Practice Policies & Patient Information
Dr Rita Codlin is the sole partner here, supported by two salaried GPs and an Advanced Level Nurse Practitioner. More details about the team are available on our Meet the Team page. Patients are registered with the practice and may choose to see any of the clinicians available.
The Orchard Surgery has its own car park, including disabled bays and is wheelchair accessible as all the consulting rooms are on the ground floor. There is a ramp from the car park to the entrance.
Accessing your GP Held Records
Accessing your GP-held records via the NHS app or NHS website
As your GP practice, we were asked to provide you with, no later than 31 October 2023, access to your full medical record via the NHS app (and NHS website) if you have a suitable NHS login.
Your GP medical record contains consultation notes based on conversations between you, your GP and their team: medicines prescribed to you; all test results including hospital investigations; allergies; vaccines; and your medical conditions along with documents that may have been sent from local hospitals, clinics or other agencies, eg the police. There is likely to be sensitive and personal information within your medical record.
We are supportive of providing you with access to your record, but we wish to do this safely and make you aware that this is happening so that you can opt out, if you so wish. You may wish to speak with us first to understand what it is that you will see, and the risks which may be involved in having such confidential data either on your smartphone with the NHS app installed or online if other people might have access to that information through your devices. If you are in a difficult or pressured relationship for example, you may prefer your records to remain accessible only to those treating you, with them not appearing on your smartphone or online. Government has been clear that if a patient does not wish to have access, then we do not have to provide it. This is one reason why we have asked if you wish to opt out, or have it switched off for the time being.
For those who would like access, we are happy to explain the different levels you might like. Everyone can have access to their medication history and allergies, for example, and will be able to order their repeat prescriptions. It’s also possible to request access to what we call your ‘coded record’ where you can see a list of medical problems and results. You can also request access to the ‘full’ record where you will be able to see everything, including the notes which have been written by doctors, nurses and others involved in your care, at the GP surgery, and elsewhere.
It’s important to remember that these documents may, at times, contain information that could be upsetting, especially if they contain news of a serious condition. It can also be a cause for worry seeing results online when it isn’t clear what the results might mean, and no one is available to ask, as can be the case during the evening or at weekends, for example.
Sometimes people with a mental health condition might prefer not to see documents that remind them of difficult times in their life. Letters from mental health teams sometimes go into detail about past events, and great care would be needed in deciding whether you would want to see these letters. It is possible for individual items to be hidden at your request and your practice team would be happy to talk about any concerns you may have.
Great care is also needed in case private details might cause harm at home, should people in a difficult or pressured relationship be forced to show their medical record to an abusive partner. Anyone in such a position should make this clear to us at the practice, so we can take steps to keep you safe. This might mean removing access through the NHS app for the time being, or through a careful process where we hide sensitive things. We would talk this through with you.
Requesting access – what do I need to do?
The easiest way to get access is to create an NHS login through the NHS app. Although you can also access your GP records via the internet on a computer, the first bit is easiest if done through a smartphone. If you don’t have one, you may have a family member or friend you trust who can help you. You can also ask your practice receptionist, but you’ll need some proof of who you are, eg a passport, driving licence or household bill.
If you use the NHS app, you’ll have to set up an account using a unique e-mail address and then ‘authenticate’ yourself to the NHS system to prove you are who you say you are. This will involve confirming your name, date of birth and contact details. The NHS login has several levels of authentication and to gain access to your records you’ll need the highest level of authentication. This generally involves you recording a short video of yourself to prove you are a real person as well as uploading a copy of a suitable identification document. Your GP practice can bypass this step if you are struggling, but we’d ask you to try to sign up to the NHS app yourself.
Once you have suitably authenticated yourself to the NHS app and created your NHS login you can approach your practice and ask for access, being mindful of the risks associated with access and the importance of not sharing passwords or having them stored in your smartphone if you think other people might want to see them without your permission. If you have any concerns, you should explain these to your GP practice team who can guide you.
Your GP practice will have a form they will ask you to complete, with your NHS login (this will be the email address you used to sign up) and then you will have a chat about access and your agreement and understanding will be requested. Once you are happy to get online access, your request will be passed to the clinical team to review. It may be that the practice wishes to contact you to discuss your request if there are any concerns raised so that access can be given safely. We’re not sure how many people will ask for access all at once so there may be a wait, but we will do our best to get you online access as soon as we can.
To view the Privacy Notice relating to the NHS App please visit: NHS App privacy policy – NHS (www.nhs.uk)
Complaints
We make every effort to give the best service possible to everyone who attends our practice.
We are aware that things can go wrong sometimes resulting in a patient feeling that they have a genuine cause for a complaint. If this is so, we would wish for the matter to be settles as quickly, and as amicably, as possible. To pursue a complaint please contact the Practice Manager and she will deal with your concerns appropriately.
The Parliamentary and Health Service Ombudsman website contains detailed information on raising a complaint about any aspect of the NHS in England. There is also a leaflet explaining the procedure of bringing a complaint to the ombudsman.
Data Protection Privacy Notice
General Practices are usually the first point of contact if you have a health problem. They can treat many conditions and give health advice. They also refer patients to hospitals and other medical services for urgent and specialist treatments.
The data we hold may also be used to shape the way we work together to plan service improvements, improve the health and wellbeing of our communities, and take action to prevent illness and disease for individuals as well as wider communities.
The categories of personal information
Dependent on the purpose of processing, different categories of data may be used by the Practice. Data can be categorised using the following terms:
- Anonymised data – data where personal identifiable identifiers have been removed. Data protection laws and the Common Law of Confidentiality to do not apply to anonymised data.
- Pseudonymised data – data where any information which could be used to identify an individual has been replaced with a fake identifier. Pseudonymised data remains personal data and as such the Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
- Person identifiable information (or personal data) – any information about an individual from which, either on its own or together with other information, that person may be identified. The Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
To find out more about the data processed for each purpose, please click on the links below (The Purpose(s) of Processing).
In addition to the above types of data, some information is considered protected regardless of the purpose of processing; this information does not form part of your shared care record and is not disclosed to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on such information.
The purpose(s) of processing personal data
The The Orchard Surgery processes data for the following purposes:
- Direct Care
- Planning and Research
- Statutory Purposes
- Human resources
- Kent and Medway Care Record Privacy Notice
- CCTV
What is the lawful basis for the sharing?
Each purpose of sharing has its own lawful basis, and these can be found in detail on the associated Privacy Notices above.
Organisations we share your personal information with
Personal Data (including special category data) will only be shared between the general Practice and health and social care organisations that have signed a Joint Controller or Data Processing Agreement. These currently include:
- Dartford and Gravesham NHS Trust (D&G)
- East Kent Hospitals University NHS Foundation Trust (EKHUFT)
- Medway Maritime Hospital – Medway NHS Foundation Trust (MFT)
- Maidstone and Tunbridge Wells NHS Trust (MTW)
- Kent and Medway Partnership NHS and Social Care Partnership Trust (KMPT)
- North East London Foundation Trust (NELFT)
- Kent Community Health NHS Foundation Trust (KCHFT)
- HCRG Care Group Limited
- Medway Community Healthcare (MCH)
- South East Coast Ambulance Service (SECAmb)
- Integrated Care 24 (IC24)
- Out of hours providers (currently IC24, SECAmb, MCH and KCC Children’s Services)
- NHS Kent and Medway
- Kent County Council (children and adults social care departments) (KCC)
- Medway Council (children and adults social care departments) (MWC)
- GP federations.
- Other Practices that form the The Ridge Primary Care Network
- NHS Commissioning Support Units
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Health care partnerships
- Other Primary Care networks that we may work in partnership with in the future
- Mental Health providers
- Community trusts
- Kent County Council/Medway council Social Care Services
- NHS England
- Local Authorities
- School Nurse
- Police & Judicial Services
How long do we keep your record?
The Practice maintains your records in accordance with the NHS Records Management Code of Practice.
How we keep your personal information safe and secure
To protect personal and special category data, we make sure the information we hold is kept in secure locations and access to information is restricted to authorised personnel only.
Our appropriate technical and security measures include:
- all employees and contractors who are involved in the processing of personal data are suitably trained, on an annual basis, in maintaining the confidentiality and security of the personal data and are under contractual or statutory obligations of confidentiality concerning the personal data.
- robust policies and procedures for example password protection
- technical security measures to prevent unauthorised access
- use of ‘user access authentication’ mechanisms to make sure all instances of access to any personal data held on clinical systems are auditable against an individual, such as role-based access and Smartcard use to make sure appropriate and authorised access reminding staff of their responsibilities in complying with data protection legislation
- encrypting information transmitted between partners
- implementing and maintaining business continuity, disaster recovery and other relevant policies and procedures
- completion of the Data Security and Protection Toolkit (DSPT) an annual self-assessment requirement that ensure organisation are compliant with the latest data protection and cyber requirements.
- regular audit of policies and procedures to ensure adherence against these criteria
The NHS Digital Code of Practice on Confidential Information applies to all staff who access clinical systems. They are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
What are your rights?
Under data protection legislation, you have the right:
to be informed of the uses of your data: this enables you to be informed how your data is processed
of access: this enables you to have sight of or receive a copy of the personal information held about you and to check the lawful processing of it
to rectification: this enables you to have any incomplete or inaccurate information held about you corrected
to erasure: this enables you to request we erase personal data about you we hold. This is not an absolute right, and depending on the legal basis that applies, we may have overriding lawful grounds to continue to process your data
to restrict processing: this enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it
to data portability: this enables you to transfer your electronic personal information to another party, where appropriate
to object: this enables you to object to processing of personal data about you on grounds relating to your situation. The right is not absolute, and we may continue to use the data if we can demonstrate compelling legitimate grounds
in relation to automated decision making and profiling: this enables you to be told if your data is being processed using automated software in relation to automated decision making and profiling. Please note, no automated decision making or profiling is undertaken by the Practice
Please note not all these rights are absolute, please see our ROPA for more details.
If you wish to exercise your rights in any of the ways described above, you should in the first instance contact The Orchard Surgery: gp.g82691@nhs.net.
Right to complain
You can get further advice or report a concern directly to gp.g82691@nhs.net.
Our Data Protection Officer function is provided by NHS Kent and Medway who can be contacted via email at kmicb.gpdpoteam@nhs.net.
You also have the right to contact the UK’s data protection supervisory authority (Information Commissioner’s Office) by:
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113 (local rate) or 01625 545745 (national rate)
Email: https://ico.org.uk/concerns/handling/
Information about the way in which the NHS uses personal information and your rights is published by NHS Digital.
The NHS Constitution
The constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to. These rights cover how patients access health services, the quality of care you will receive, the treatments and programmes available to you, confidentiality, information and your right to complain, if things go wrong.
NHS England
NHS England collects health information from the records health and social care providers keep about the care and treatment they give, to promote health or support improvements in the delivery of care services in England.
Reviews of and changes to this privacy notice
We will review the information contained within this notice regularly and update it as required. We therefore recommend you check this webpage regularly to remain informed about the way in which we use your information.
GDPR
This practice is supporting vital health and care planning and research by sharing your data with NHS Digital. Visit the NHS Digital Website for further information: General Practice Data for Planning and Research (GPDPR) – NHS England Digital
For more information about this see the GP Practice Privacy Notice for General Practice Data for Planning and Research.
Watch the NHS GDPR informative video here.
GP Earnings
All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice. However, it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice and should not be used to for any judgement about GP earnings, nor to make any comparisons with other practices.
The average pay for GPs working at The Orchard Surgery in the last financial year was £39,232 before tax and national insurance. This is for 1 full time GPs, 1 part time GPs and 1 locum GPs who worked in the practice for more than 6 months.
Privacy Notice – Commissioning, Planning, Risk Stratification and Research
The Orchard Surgery uses data insightfully for research, auditing and healthcare planning (population health management).
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details | The Orchard Surgery, Horseshoes Lane, Langley, Kent, ME17 3JYTel: 01622 863030 Email: gp.g82691@nhs.net |
Purpose of the processing | If data from many patients are linked up or pooled, Researchers and Doctors can look for patterns in the data, helping them to develop new ways of predicting illness, and identify ways to improve clinical care.
This information can be used to help:
|
Information we collect and use | Pseudonymised data: information about individuals but with identifying details (such as name or NHS number) replaced with a unique code.
Anonymised data: information about individuals but with identifying details removed Aggregated data: anonymised information grouped together so that it does not identify individuals In certain circumstances, where we have a lawful basis it may be necessary to use: |
Lawful basis for processing | These purposes are supported under the following sections of the UK General Data Protection Regulations:
Article 6(1)(c) … ‘necessary for compliance with a legal obligation to which the controller is subject Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” Article 9(2)(g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;’ Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of domestic law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy’ Article (9)(2)(j) ‘processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) (as supplemented by section 19 of the 2018 Act) based on domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018 Schedule 1, Part1(3) Public Health, Data Protection Act 2018 Schedule 1, Part 1(4) Research etc, Data Protection Act 2018 Schedule 1 Part 2(6) Statutory etc and government purposes, Data Protection Act 2018 The Practice recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” to keep information about you confidential. Even though consent is not the legal basis for processing personal data for secondary purposes such as service evaluations and audit, the common law duty of confidentiality is not changing, therefore consent is still needed for people outside the care team to access and use confidential patient information for clinical audit, unless you have support under the Health Service (Control of Patient Information Regulations) 2002 (‘section 251 support’) applying via the Confidentiality Advisory Group in England and Wales or similar arrangements elsewhere in the UK. |
Strategic Health and Care Board (SHcAB) | Your information will be passed, with all identifiers removed, to a collaborative programme called the Kent & Medway Shared Health and Care Analytics Board. It will be used for population health management purposes beyond your individual care, including, for example, planning services, managing finances, early treatment of illnesses (known as risk stratification), coordinating and improving patient and service user’s movement through the health and care system, research, and public health enhancement. |
Kent and Medway Care Record (KMCR) | The Orchard Surgery are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you.
In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data. For further information about the Kent and Medway Care Record and the ways in which your date is used for this system please click here. |
General Practice Extract Service (GPES) | NHS Digital collects data from Practices to support vital health and care planning and research. This information is used insightfully to better understand what causes ill health and, importantly, what we can do to prevent or treat it and provide better care. |
Health Service (Control of Patient Information) Regulations 2002 (COPI) | The Secretary of State for Health and Social Care has issued Notices under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI) which required organisations to share confidential patient information with organisations entitled to process this under COPI for COVID-19 purposes (COPI Notices).
Further guidance on processing personal data, when the COPI Notice expires can be found here. |
Population Health Management | Your information is passed, with all identifiers removed to NHS Kent and Medway for public health management.
This enables the Practice to identify the appropriate level of care and services for distinct groups of patients. It is the process of assigning a risk status to patients, then using this information to direct care and improve overall health outcomes. |
National Data Opt-Out | The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning. The National Data opt-out can be applied here.
It is worth noting that in a small number of exceptional circumstances, where senior health care professionals can decide to share information based on public interest, and in these cases the National Data Opt-out does not apply.The Confidentiality Advisory Group (CAG) considers applications for the use of patient data without consent under the following regulations of Control of Patient Information Regulations 2002 , Section 251 of the NHS Act 2006: Regulation 2 – for diagnosis and treatment of cancer Specific exemptions to the national data opt-out policy have been made for disclosure of data for:
There are also specific policy considerations for NHS Digital, as the national safe haven of health and care data with specific powers under the Health and Social Care Act 2012. National data opt-outs do not apply where NHS Digital indicate data should be provided to them under s259 of the Health and Social Care Act 2012. |
Rights to object | The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning. The National Data opt-out can be applied here. |
For further details on your rights and how to complain please see the main privacy notice. |
Privacy Notice Direct Care
This practice keeps medical records confidential and complies with data protection legislation.
We hold your medical record so that we can provide you with safe care and treatment.
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details | The Orchard Surgery, Horseshoes Lane, Langley, Kent, ME17 3JY Tel: 01622 863030 Email: gp.g82691@nhs.net |
Purpose of the processing | To give direct health or social care to individual patients. For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care. |
Information we collect and use | Special data information including racial or ethnic origin; religious or philosophical beliefs; genetic data; biometric data (where used for identification purposes); data concerning health; data concerning a person’s sex life; and data concerning a person’s sexual orientation.
Demographics: name, address, date of birth, postcode, and NHS number Third party identifying data: basic details about other individuals that may be involved in providing your care and support services, e.g. emergency contacts, relatives, mobility services providers, home care support. |
Lawful basis for processing | These purposes are supported under the following sections of the UK General Data Protection Regulations:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018 The legal obligation relies on the Health and Social Care Act 2012 s251(b) (as amended by the Health and Social Care (Safety and Quality) Act 2015 which created a statutory ‘duty to share’). We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” to keep information about you confidential. |
Recipient or categories of recipients of the processed data | Please see our main privacy notice for a full list of organisation we share information with .
The Practice may also receive information about your health from these organisations who are involved in providing you with health and social care. This means your GP medical record is kept up-to date when you receive care from other parts of the health service. |
NHS Summary Care Record | The Summary Care Record is an electronic record of important patient information created from GP Medical Records.
They can be seen and used by authorized staff in other areas of the health and social care system involved in a patient’s direct care. |
National Screening Programmes | The NHS provides national screening programmes so that certain diseases can be detected at an early stage. The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme. Information regarding screening programmes can be found here. |
Kent and Medway Care Record (KMCR) | The Orchard Surgery Langley are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data.
For further information about the Kent and Medway Care Record and the ways in which your data is used for this system please click here. |
Population Health Management | Your information is passed, with all identifiers removed to NHS Kent and Medway for public health management.
This enables the Practice to identify the appropriate level of care and services for distinct groups of patients. It is the process of assigning a risk status to patients, then using this information to direct care and improve overall health outcomes. |
National Data Opt-out | The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning.
The National Data opt-out can be applied here. It is worth noting that in a small number of exceptional circumstances, where senior health care professionals can decide to share information based on public interest, and in these cases the National Data Ot-out does not apply. The Confidentiality Advisory Group (CAG) considers applications for the use of patient data without consent under the following regulations of Control of Patient Information Regulations 2002 , Section 251 of the NHS Act 2006: Specific exemptions to the national data opt-out policy have been made for disclosure of data for:
There are also specific policy considerations for NHS Digital, as the national safe haven of health and care data with specific powers under the Health and Social Care Act 2012. National data opt-outs do not apply where NHS Digital indicate data should be provided to them under s259 of the Health and Social Care Act 2012. |
For details on your rights and who to complain to please see the main privacy notice. |
Privacy Notice Human Resources
This Privacy Notice describes how The Orchard Surgery collect and use personal information about you during and after your working relationship with us.
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details | The Orchard Surgery, Horseshoes Lane, Langley, Kent, ME17 3JYTel: 01622 863030 Email: gp.g82691@nhs.net |
Purpose of the processing | Reasons for processing your personal data include:
|
Information we collect and use | Personal Information:
Job Information:
Performance Information:
Information about your family:
Special Category Data:
|
Lawful basis for processing | Article 6(1)(b)…‘necessary for the performance of a contract with employee’
Article 6(1)(c)…’necessary for compliance with a legal obligation’ Article 6(1)(f)…’in the Practice’s legitimate interests, which are not outweighed by the fundamental rights and freedoms of the data subject’ Schedule 1, Part 2(8) Data Protection Act 2018 – necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained Schedule 1, Part 2(14) Data Protection Act – is necessary for the purposes of preventing fraud or a particular kind of fraud |
Recipient or categories of recipients of the processed data |
The Practice may also receive information about you from these organisations. |
Right of access | Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”). |
Rights in relation to inaccurate personal or incomplete data | You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. |
Rights to object to or restrict our data processing | Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.
This right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes. |
Right to erasure | Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), e.g. where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.
We may not be able to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. |
How to exercise your rights | To exercise your rights, please contact gp.g82691@nhs.net or the Practice Manager. |
Retention period | Your personnel records are kept in compliance with law and national guidance. Details on how long records are kept are set out in the NHS England, Record Management Code of Practice 2021. |
Right to complain | If you are unhappy with how your personal data is processed, you have the right to complain to the Information Commissioners Office (ICO).
Their helpline number is 0303 123 1113. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please do contact us gp.g82691@nhs.net in the first instance. |
Data Protection Officer contact details | P Ashe – GP Data Protection Officer NHS Kent and Medway Kmicb.gpdpoteam@nhs.net |
Privacy Notice Statutory Disclosure
Where there is a statutory requirement The Orchard Surgery will share personal data with a range of organisations and agencies.
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details | The Orchard Surgery, Horseshoes Lane, Langley, Kent, ME17 3JY Tel: 01622 863030 |
Purpose of the processing | Safeguarding: to prevent serious abuse or neglect or death of a child or vulnerable adult from taking place
Regulatory bodies: such as the Care Quality Commission, who undertake audits to ensure the Practice comply with standards and provide safe health care Law enforcement: prevention and detection of crime or apprehension and prosecution of offenders Complaint management: sometimes it is necessary to share information with NHS England or the Health Service Ombudsman or Information Commissioners Office Planning and Research: information may be shared for securing, planning, and paying for primary care or and specialised NHS Services Health Protection: information may be shared with Public Health bodies for the management of certain health condition, epidemics, and infections Cancer pathways: the Practice participates in the National Cancer Diagnosis Audit |
Information we collect and use | Demographics – name, address, date of birth, postcode, and NHS number Medical history |
Lawful basis for processing | These purposes are supported under the following sections of the UK General Data Protection Regulation:
Article 6(1)(c) … ‘necessary for compliance with a legal obligation to which the controller is subject Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” Article 9(2)(g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;’ Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of domestic law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy’ Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018 Schedule 1, Part1(3) Public Health, Data Protection Act 2018 Schedule 1 Part 2(6) Statutory etc and government purposes, Data Protection Act 2018 |
Recipient or categories of recipients of the processed data | Where required the Practice will share your information with:
|