Skip to main content

Practice Privacy Policy

This privacy notice tells you what to expect when you, and sometimes others, provide your personal information to us.  It sets out what information we collect about you and why we collect it, how the information may be used, who it may be shared with and how we will protect it and keep it confidential.

The notice explains what rights you have to control how we use your information, our legal basis for processing it and how you can access it. We also explain who to contact if you have any questions and how to contact them.

The Practice Of Health is the Data Controller for the personal information we process, unless otherwise stated. There are many ways you can contact the Practice, including by phone, email, and post. Further details can be found on our Practice Details webpage.

Privacy Notice for 13-16 year olds

Privacy Notice for Patients and their Carers

 

Your Privacy - Your Rights

Many parts of the NHS such as, hospitals, GPs, Dentists, Opticians, and Community Pharmacists provide health and care services to the people of Wales.

The people and organisations providing these services aim to provide you with the highest quality care. To do this we must keep records about your health and any treatment or care provided to you. We take our responsibility to look after information very seriously. NHS Wales staff have a legal duty to keep information confidential, accurate and secure, and are trained to handle information about you correctly to protect your privacy.

We use information about you to allow those involved in your treatment or care, to have accurate and up-to-date information to assess your health, decide what treatment or care you need and when and where you will receive this.

We may also use information about you, in line with relevant laws and safeguards to:

• invite you to receive routine treatment applicable

• assess the good quality and effective care you received

• plan services to meet future needs

• support health research

• review and report on the performance of the NHS in Wales

• make sure NHS Wales demonstrates good value for money

• investigate any concerns, complaints, legal claims, incidents or inquiries

We will only use the minimum information needed at that time and where possible, we will reduce or remove information that identifies you. There may be a need to share information about you with people and organisations within the NHS who are responsible for providing you with treatment and care. Sometimes we may share information outside of NHS Wales, this may be where there is a legal requirement or as part of an agreement or contract to provide services on our behalf. Where this is the case, organisations must meet strict NHS rules around the safety and security of data. Legislation sets out that individuals have certain rights relating to the processing of personal information about them. We have a responsibility to inform you how you can exercise these rights.

Currently, the practice Data Protection Officer is DHCW DPO Service. DPO Support Service; Digital Health and Care Wales (DHCW).

Good quality information helps with making choices about lifestyle and self-care, and making decisions about health and well being.

With access to information, patients become empowered to play a greater role in the decisions that affect their health. To help you make informed decisions about your healthcare, this section includes guidance relating to patients’ rights, health and social care policy and how to complain about NHS treatment or services. 

You can also find information on accessing your health records here   - or see our Your Privacy - Yours Rights leaflets below.

Your Privacy - Your Rights leaflet (English)

Your Privacy - Your Rights leaflet  (Welsh)

 

Security of personal data

The surgery recognises that your personal data is very valuable, and so we take its security very seriously. We employ robust technical measures to secure your personal data and access to it is restricted to people who have a need to process it in line with their work.

All practice staff are bound by contracts which include clear responsibilities in relation to confidentiality. All of our non-medical staff have the same duty of confidentiality as healthcare professionals such as Doctors and Nurses.

All of our staff must attend regular training in what we call Information Governance. Amongst other things, this training makes them understand the importance of confidentiality and security of your personal data and makes clear that they are personally responsible for the security of any information which they are processing. They must attend this training at least once every two years and must pass a test to demonstrate that they have understood it. The expectations we have on our staff are set out in the Information Governance Policy. Failing to comply with this policy is a disciplinary offence.

 

How we use your medical records - Important information for patients

 

  • This practice handles medical records in-line with laws on data protection and confidentiality.
  • We share medical records with those who are involved in providing you with care and treatment.
  • In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill.
  • We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.
  • You have the right to be given a copy of your medical record.
  • You have the right to object to your medical records being shared with those who provide you with care.
  •  You have the right to object to your information being used for medical research and to plan health services.
  • You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office. Please see the practice privacy notice on the website or speak to a member of staff for more information about your rights.

 

See our Records Management Policy for more information.

Share: