The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

• To provide further medical treatment for you e.g. from district nurses and hospital services.
• To help you get other services e.g. from the social work department. This requires your consent.
• When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.

If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.

Freedom of Information

Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.

Access to Records

In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.

Your Data Matters to the NHS

Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments. The NHS is committed to keeping patient information safe and always being clear about how it is used.

How your data is used

Information about your individual care such as treatment and diagnoses is collected about you whenever you use health and care services. It is also used to help us and other organisations for research and planning such as research into new treatments, deciding where to put GP clinics and planning for the number of doctors and nurses in your local hospital. It is only used in this way when there is a clear legal basis to use the information to help improve health and care for you, your family and future generations.

Wherever possible we try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.

You have a choice

You do not need to do anything if you are happy about how your information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your mind about your choice at any time.

Will choosing this opt-out affect your care and treatment?

No, choosing to opt out will not affect how information is used to support your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.

What do you need to do?

If you are happy for your confidential patient information to be used for research and planning, you do not need to do anything.

To find out more about the benefits of data sharing, how data is protected, or to make/change your opt-out choice visit Your NHS Data Matters.

CMP MEDICAL LIMITED

PUBLICATION OF EARNINGS 2023/24

All GP practices are required to declare the mean earnings (e.g. average) for GPs working to deliver NHS services to patients at each practice.

The average pay for GPs working at the surgery in the last financial year before tax and National Insurance was £98,059. This is for 5 part time GPs and 2 locum GPs who worked in the practice for more than 6 months.

New Data Protection Regulation (GDPR)

You may have heard about the new General Data Protection Regulation (“GDPR”), that comes into effect May 25, 2018. To help comply with GDPR consent requirements, we need to confirm that you would like to receive content from us.

Chingford Medical Practice takes your privacy very seriously. We are registered with the Information Commissioner’s Office as a Data Controller and our registration number is Z9702941.

• Our Data Protection Officer is: Radha Muthaswamy
• Our Data Controller is: Dr Asad Ashraf

If you have any questions or wish to make a request in relation to your information, please contact us at:

Chingford Medical Practice,
109 York Road,
Chingford,
E4 8LF

Information held about you

This Privacy Notice explains why the GP practice collects information about you and how that information may be used.

Health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records are used to help to provide you with the best possible healthcare.

Your NHS health care record may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records this GP Practice hold about you may include the following information;

Personal Data

• Details about you, such as your name, address, carers, legal representatives and emergency contact details

Sensitive Data (Special Category Data)

• Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
• Notes and reports about your health
• Details about your treatment and care
• Results of investigations such as laboratory tests, x-rays, etc.
• Relevant information from other health professionals, relatives or those who care for you

Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.

What do we do with your information?

• Refer you to other healthcare providers when you need other services or tests
• Share samples with laboratories for testing (like blood samples)
• Share test results with hospitals or community services (like blood tests)
• allow out of hours Health Care Providers to look at your practice record when you go to an appointment
• Send prescriptions to a pharmacy
• Patients are texted in relation to healthcare service
• Samples are provided to the courier for delivery to pathology
• Share reports with the coroner
• Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital

Information access and rights

The value of personal data is increasing and technology is rapidly developing. Personal data can be manipulated and used in increasingly sophisticated ways and sometimes on a large scale

Data protection law provides you with a number of rights that the practice must support you with.

Access Requests

You have the right to obtain:

• confirmation that information is being used, stored or shared by the practice.
• a copy of information held about you

We will respond to your request within one month of receipt or tell you when it might take longer.

We are required to validate your identity of someone making a request on your behalf

Right to Correction

If information about you is incorrect, you are entitled to request that we correct it

There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is only used during this time.

We will respond to your request within one month of receipt or tell you when it might take longer.

Right to Data Portability

If you change practices, all information held about you will be transferred to your new practice.

Complaints

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

For more detailed information on your rights visit the Information Commissioner’s Office website.

Minuteful Kidney service for patients with diabetes (and/or other conditions)

The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care.

Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care.

Further information about this is available here.

Lawful basis for processing personal data

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

• Data Protection Act 1998 and General Data Protection Regulation 2016
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality, Information Security and Records Management
• Information: To Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;

• NHS Trusts/Foundation Trusts
• GP’s
• NHS Commissioning Support Units
• Independent Contractors such as dentists, opticians, pharmacists
• Private Sector Providers
• Voluntary Sector Providers
• London Ambulance Service
• Waltham Forest Clinical Commissioning Group
• Social Care Services
• Health and Social Care Information Centre (HSCIC)
• Local Authorities
• Education Services
• Fire and Rescue Services
• Police & Judicial Services
• Voluntary Sector Providers
• Private Sector Providers
• Other ‘data processors’ which you will be informed of

You will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen when this is required.

Covid-19

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.

Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.

Data Breaches

How do we protect your Information?

We are committed to ensuring the security and confidentiality of your information. There are a number of ways in which we do this:

• Staff receive annual training about protecting and using personal data
• Policies are in place for staff to follow and are regularly reviewed
• We check that only minimum amount of data is shared or accessed
• Every member of staff uses a  ‘smartcard’ to access the clinical system, this helps ensure that the right people are accessing data – people with a ‘need to know’
• Smartcard usage can be audited and monitored
• We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
• We report and manage incidents to make sure we learn from them and improve
• We put in place contracts that require providers and suppliers to protect your data as well
• We do not send your data outside of the EEA

Breaches of data

• The ICO ( information Controlling officer) will be notified if the data breach is likely to result in a risk to the rights and freedoms of individuals
• Procedures are in place to effectively detect, report and investigate any personal data breaches
• Audits (Data Protection Impact Assessments) will be undertaken to ensure that these processes are in place.

Consent

Consent must be freely given, clear, specific , informed and unambiguous. We will seek your consent to

• Pass information to some third parties (eg solicitors acting on your behalf)
• Have invasive procedures such as minor surgery carried out

Children

The GDPR sets the age when a child can give their own consent to this processing at 16 years currently. If a child is younger than this, consent will need to be obtained for their continued healthcare from a person holding ‘parental responsibility’.

Further information

Further information about the way in which the NHS uses personal information and your rights in that respect can be found in:

• The NHS Care Record Guarantee
• The NHS Constitution
• Care.data programme
• The HSCIC Guide to Confidentiality gives more information on the rules around information sharing
• An independent review of how information about patients is shared across the health and care system led by Dame Fiona Caldicott was conducted in 2012. The report, Information: To share or not to share?
• The NHS Commissioning Board – NHS England – Better Data, Informed Commissioning, Driving Improved Outcomes: Clinical Data Sets provides further information about the data flowing within the NHS to support commissioning
• The Information Commissioner’s Office is the Regulator for the Data Protection Act 1998 and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information.

Population Health Management (PHM) Privacy Notice
Under data protection law we must tell you about how we use your personal information. This includes the personal information that we share with other organisations and why we do so. Our main GP practice privacy notice is on our website. This additional privacy notice provides details about Population Health Management.  

What is Population Health Management (PHM)?  
PHM is aimed at improving the health of both local and national populations.   It is about improving the physical and mental health outcomes and wellbeing of people and making sure that access to services is fair, timely, and equal.  It helps to reduce the occurrence of ill health and looks at all the wider factors that affect health and care.  

PHM is an approach being implemented across the NHS and this Practice.  Population Health Management requires health and social care, to work together with communities and partner agencies, for example, GP practices, community service providers, hospitals and other health and social care providers.  Organisations will share and combine de-identified information (where information identifying you has been removed) with each other in order to get a view of health and services for the population in a particular area. This information sharing is subject to robust security arrangements and risk assessments.  

How will my Personal Information be used?  
The information needed for PHM will include information about your health and social care. Information about you and your care will be used in a format that does not directly identify you, which we refer to within this privacy notice as pseudonymised. This information will be combined and anything that can identify you (like your name or NHS Number) will be removed and replaced with a unique code. This means that the people working with the data will only see the code and cannot see which patient the information relates to. The information will be used for a number of health and social care related activities such as –  

• Identifying groups of patients that could benefit from direct interventions  
• improving the quality and standards of care provided  
• research into the development of new treatments  
• preventing illness and diseases  
• monitoring safety  
• planning services  

Who will my personal information be shared with?  
Your GP, other health or care providers, Local Councils within NE London and the NHS NEL Integrated Care Board may send the information they hold on their systems to each other.  All of these organisations are legally obliged to protect your information and maintain confidentiality in the same way that your GP or hospital provider is.  

Is using my personal data in this way lawful?
Health Care Providers are permitted by data protection law to use information where it is “necessary for medical purposes”.  This includes caring for you directly as well as management of health services more generally.  The legal basis for sharing your information is GDPR Article 6 (1) (e) “Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”  

Sharing and using your information in this way helps to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used where allowed by law and in this case, anonymised data is used so that you cannot be identified.  

Can I object to my data being used as part of this programme?
Yes. You have the right to opt out of sharing your personal data being used in this way. You can do this in two ways –  

1. Opt out of all sharing of your data for other uses outside your GP Practice.  This is called a Type 1 opt out and you should request this directly to us, your GP practice. This will be applied not only to this programme but to any others we take part in.  
2. National Data Opt-out (opting out of NHS Digital sharing your data).  You can find out more about and register a National Data Opt-out, or change your choice on nhs.uk/your-nhs-data-matters or by calling 0300 3035678.  

This applies to identifiable patient data about your health which is called confidential patient information.  If you don’t want your confidential patient information to be shared with other organisations for purposes except your own care – either GP data, or other data it holds, such as hospital data – you can register a National Data Opt-out.  

If you have registered a National Data Opt-out, NHS Digital won’t share any confidential patient information about you with other organisations, unless there is an exemption to this, such as where there is a legal requirement or where it is in the public interest to do so, such as helping to manage contagious diseases like coronavirus. You can find out more about exemptions on the NHS website.

We would like to inform you that our practice is currently not entering into any shared care agreements. This decision is based on our commitment to ensuring the highest standards of care and safety for our patients, as well as the current resource and funding constraints.

Shared care agreements involve collaboration between different healthcare providers to manage a patient’s treatment. While we understand the importance of such arrangements, at this time, we are unable to participate in these agreements due to the lack of necessary resources and funding.

We encourage patients who are receiving treatment from specialists or private providers to continue their care with those providers. It is essential for the prescribing clinician to ensure that their prescribing is safe and appropriate, in line with GMC regulations.

We appreciate your understanding and cooperation. Should you have any questions or require further information, please do not hesitate to contact our practice directly.

Thank you.

Chingford Medical Practice

We make every effort to give the best service possible to everyone who attends our practice.

However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.

To pursue a complaint please contact the practice manager who will deal with your concerns appropriately.

For written complaints, please use the following contact methods:

Email: nelondonicb.chingfordmedicalpractice@nhs.net

Post: Chingford Medical Practice, 109 York Road, E4 8LF

This will enable health and care professionals to have better medical information about you when they are treating you at the point of care. This change will apply for the duration of the coronavirus pandemic only. Unless alternative arrangements have been put in place before the end of the emergency period, this change will be reversed.

All patients registered with a GP have a Summary Care Record, unless they have chosen not to have one. The information held in your Summary Care Record gives health and care professionals, away from your usual GP practice, access to information to provide you with safer care, reduce the risk of prescribing errors and improve your patient experience.

Your Summary Care Record contains basic information about allergies and medications and any reactions that you have had to medication in the past.

Some patients, including many with long term health conditions, have previously agreed to have additional information shared as part of their Summary Care Record. This additional information includes information about significant medical history (past and present), reasons for medications, care plan information and immunisations.

During the coronavirus pandemic period, your Summary Care Record will automatically have additional information included from your GP record unless you have previously told the NHS that you did not want this information to be shared.

There will also be a temporary change to include COVID-19 specific codes in relation to suspected, confirmed, Shielded Patient List and other COVID-19 related information within the additional information.

By including this additional information in your SCR, health and care staff can give you better care if you need health care away from your usual GP practice:

• in an emergency
• when you’re on holiday
• when your surgery is closed
• at out-patient clinics
• when you visit a pharmacy

Additional information is included on your SCR

In response to the coronavirus (COVID-19) pandemic we are temporarily removing the requirement to have explicit consent to share the SCR additional information. This change of requirement will be reviewed when the pandemic is over.

You can be reassured that if you have previously opted-out of having a Summary Care Record or have expressly declined to share the additional information in your Summary Care Record, your preference will continue to be respected and applied.

Additional information will include extra information from your GP record, including:

• health problems like dementia or diabetes
• details of your carer
• your treatment preferences
• communication needs, for example if you have hearing difficulties or need an interpreter

This will help medical staff care for you properly, and respect your choices, when you need care away from your GP practice. This is because having more information on your SCR means they will have a better understanding of your needs and preferences.

When you are treated away from your usual doctor’s surgery, the health care staff there can’t see your GP medical records. Looking at your SCR can speed up your care and make sure you are given the right medicines and treatment.

The only people who might see your Summary Care Record are registered and regulated healthcare professionals, for example doctors, nurses, paramedics, pharmacists and staff working under their direct supervision. Your Summary Care record will only be accessed so a healthcare professional can give you individual care. Staff working for organisations that do not provide direct care are not able to view your Summary Care Record.

Before accessing a Summary Care Record healthcare staff will always ask your permission to view it, unless it is a medical emergency and you are unable to give permission.

Protecting your SCR information

Staff will ask your permission to view your SCR (except in an emergency where you are unconscious, for example) and only staff with the right levels of security clearance can access the system, so your information is secure. You can ask an organisation to show you a record of who has looked at your SCR – this is called a Subject Access Request.

Find out how to make a subject access request.

Opting out

The purpose of SCR is to improve the care that you receive, however, if you don’t want to have an SCR you have the option to opt out. If this is your preference please inform your GP or fill in an SCR opt-out form and return it to your GP practice.

Regardless of your past decisions about your Summary Care Record consent preferences, you can change your mind at any time. You can choose any of the following options:

1. To have a Summary Care Record with additional information shared. This means that any authorised, registered and regulated health and care professionals will be able to see a enriched Summary Care Record if they need to provide you with direct care.
2. To have a Summary Care Record with core information only. This means that any authorised, registered and regulated health and care professionals will be able to see information about allergies and medications only in your Summary Care Record if they need to provide you with direct care.
3. To opt-out of having a Summary Care Record altogether. This means that you do not want any information shared with other authorised, registered and regulated health and care professionals involved in your direct care, including in an emergency.

To make these changes, you should inform your GP practice or complete the SCR patient consent preferences form and return it to your GP practice.

More information on your health records

Read more about your medical records.

The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety.

In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.