Phone us on
029 2059 3003

 

E-MAIL US

25 Church Road,     Caerau,     Cardiff,  CF5 5LQ
Tel: (029) 2059 3003    Fax: (029) 2059 1771

 

Practice Privacy Notice Policy

 

Greenmount Surgery has a legal duty to explain how we use any personal information we collect about you, as a registered patient at the surgery. Staff at this practice maintain records about your health and the treatment you receive in electronic and paper format


WHAT INFORMATION DO WE COLLECT ABOUT YOU?

We will collect information such as personal details, including name address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.


HOW WE WILL USE YOUR INFORMATION

Your data is collected for the purpose of providing direct patient care, however we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research, however we always gain your consent before sharing your information with medical research databases when the law allows.

NHS Wales also uses relevant information about your health to help improve NHS Wales Services and public health. Information will only be used or passed on to others involved in your care if they need it. Whenever your information is used for your care, it will be handled in the strictest confidence. NHS Wales will not normally disclose your personal information without your consent, unless it is in your best interests or required by law.

Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(C), 6(1)(E) and 9(2)(h) of the GDPR.


MAINTAINING CONFIDENTIALITY AND ACCESSING YOUR RECORDS

We are committed to maintaining confidentially and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the Confidentiality Code of Practice for Health and Social Care in Wales, as well as Guidance issued by the Information Commissionerís Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies,you have a right to have the inaccurate data corrected.


RISK STRATIFICATION

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with longterm conditions, e.g. cancer. Your information is collected by a number of sources, including Greenmount Surgery, this information is processed electronically and given a risk score which is relayed to your GP who can decide on any necessary actions to ensure that you receive the most appropriate care.


INVOICE VALIDATION

Your information may be shared if you have received treatment to determine which local health authority is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially, it will not be used for any other purpose or shared with any third parties.


OPT-OUTS

You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information outside this practice.


RETENTION PERIOD

In accordance with Records Management Code of Practice for Health and Social Care 2016, your healthcare records will be retained for the duration of your life and for 10 years after your death.


WHAT TO DO IF YOU HAVE ANY QUESTIONS

Should you have any questions about our privacy policy or the information we hold about you, you can:
a) Contact the practiceís data controller via email at renu.sinha@wales.nhs.uk GP practices are data controllers for the data they hold about their patients
b) Write to the data controller at Greenmount Surgery, 25 Church Road, Caerau, Cardiff, CF5 5LQ
c) Ask to speak to the practice manager Renu Sinha or Data Protection Manager Sian Marie Davies

The interim Data Protection Officer (DPO) for Greenmount Surgery is Sian Marie Davies and she is based at Greenmount Surgery.


COMPLAINTS

In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ĎRaising a concerní


CHANGES TO OUR PRIVACY POLICY

We regularly review our privacy policy and any update will be published on our website, and on posters to reflect the changes. This policy is to be reviewed in November 2019.

 


GREENMOUNT SURGERY CHILD PRIVACY STATEMENT

WHAT IS A PRIVACY STATEMENT?

A privacy notice helps your doctorís surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your healthcare record.


WHY DO WE NEED ONE?

Your doctorís surgery needs a privacy notice to make sure it meets the legal requirements which are written in a new document called the General Data Protection Regulation (or GDPR for short).


WHAT IS GDPR?

What a great question! The GDPR is a new document that helps your doctorís surgery keep the information about you secure. Itís new and will be introduced on the 25th May 2018, making sure that your doctor, nurse and any other staff at the practice follow the rules and keep your information safe. At the surgery, we have posters in our waiting room and leaflets to give to children and adults and we also have information about privacy on our website, telling you how we use the information we have about you.


WHAT INFORMATION DO WE COLLECT ABOUT YOU?

Donít worry; we only collect the information we need to help us keep you healthy Ė such as your name, address, information about your parents or guardians, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays and any other information to enable us to care for you.


HOW DO WE USE YOUR INFORMATION?

Another great question! Your information is taken to help us provide your care. But we might need to share this information with other medical teams, such as hospitals, if you need to been seen by a special doctor or sent for an X-ray. Your doctorís surgery may be asked to help with exciting medical research; but donít worry, we will always ask you, or your parents or adults with parental responsibility, if itís okay to share your information.


HOW DO WE KEEP YOUR INFORMATION PRIVATE?

Well, your doctorís surgery knows that it is very important to protect the information we have about you. We make sure we follow the rules that are written in the GDPR and other important rule books.


WHAT IF I HAVE GOT A LONG-TERM MEDICAL PROBLEM?

If you have a long-term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them help you, making sure you get the care you need when you need it!


DON'T WANT TO SHARE?

All of our patients, no matter what their age, can say that they donít want to share their information. If youíre under 16 this is something which your parents or adults with parental responsibility will have to decide. They can get more information from a member of staff at the surgery, who can also explain what this means to you.


HOW DO I ACCESS MY RECORDS?

Remember we told you about the GDPR? Well, if you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). Your parents or adults with parental responsibility will do this on your behalf if youíre under 16.


WHAT DO I DO IF I HAVE A QUESTION?

If you have any questions, ask a member of the surgery team or your parents or adults with parental responsibility. You can ask to speak to the practice manager or her Data Protection Manager.


WHAT TO DO IF YOU'RE NOT HAPPY ABOUT HOW WE MANAGE YOUR INFORMATION?

We really want to make sure youíre happy, but we understand that sometimes things can go wrong. If you or your parents or adults with parental responsibility are unhappy with any part of our dataprocessing methods, you can firstly speak to the Data manager. Should you still not be happy, you can complain. For more information, visit ico.org.uk and select ĎRaising a concerní

We always make sure the information we give you is up to date. Any updates will be published on our website, in our leaflets, and on our posters.