PRIVACY POLICY

Your Personal Information

Please see this poster for general information about your personal information.

To view the Privacy Notice for children please click here.

Saxmundham Health and Data Protection

Saxmundham Health takes your privacy very seriously and complies with the General Data Protection Regulation. We are registered with the Information Commissioner’s Office as a Data Controller and our registration number is Z8042860.

If you have any questions or wish to make a request in relation to your information, please contact us at;

Data Protection Officer, Saxmundham Health, Lambsale Meadow, Saxmundham, Suffolk, IP17 1DY

Saxmundham Health aims to provide you with safe and the highest quality health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.

Your doctor and other health professionals caring for you, such as nurses or health care assistants, keep records about your health and treatment so that they are able to provide you with the best possible care.

These records are called your ‘health care record’ and may be stored in paper form or on computer and electronic systems and may include Personal Data;

• basic details about you, such as address, date of birth, NHS number, and next of kin

as well as Sensitive Personal Data;

• contact we have had with you, such as clinical visits
• notes and reports about your health
• details and records about your treatment and care
• results of x-rays, laboratory tests etc.

Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.

 

What do we do with your information?

• Refer you to other healthcare providers when you need other service or tests
• Share samples with laboratories for testing (like blood samples)
• Share test results with hospitals or community services (like blood test results)
• Allow healthcare staff working in A&E and out of hours care access to your information.  For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions.  This will involve the use of your Summary Care Record. For more information about the summary care record and health record sharing, please click here or call PALS on 0800 389 6819
• Send prescriptions to a pharmacy
• Patients are texted in relation to healthcare services
• Samples are provided to the courier for delivery to pathology
• Share reports with the coroner
• Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital
• Produce medical reports on request from third parties such as the DVLA or your employer
• Movement of Patient records to Primary Care Support England

Follow this link to see a list of the partners that we usually share with.

Saxmundham Health has signed a Suffolk Wide Information Sharing Agreement which allows health and social care providers to agree a secure and lawful way to share your information.

 

What else do we do with your information?

Along with activities related directly to your care, we also use information in ways which allow us to check that care is safe and provide data for the improvement and planning of services.

• Quality / payment / performance reports are provided to service commissioners
• Identifying patients who might be at risk of certain diseases such as heart disease or risk of falls/frailty.  This means we can offer patients additional care or support as early as possible
• As part of clinical research – information that identifies you will be removed, unless you have consented to being identified
• Undertaking clinical audits within the practice
• Supporting staff training
• Incident and complaint management

 

Sharing when Required by Law

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.

 

Care Quality Commission Access to Health Records

CQC has powers under the Health and Social Care Act 2008 to access and use your health information where it is necessary to carry out their functions as a regulator.

This means that inspectors may ask to look at certain records to decide whether we are providing safe, good quality care.

More information about the CQC can be obtained on their website.

 

CCTV

CCTV is in place in external and internal areas of our practice.

It has been installed solely for the safety and security of our patients and staff, to prevent and deter crime.

Images are recorded 24 hours a day and stored on the hard drives of the recording devices that are situated in secure areas and only the practice managers and those delivering technical support services will have access to the system.

The CCTV only records images and does not record audio.

All CCTV recordings are stored on our recording devices for approximately 40 days before being deleted.

There are signs in the practice telling you that CCTV is in place and we have registered this with the Information Commissioner.

We will only ever share information with the relevant authorities in connection with the safety and security of patients and staff and will not share with any other third parties.

Visitors to the practice have the right to request to see images of themselves on CCTV as part of a request made under the privacy legislation. Like all subject access requests, it must be made in writing. 

We have followed the CCTV guidelines produced by the Information Commissioners’ Office.

 

Information Access and Rights

Data protection law provides you with a number of rights that the practice is committed to supporting you with;

 

Right to Access

You have the right to obtain:

• confirmation that your information is being used, stored or shared by the practice
• a copy of information held about you

If you only require a particular part of your record, tell us and this may mean we can respond quicker.

We will respond to your request within 28 days of receipt or will tell you when it might take longer.

We are required to validate your identity including the identity of someone making a request on your behalf

 

Right to Object or Withdrawn Consent

We mainly use, store and share your information because we are permitted in order to deliver your healthcare but you do have a right to object to us doing this.

Where we are using, storing and sharing your information based on explicit consent you have provided, you have a right to withdraw that consent at any time.  Please speck to the practice as not sharing certain data with other healthcare staff  may affect the care you receive

You are not able to object to your name, address and other demographic information being sent to NHS Digital.

You are not able to object when information is legitimately shared for safeguarding reasons.

Our Data Protection Officer will be happy to speak with you about any concerns you have.

 

Right to Correction

If information about you is incorrect, you are entitled to request that we correct it

There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time.

If we don’t agree with your request to change the original information, you have the right to add your statement

We will respond to your request within one month of receipt or will tell you when it might take longer.

 

Complaints

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

For more detailed information on your rights click here or call the helpline on 0303 123 1113

 

Case Finding

Sometimes your information will be used to identify whether you need particular support from us.

Those involved in your care might look at particular ‘indicators’ (such as particular conditions) and contact you or take action for healthcare purposes. For example, this might be to prevent you from having to visit accident and emergency by supporting you in your own home or in the community.

We will use automated technology to help us to identify people that might require support but ultimately, the decision about how or whether to provide extra support you is made by those involved in your care.

Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.

 

Information Technology

The practice will use third parties to provide services that involve your information such as;

• Removal and destruction of confidential waste
• Provision of clinical systems
• Provision of connectively and servers
• Digital dictation services

Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery)

We have contracts in place with these third parties that prevent them from using it in any other way that instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.

Please visit link to find out more about our sharing partners and providers.

 

How do we Protect your Information?

We are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;

Staff receive annual training about protecting and using personal data

Policies are in place for staff to follow and are regularly reviewed

We check that only the minimum amount of data is shared or accessed

We use ‘smartcards’ to access systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’

We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information

We report and manage incidents to make sure we learn from them and improve

We put in place contracts that require providers and suppliers to protect your data as well

We do not send your data outside of the EEA

 

How Long Do We Keep Your Information?

In line with the Department of Health Code, we will retain / store your health record for your lifetime. When a patient dies, we will review the record and generally it will be destroyed 10 years later, unless there is a reason to keep it for longer.

Information on how long records are kept can be found by clicking here

If you move away or register with another practice, we will send your records to the new practice.

Processing Activities	Sharing Partners (including any third party providers of services)	Link
Referral / Test Results	Ipswich Hospital	Click here
	West Suffolk Hospital	Click here
	Norfolk and Norwich Hospital	Click here
	Addenbrookes Hospital	Click here
	James Paget Hospital	Click here
	West Suffolk Disability Resource Centre | Papworth Trust	Click here
	Guy's & St Thomas	Click here
	Great Ormond Street	Click here
	Ipswich Hospital	Click here
	West Suffolk Hospital	Click here
	Norfolk and Norwich Hospital	Click here
	Addenbrookes Hospital	Click here
	West Suffolk Disability Resource Centre | Papworth Trust	Click here
	Hartismere Place Care Home	Click here
	CareUK	Click here
	Express Diagnostics (24hr ECGS	Click here
	Yaxley House Care Home	Click here
	St Nicolas Hospice	Click here
	The Pathology Partnership	Click here
	St Elizabeths Hospice Ipswich	Click here
	Macmillan	Click here
	Allied Physios	Click here
GP+	Suffolk GP Federation	Click here
EPS	Boots Diss Eye Pharmacy Eye	Click here
	Boots Harleston	Click here
	Hado Pharmacy	Click here
	Welbeing Pharmacy Diss	Click here
	Pharmacy 2U	Click here
	Fresenius Homecare	Click here
	Select Home Delivery	Click here
	Fittleworth	Click here
	Jade Euromed	Click here
	Salts Medilink	Click here
	Charter Ltd	Click here
	Alphamed	Click here
	NWOS	Click here
	Sia Healthcare	Click here
Discharge notices	Ipswich Hospital	Click here
	West Suffolk Hospital	Click here
	James Paget Hospital	Click here
	Norfolk and Norwich Hospital	Click here
	Addenbrookes Hospital	Click here
	West Suffolk Disability Resource Centre | Papworth Trust	Click here
	Guy's & St Thomas	Click here
	Great Ormond Street	Click here
Confidential waste removal	Avena	Click here
Patient Texts	TPP System One	Click here
Pathology Courier	Ipswich Hospital	Click here
PCSE Notes	City Sprint	Click here
Corononer reports	Ipswich Coroners	Click here
	Norfolk Coroners	Click here
Commissioner Reports	West Suffolk CCG	Click here
	Ipswich and East Suffolk CCG	Click here
Provision of IT Systems and Support	North East London CCG	Click here
Provision of clinical system	EmisWeb	Click here
Infectious Diseases	Anglia Health Protection Team	Click here

 

---

 

Website Privacy Policy

We are committed to protecting the privacy of all individuals using this website.

This policy explains how we use any personal information we collect from you through this website.

 

Collection of personal information

You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.

By submitting your personal information, you consent to our use of the information as set out in this privacy policy.

 

Use of personal information

We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:

We shall use your personal information to administer, and may respond to, your request.

We shall securely store the information you supply together with any response we may provide.

If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.

 

Website privacy

This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.

 

Data storage

All data obtained by us is held and used in compliance with the Data Protection Act 2018.

 

Cookie Policy

Please click here to read our Cookie Policy.

 

Links

This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.

 

Access to your personal information

You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.