Access to Records
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.
Complaints
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint please contact the practice manager who will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from reception.
Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Data Processing Activities
Please view our Data Processing Activities information document here.
Data Protection Privacy Notice
General Practices are usually the first point of contact if you have a health problem. They can treat many conditions and give health advice. They also refer patients to hospitals and other medical services for urgent and specialist treatments.
The data we hold may also be used to shape the way we work together to plan service improvements, improve the health and wellbeing of our communities, and take action to prevent illness and disease for individuals as well as wider communities.
The categories of personal information
Dependent on the purpose of processing, different categories of data may be used by the Practice. Data can be categorised using the following terms:
Anonymised data – data where personal identifiable identifiers have been removed. Data protection laws and the Common Law of Confidentiality to do not apply to anonymised data.
Pseudonymised data – data where any information which could be used to identify an individual has been replaced with a fake identifier. Pseudonymised data remains personal data and as such the Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
Person identifiable information (or personal data) – any information about an individual from which, either on its own or together with other information, that person may be identified. The Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
To find out more about the data processed for each purpose, please click on the links below (The Purpose(s) of Processing).
In addition to the above types of data, some information is considered protected regardless of the purpose of processing; this information does not form part of your shared care record and is not disclosed to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on such information.
The purpose(s) of processing personal data
Faversham Medical Practice processes data for the following purposes:
Human Resources Privacy Notice
Planning and Research Privacy Notice
Statutory Disclosure Privacy Notice
Kent and Medway Care Record Privacy Notices
What is the lawful basis for the sharing?
Each purpose of sharing has its own lawful basis, and these can be found in detail on the associated Privacy Notices above.
Organisations we share your personal information with
Personal Data (including special category data) will only be shared between the general Practice and health and social care organisations that have signed a Joint Controller or Data Processing Agreement. These currently include:
- Dartford and Gravesham NHS Trust (D&G)
- East Kent Hospitals University NHS Foundation Trust (EKHUFT)
- Medway Maritime Hospital – Medway NHS Foundation Trust (MFT)
- Maidstone and Tunbridge Wells NHS Trust (MTW)
- Kent and Medway Partnership NHS and Social Care Partnership Trust (KMPT)
- North East London Foundation Trust (NELFT)
- Kent Community Health NHS Foundation Trust (KCHFT)
- HCRG Care Group Limited
- Medway Community Healthcare (MCH)
- South East Coast Ambulance Service (SECAmb)
- Integrated Care 24 (IC24)
- Out of hours providers (currently IC24, SECAmb, MCH and KCC Children’s Services)
- NHS Kent and Medway
- Kent County Council (children and adults social care departments) (KCC)
- Medway Council (children and adults social care departments) (MWC)
- GP federations.
- Other Practice’s that form the Mid Kent Primary Care Network
- NHS Commissioning Support Units
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Health care partnerships
- Mental Health providers
- Community trusts
- Kent County Council/Medway council Social Care Services
- NHS England
- Local Authorities
- School Nurse
- Police & Judicial Services
How long do we keep your record?
The Practice maintains your records in accordance with the NHS Records Management Code of Practice 2021.
How we keep your personal information safe and secure
To protect personal and special category data, we make sure the information we hold is kept in secure locations and access to information is restricted to authorised personnel only.
Our appropriate technical and security measures include:
- all employees and contractors who are involved in the processing of personal data are suitably trained, on an annual basis, in maintaining the confidentiality and security of the personal data and are under contractual or statutory obligations of confidentiality concerning the personal data.
- robust policies and procedures for example password protection
- technical security measures to prevent unauthorised access
- use of ‘user access authentication’ mechanisms to make sure all instances of access to any personal data held on clinical systems are auditable against an individual, such as role-based access and Smartcard use to make sure appropriate and authorised access reminding staff of their responsibilities in complying with data protection legislation
- encrypting information transmitted between partners
- implementing and maintaining business continuity, disaster recovery and other relevant policies and procedures
- completion of the Data Security and Protection Toolkit (DSPT) an annual self-assessment requirement that ensure organisation are compliant with the latest data protection and cyber requirements.
- regular audit of policies and procedures to ensure adherence against these criteria
The NHS Digital Code of Practice on Confidential Information applies to all staff who access clinical systems. They are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
What are your rights?
Under data protection legislation, you have the right:
- to be informed of the uses of your data: this enables you to be informed how your data is processed
- of access: this enables you to have sight of or receive a copy of the personal information held about you and to check the lawful processing of it
- to rectification: this enables you to have any incomplete or inaccurate information held about you corrected
- to erasure: this enables you to request we erase personal data about you we hold. This is not an absolute right, and depending on the legal basis that applies, we may have overriding lawful grounds to continue to process your data
- to restrict processing: this enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it
- to data portability: this enables you to transfer your electronic personal information to another party, where appropriate.
- to object: this enables you to object to processing of personal data about you on grounds relating to your situation. The right is not absolute, and we may continue to use the data if we can demonstrate compelling legitimate grounds.
- in relation to automated decision making and profiling: this enables you to be told if your data is being processed using automated software in relation to automated decision making and profiling
Note: No automated decision making or profiling is undertaken by the Faversham Medical Practice.
Please note not all these rights are absolute, please see our ROPA for more details
If you wish to exercise your rights in any of the ways described above, you should in the first instance contact [email protected].
Right to complain
You can get further advice or report a concern directly to [email protected].
Our Data Protection Officer function is provided by NHS Kent and Medway who can be contacted via email [email protected].
You also have the right to contact the UK’s data protection supervisory authority (Information Commissioner’s Office) by:
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Phone: 0303 123 1113 (local rate) or 01625 545745 (national rate)
Email: https://ico.org.uk/concerns/handling/
Information about the way in which the NHS uses personal information and your rights is published by NHS Digital.
The NHS Constitution
The constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to. These rights cover how patients access health services, the quality of care you will receive, the treatments and programmes available to you, confidentiality, information and your right to complain, if things go wrong.
NHS England
NHS England collects health information from the records health and social care providers keep about the care and treatment they give, to promote health or support improvements in the delivery of care services in England.
Reviews of and changes to this privacy notice
We will review the information contained within this notice regularly and update it as required. We therefore recommend you check this webpage regularly to remain informed about the way in which we use your information.
Freedom of Information
Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
GPES CVDPREVENT
FAVERSHAM MEDICAL PRACTICE
Faversham Health Centre · Bank Street · Faversham · Kent · ME13 8QR
Tel: 01795 562011
Website: www.favershammedicalpractice.nhs.uk
GPES CVDPREVENT Audit data collection
Transparency notice: how we use your personal data
This page sets out how we use personal data, in line with the General Data Protection Regulation (GDPR). It includes a register of processing activities, and your rights if information about you is included.
NHS Digital is the name we operate under. Our official name is the Health and Social Care Information Centre, which was created by the Health and Social Care Act 2012 as an executive non-departmental public body reporting to the Department of Health and Social Care.
Our legal duties include collecting, analysing and publishing health and care data, providing national technology infrastructure, producing information standards and providing advice and support on information and cyber security. Read more about NHS Digital.
This transparency notice provides information on our data processing activity.
Controller
NHS Digital is the Controller for most of our processing of personal data and is registered as required by Data Protection legislation.
Our Data Protection Officer is Kevin Willis, whose duties include monitoring internal compliance and advising the organisation on its data protection obligations, and can be contacted via [email protected].
Legal basis for processing
As an executive non-departmental body reporting to the Department of Health and Social Care most of our processing activity is directed by the Secretary of State for Health and Social Care. These directions create a legal obligation for our processing. Where we have a different legal basis to support a processing purpose this will be explained.
Your rights
Data protection laws in the UK give people a number of rights concerning their personal data. Not all rights apply equally to all our processing activity as certain rights are not available depending on the lawful basis for the processing.
When you view an entry in our register of processing activities, we have highlighted which rights apply and which may not. To help understand why some may not apply the following should help.
Examples of where rights may not apply – where our lawful basis is:
- Public Interest (Task) then rights of erasure, portability do not apply.
- Legal Obligation then rights of erasure, portability, objection, automated decision making and profiling do not apply
If you require further detail each link below will take you to the Information Commissioner’s Office’s website where further detail is provided in section ‘When does the right apply’.
These rights are:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated decision making and profiling.
We want you to feel confident that we look after everyone’s personal data in line with the law. If you have any questions about your rights, you can get in touch with us at [email protected].
Your choices
You can also read more about other choices you have, including the national data opt out, which are provided over and above the rights that Data Protection Legislation gives you, giving you more control and confidence over how we use your data.
Requesting a copy of your information
Typically, we collect information from health and care organisations providing your care and would advise contacting them directly for a more complete record of your care or treatment. We do not hold your whole medical or care record.
Where we store and use personal data collected from care and treatment records, it is mostly held as codes rather than words. We will provide a list of codes used to help you understand the information we give you. If you would like to request a copy of your personal data that NHS Digital is processing then you will need to complete a Subject Access Request Form and email or post it to the contact details on the form.
Following your request, we may write back to you within the 30-day timeframe to request you to narrow or modify your requirements. This may also result in an extension of a further 60 days whilst we examine your request.
Sharing information
There are very strict rules about who can access the personal data we process, and what it can be used for. When information is shared with other organisations, these organisations have to go through our Data Access Request Service to make sure they will store it safely and legally, and they have a good reason for using it that will benefit health and care. Information is never passed to marketing or insurance companies without consent. We publish all of our data releases on our data release register
Data retention
All data is retained and erased in accordance with our Records Management Policy. Specific retention periods are identified within each processing purpose listed below. If a specific purpose requires a different retention period outside of our policy this will be explained.
Complaints
If you wish to raise a complaint concerning NHS Digital’s processing activity, visit our Feedback and Complaints page. You also have the right to raise a concern with the Information commissioner’s Office at any time.
Named GP
Please note that all patients in the practice are allocated to a Named GP. This is following guidelines from the Department of Health. Although it is preferable to try and maintain some continuity with seeing the same GP for an existing medical condition, this does not stop you from seeing any GP within the practice.
If you currently have a repeat medication on prescription, your named GP will be printed on your repeat medication order form. If you are still unsure as to whom your Named GP is, please ask at the reception desk, or speak to a GP/nurse at your next appointment.
Research Practice
Faversham Medical Practice is research active. We are currently take part in National Institute for Health Research (NIHR) portfolio and other high quality research studies. Research is part of NHS work, giving patients better access to the possible benefits research brings. Last year, over 600,000 NHS patients chose to take part in clinical research. Thanks to those patients, we are learning more all the time about how to deal with a whole range of medication conditions that will improve lives.
During your visit you may be invited to take part in one of the research studies we are running or we may have written to you to tell you about a research study you might be interested in taking part in.
You will always receive clear information about what taking part in a research study would involve. You will have the opportunity to ask questions and obtain further details about a study.
You are under no obligation to participate in any research project. Your care and your relationship with your doctor or nurse will not be affected in any way if you decided not to take part in a research study.
By taking part in these studies, we hope to help improve care for our patients in the future.
In line with the new GDPR regulations coming into force on 25th May, we wanted to update all patients with clear information about how we are using your data with respect to research. For more information, please click here for more information or contact Nichola Love ([email protected]).
1) New Studies opening at Faversham Medical Practice
CLASP 4 study – Renewed Online Feasibility Study. Cancer: Life Affirming Survivorship support in Primary care (CLASP) Programme
- There is a need for tailored support for cancer survivors, to improve their quality of life. This study will assess an online intervention, called Renewed Online, that offers lifestyle and wellbeing support for cancer survivors.
- We will be sending information to survivors of Breast, Prostate and Colorectal Cancer to seek anyone who may be interested in taking part.
TRIMASTER
- This study aims to identify reasons why patients with type 2 diabetes might respond well or poorly to particular drugs.
- The way patients respond to treatment based on their particular characteristics such as weight or kidney function, will enable better targeting of treatment for a particular individual.
2) Studies now closed to recruitment – thanks to everyone who took part!
PACT study: Personalised medicine for Asthma ConTrol
- Asthma is very common and affects about 2 children in every classroom. Although effective medicines exist, these do not improve asthma symptoms for all children and young people. It may be different medicines could be better at reducing symptoms for children and young people with certain genes. This study is trying to find out if prescribing an asthma controller medication based on the results of a genetic test can improve quality of life and asthma control in children and young people with asthma.
- The research team will be sending information to patients (and their parents) aged 12-18 with asthma to seek anyone who might be interested in taking part. If you would like to be involved, please see contact details at the bottom of this page.
PDAF – Atrial Fibrillation Screening in General Practice by Clinical Pharmacists
- During a small number of flu vaccination clinics, a team of pharmacists screened patients coming in for their Flu vaccination. This was to look for people with an irregular heartbeat called Atrial Fibrillation (AF). We also carried out a couple of events locally for to raise awareness of Atrial Fibrillation with the support of the practice and the Heart Rhythm Alliance, more information on this association can be found here.
HEAT study
- This study will investigate whether a one-week course of antibiotics to remove bacteria that live in the stomach (called Helicobacter pylori (H. pylori)) could reduce the incidence of gastric ulcer bleeds in patients who are using aspirin.
- 29 patients took part in this study so a big thank you to all.
If you would like any more information about the research going on at Faversham Medical Practice, please contact Melanie Rees-Roberts ([email protected], T:01227 816433).
Summary Care Record
There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.
Why do I need a Summary Care Record?
Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.
This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.
Who can see it?
Only healthcare staff involved in your care can see your Summary Care Record.
How do I know if I have one?
Over half of the population of England now have a Summary Care Record. You can find out whether Summary Care Records have come to your area by looking at our interactive map or by asking your GP
Do I have to have one?
No, it is not compulsory. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery. You can use the form at the foot of this page.
More Information
For further information visit the NHS Care records website
Violence Policy
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.