GDPR and online access

How we use your medical records

Important information for patients

This practice handles medical records in line with laws on data protection and confidentiality.

  • We share medical records with those who are involved in providing you with care and treatment.

  • In some circumstances we will also share medical records for medical research, for example, to find out more about why people get ill.

  • We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading, or to check the care being provided to you is safe.

  • You have the right to request a copy of your medical record.

  • You have the right to object to your identifiable information being used for medical research and to plan health services. To register an OPT OUT from this use of your data please register your preference at the National Opt Out website or www.nhs.uk

  • For our practice privacy policy please click here.

  • For information regarding the use of data in conjuntion with the EAST ANGLIA DIABETIC EYE SCREENING PROGRAMME please see below.

For any further information please go to www.eadesp.co.uk

East Anglia Diabetic Eye Screening Programme

What personal data do we collect about you and where from?

  • Information from your eye screening appointment (results and images),

  • your GP Practice and the Hospital Eye Service will be used to assist in your ongoing care.

  • The DESP can access your full name, NHS number, gender, date of birth, ethnic group, phone numbers, correspondence address, GP Practice details along with details of your diabetes care.

Who do we share your personal data with?

  • The DESP keeps information about you and your diabetes care to ensure we maintain an accurate register and deliver a safe and effective service.

  • NHS England have commissioned Health Intelligence to run the local service as part of the national programme.

  • Data security arrangements protect your privacy and ensure that your data is only accessed by your Retinal Screener and healthcare professionals involved in your care.

    • This data is only kept for the period of the contract.

Who has access to your personal data?

  • The DESP engages Yakara Ltd, an appointment reminder voice messaging service and Synertec Ltd, a letter dispatch service to support the programme.

  • Access is only for a short period of time to allow telephone calls, letter printing and dispatch to occur.

  • Your GP Practice works with the East Anglia Diabetic Eye Screening Programme (DESP), who will access your data if diabetes is indicated in your record.

Access to Online Services

If you wish to, you can use the internet to book appointments with a GP, request repeat prescriptions for any medications you take regularly and look at your medical record online. You can also still use the telephone or call in to the surgery for any of these services as well. It’s your choice (please note we do not take repeat prescription requests over the phone). Being able to see your record online might help you to manage your medical conditions. It also means that you can even access it from anywhere in the world should you require medical treatment on holiday. If you decide not to join or wish to withdraw, this is your choice and practice staff will continue to treat you in the same way as before. This decision will not affect the quality of your care. You will be given login details, so you will need to think of a password which is unique to you. This will ensure that only you are able to access your record – unless you choose to share your details with a family member or carer. Please pick up an application form from the Reception Team or download an application from our website

Identity verification and registration for online services

Before online services are enabled, we need you to complete an application form and we must check your identity either by vouching (if you are a well known patient or known personally by a member of staff) or being provided with appropriate documents as proof of ID (passport, driving license, bank statement, birth certificate)

What if I have forgotten my User ID or password? You will have the facility to update/ maintain your account online including updating you password if you forget it; you will only be able to reset your password online if you have supplied the practice with a valid email address. If you are unable to reset your password, contact the practice and staff will be able to do this for you. If you have forgotten your User ID, you will need to contact the practice to obtain this. Note: At this time the online services system does not allow User IDs to be amended once they have been created for an individual. This has been raised as an issue with the supplier so that the system can deal with name changes.

Patient Responsibilities—A recap Patients who apply for access to, and use the online services, do so on the understanding that they understand and agree to the responsibilities set out below:

1. Patients MUST have read and understood the information leaflet provided by the practice. 2. Patients are responsible for the security of the information that they see or download.

3. If patients choose to share information with anyone else, they do so at their own risk.

4. If patients suspect that their account has been accessed by someone else without their agreement they MUST contact the practice as soon as possible.

5. If a patient sees information in their record that is not about them or is inaccurate they MUST contact the practice as soon as possible.

6. If a patient feels they are at risk of being pressured into revealing details from their patient record to someone else against their will, it is best that they do not register for access at this time, or if they have already registered and are being coerced contact the practice as soon as possible. The practice has the right to remove online access to services for anyone that doesn’t use them responsibly.

More information For more information about keeping your healthcare records safe and secure, you will find a helpful leaflet produced by the NHS in conjunction with the British Computer Society: Keeping your online health and social care records safe and secure www.nhs.uk/ NHSEngland/thenhs/records/healthrecords/ Documents/PatientGuidanceBooklet.pdf

Different Levels of access

At Thistlemoor, we have 3 levels of access to online services, as detailed below:

· Basic access The basic level of access gives patients access to appointments (booking, cancelling and viewing upcoming appointments), repeat prescriptions and a summary of their medical record. Once ID has been verified, we aim to provide this access within 5 working days.

· Enhanced access The enhanced level of access gives the user access to all services detailed in the basic level as well as access to detailed coded information. The practice requires 20 working days to process applications for enhanced access to medical records to allow for the GP/authorised person data checks to be completed.

· Proxy access If you are authorised to act on behalf of a patient, for example if you are their parent or carer you may apply for proxy access to online services. The practice will provide appointment administration and repeat medication requests online services as standard for proxy access. If a proxy requires access to summary or detailed medical records, the request will be made in writing and referred to the GP Partners for assessment/authorisation. Please note: Parental proxy access will cease when your child reached 11 years of age. (Online services are not available for patients aged 11—16 years) The practice has the right to refuse or remove proxy access if a GP or other member of staff suspects that the patient has been or is being coerced.

Things to consider before you apply for online access to your record

Although the chances of any of these things happening are very small, you will be asked that you have read and understood the following before you are given login details.

· Forgotten history There may be something you have forgotten about in your record that you might find upsetting.

· Abnormal results or bad news If your GP has given you access to test results or letters, you may see something that you find upsetting to you. This may occur before you have spoken to your doctor or while the surgery is closed and you cannot contact them.

· Choosing to share your information with someone It’s up to you whether or not you share your information with others – perhaps family members or carers. It’s your choice, but also your responsibility to keep the information safe and secure.

· Coercion If you think you may be pressured into revealing details from your patient record to someone else against your will, it is best that you do not register for access at this time.

Misunderstood information Your medical record is designed to be used by clinical professionals to ensure that you receive the best possible care. Some of the information within your medical record may be highly technical, written by specialists and not easily understood. If you require further clarification, please contact the surgery for a clearer explanation.

· Information about someone else If you spot something in the record that is not about you or notice any other errors, please log out of the system immediately and contact the practice as soon as possible.

· Refusal of Access / Limited Access to your medical record Your record or parts of your record may be restricted if it has been assessed and agreed that the items would cause necessary upset or the consultation notes or documents contain third party information

It will be your responsibility to keep your login details and password safe and secure. If you know or suspect that your record has been accessed by someone that you have not agreed should see it, then you should change your password immediately. If you can’t do this for some reason, we recommend that you contact the practice so that they can remove online access until you are able to reset your password. If you print out any information from your record, it is also your responsibility to keep this secure. If you are at all worried about keeping printed copies safe, we recommend that you do not make copies at all.

Reviewed August 2020 Next review due August 2021


Please print off the forms below if you would like to gain online access to services and contact the practice