameDr P Srivastava or Rachel Kavanagh
AddressHolmlands Medical Centre
16 Holmlands Drive
Prenton
Birkenhead
CH43 0TX
Telephone0151 608 7750

Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the body that regulates the surgery under Data Protection and Freedom of Information legislation. If you wish to appeal a decision or make a complaint regarding our handling on data, please contact them via:

AddressInformation Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Websitehttps://ico.org.uk
Telephone0303 123 1113 (local rate)
01625 545 745 (national rate)
Emailcasework@ico.org.uk

Page last reviewed: 10 April 2024