General Data Protection Regulation (GDPR)
You may have already heard about the General Data Protection Regulation (GDPR) which came into force on 25th May 2018. It’s a change to the law around data protection & personal information. In line with the regulation we are updating our privacy notices and access requests process, to reflect the new and strengthened rights in relation to your data and the legal grounds for using it.
Your Information and How we Use it
The new General Data Protection Regulation (GDPR) changes the way we use your information and the process we have for you to access your information. This page gives you all the information you need to understand how we will use and process your data and how you can access your information
These notices will tell you how we will use your information
Medicines Management (Aug 2021)
Your GP Practice supports a medicines management review service of medications prescribed to its patients. This service involves a review of prescribed medications to ensure patients receive the most appropriate, up-to-date and cost-effective treatments. This service is provided by qualified and registered healthcare professionals from within the GP practice; our NHS Primary Care Network; NHS Vale of York Clinical Commissioning Group or by external partners approved by the GP practice. Patient identifiable information does not leave the practice system but is accessed to ensure only appropriate clinical recommendations or decisions are made for each patient. Each patient can opt out of (or back into) the practice using their data for anything other than specified purposes or where there is a lawful requirement to do so.
Subject Access Requests
As a data subject (a person we hold and process data for) you have a right to access the information we have about you.
To access this information you will need to complete a Subject Access Request form. This form can be accessed by clicking the form below. Once completed the form can be brought to any of our surgeries or you can email it to [email protected]. To complete your request you will need to provide us with ID verification ( this is whether you bring in your form, email it or a third party such as a solicitor requests it). We require one piece of ID from each category as below;
A – Passport, Driving Licence or Birth Certificate
B – Utility bill, Bank statement, Medical card or similar
In the rare circumstance that you do not have the above ID there is a countersignature form that you can get completed by a professional person.
Once your ID has been verified your request is complete and we will provide your information within one calendar month. This will be provided via encrypted, password protected email, unless you request an alternative form.
There is no charge for this, however if you require additional copies of the information or make excessive requests we do have the right to charge for these.
Consent for Children
If you have parental responsibility for a child up to the age of 12 you have full responsibility and full access to their records.
When your child turns 12 we suggest you contact the practice – there are a few options at this point.
From the age of 12 your child can come to consultations on their own provided the clinician is comfortable that the child is able to make their own decisions.
12-16 year olds can also have their own online access but a clinician has to approve competency. Assessment of Gillick competence requires an examination of how the child deals with the process of making a decision based on an analysis of the child’s ability to understand and assess risks. It is a high test of competence that is more difficult to satisfy the more complex the treatment and its outcomes become.
If a parent wants online access for a child aged 12-16 they must have a signed consent from the child then the parent can have access to booking appointments and repeat medications but NOT the medical record.
If the parent wants access to the medical record we will need the child’s signed consent and a clinician will have to see the child to confirm this decision.
Our Data Controller is Dr Steve Lovisetto
Our Data Protection Officer is Mr Paul Couldrey