This privacy notice explains why we collect information about you, how that information may be used and how we keep it safe and confidential in accordance with the General Data Protection Regulation (GDPR).
Goyt Valley Dental Practice is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you as a patient. We are required under data protection legislation to notify you of the information contained within this privacy notice.
Health care professionals who provide you with care are required to maintain records about your health and any treatment or care you have received within ant NHS and other healthcare organisations. These records are used to provide you with the best possible healthcare.
How we keep information confidential and safe
Everyone working in the NHS is subject to the Common Law Duty of Confidentiality. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by law. The NHS Digital Code of Practice on Confidential Information applies to all our staff and they are required to protect you information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All our staff are expected to make sure that information is kept confidential and receive training on how to do this.
These records may be electronic, on paper or a mixture of both and we use a combination of working practices and technologies to ensure that your information is kept confidential and secure. Your electronic records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel. We also make sure that external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
Data Protection Act 1998
General Data Protection Regulation 2018
Human Rights Act
Common Law Duty of Confidentiality
NHS Codes of Confidentiality and Information Security
Health and Social Care Act 2015
Information we hold
The practice holds information about you which may include the following:
Details about you such as your name, address, telephone number, e-mail address, NHS number and next of kin
Your medical problems and diagnoses
Details of contacts you have with the practice such as appointments, who you have seen and when and the reasons why you seek help, cancelled and missed appointments, clinic visits and emergency appointments
Notes and reports about your dental health including observations and opinions of health care workers
Details about your care and treatment
Results of investigations such as x-rays etc.
Relevant information from other health care professionals, relatives or those who care for you
Care Quality Commission
The Care Quality Commission (CQC) is an organisation established in English law by the Health and Social Care Act. The CQC is the regulator for English health and social care services to ensure that safe care is provided. They inspect and produce reports on all English general practices. The law allows CQC to access identifiable patient data as well as requiring this practice to share certain types of data with them in certain circumstances, for instance following a significant safety incident. For more information about the CQC see: https://www.cqc.org.uk
There are occasions when intervention is necessary in order to save or protect a patient’s life or to prevent them from serious immediate harm, for instance during a collapse or serious injury or accident. In many of these circumstances the patient may be unconscious or too ill to communicate. In these circumstances we have an overriding duty to try to protect and treat the patient. If necessary we will share your information and possibly sensitive confidential information with other emergency healthcare services, the police or fire brigade, so that you can receive the best treatment. The law acknowledges this and provides supporting legal justifications.
Individuals have the right to make pre-determined decisions about the type and extent of care they will receive should they fall ill in the future, these are known as “Advanced Directives”. If lodged in your records these will normally be honoured despite the observations in the above paragraph.
This practice may participate in research. We will only agree to participate in any project if there is an agreed clearly defined reason for the research that is likely to benefit healthcare and patients. Such proposals will normally have a consent process, ethics committee approval, and will be in line with the principles of Article 89(1) of GDPR.
Research organisations do not usually approach patients directly but will ask us to make contact with suitable patients to seek their consent. Occasionally research can be authorised under law without the need to obtain consent. This is known as the section 251 arrangement. We may also use your medical records to carry out research within the practice.
You have the right to object to your identifiable information being used or shared for medical research purposes. Please speak to a member of staff at the practice if you wish to object.
Contract holding dentists in the UK receive payments from their respective governments based on dental activity. The amount paid depends on the type of dental activity carried out. In order to make patient based payments basic and relevant necessary data about you needs to be sent to the various payment services. The release of this data is required by English laws.
Some members of society are recognised as needing protection, for example children and vulnerable adults. If a person is identified as being at risk from harm we are expected as professionals to do what we can to protect them. In addition we are bound be certain specific laws that exist to protect individuals. This is called “Safeguarding”. Where there is a suspected or actual safeguarding issue we will share information that we hold with other relevant agencies whether or not the individual or their representative agrees.
There are three laws that allow us to do this without relying on the individual or their representative agreement (unconsented processing), these are:
Section 47 of the Children Act 1989
Section 29 of the Data Protection Act
Section 45 of the Care Act 2014
In addition there are circumstances when we will seek the agreement (consented processing) of the individual or their representative to share information with local child protection services.
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:
NHS Trusts / Foundation Trusts
Independent Contractors such as dentists, opticians, pharmacies
Private sector health care providers
Social care providers
Voluntary sector providers
Clinical Commissioning Groups
Police and Judicial Services
Other ‘data processors’ which you will be informed of
We will never share your information outside of health partner organisations without your explicit consent unless there are exceptional circumstances such as when the health or safety of others is at risk, where the law requires it or to carry out a statutory function.
Access to your information
You have a right under the General Data Protection Regulation (2018) to request access to view or obtain copies of the information we hold about you. You do not need to give a reason to see your data. You also have the right to request that information is amended should it be inaccurate.
If you wish to access the information held about yourself by the practice you must make a request in writing and the practice will respond within 30 days. Under special circumstances information may be withheld.
Change of details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details are incorrect in order for this to be amended. You are responsible to inform us of any changes so that our records are accurate and up to date.
Mobile numbers and e-mail addresses
If you provide us with your mobile phone number and or e-mail address we may use these to send your reminders about your appointments or other health screening information. Please let us know if you do not wish to receive correspondence via mobile or e-mail.
The Practice is registered with the Information Commissioners Office (ICO) to describe the purposes for which they process personal and sensitive information.
If you have any concerns or are unhappy about how your information is managed by the practice please contact the Practice Manager at the surgery.
If, following a review by the practice, you are still unhappy then you can contact the Information Commissioners Office (ICO) at www.ico.org.uk, or on 0303 123 1113.