Practice Policies & Patient Information
Confidentiality & Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Freedom of Information
Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
Access to Records
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.
Data Choices
Your Data Matters to the NHS
Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments. The NHS is committed to keeping patient information safe and always being clear about how it is used.
How your data is used
Information about your individual care such as treatment and diagnoses is collected about you whenever you use health and care services. It is also used to help us and other organisations for research and planning such as research into new treatments, deciding where to put GP clinics and planning for the number of doctors and nurses in your local hospital. It is only used in this way when there is a clear legal basis to use the information to help improve health and care for you, your family and future generations.
Wherever possible we try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.
You have a choice
You do not need to do anything if you are happy about how your information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your mind about your choice at any time.
Will choosing this opt-out affect your care and treatment?
No, choosing to opt out will not affect how information is used to support your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.
What do you need to do?
If you are happy for your confidential patient information to be used for research and planning, you do not need to do anything.
To find out more about the benefits of data sharing, how data is protected, or to make/change your opt-out choice visit Your NHS Data Matters.
GP Earnings
NHS England require that the net earnings of doctors engaged in the practice is publicised and that the required disclosure is shown below. However it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors working in the practice and should not be used for any judgement about GP earnings, nor to make comparisons with other practices.
The average pay for GPs working at the surgery in the last financial year (2022/23) before tax and National Insurance was £76,195.
This is for 5 part time GPs and 2 locum GPs who worked in the practice for more than 6 months.
Privacy Policy
New Data Protection Regulation (GDPR)
You may have heard about the new General Data Protection Regulation (“GDPR”), that comes into effect May 25, 2018. To help comply with GDPR consent requirements, we need to confirm that you would like to receive content from us.
Chingford Medical Practice takes your privacy very seriously. We are registered with the Information Commissioner’s Office as a Data Controller and our registration number is Z9702941.
- Our Data Protection Officer is: Radha Muthaswamy
- Our Data Controller is: Dr Asad Ashraf
If you have any questions or wish to make a request in relation to your information, please contact us at:
Chingford Medical Practice,
109 York Road,
Chingford,
E4 8LF
Information held about you
This Privacy Notice explains why the GP practice collects information about you and how that information may be used.
Health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records are used to help to provide you with the best possible healthcare.
Your NHS health care record may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records this GP Practice hold about you may include the following information;
Personal Data
- Details about you, such as your name, address, carers, legal representatives and emergency contact details
Sensitive Data (Special Category Data)
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you
Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.
What do we do with your information?
- Refer you to other healthcare providers when you need other services or tests
- Share samples with laboratories for testing (like blood samples)
- Share test results with hospitals or community services (like blood tests)
- allow out of hours Health Care Providers to look at your practice record when you go to an appointment
- Send prescriptions to a pharmacy
- Patients are texted in relation to healthcare service
- Samples are provided to the courier for delivery to pathology
- Share reports with the coroner
- Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital
Information access and rights
The value of personal data is increasing and technology is rapidly developing. Personal data can be manipulated and used in increasingly sophisticated ways and sometimes on a large scale
Data protection law provides you with a number of rights that the practice must support you with.
Access Requests
You have the right to obtain:
- confirmation that information is being used, stored or shared by the practice.
- a copy of information held about you
We will respond to your request within one month of receipt or tell you when it might take longer.
We are required to validate your identity of someone making a request on your behalf
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it
There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is only used during this time.
We will respond to your request within one month of receipt or tell you when it might take longer.
Right to Data Portability
If you change practices, all information held about you will be transferred to your new practice.
Complaints
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights visit the Information Commissioner’s Office website.
Minuteful Kidney service for patients with diabetes (and/or other conditions)
The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care.
Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care.
Further information about this is available here.
Lawful basis for processing personal data
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 1998 and General Data Protection Regulation 2016
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Codes of Confidentiality, Information Security and Records Management
- Information: To Share or Not to Share Review
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
- NHS Trusts/Foundation Trusts
- GP’s
- NHS Commissioning Support Units
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- London Ambulance Service
- Waltham Forest Clinical Commissioning Group
- Social Care Services
- Health and Social Care Information Centre (HSCIC)
- Local Authorities
- Education Services
- Fire and Rescue Services
- Police & Judicial Services
- Voluntary Sector Providers
- Private Sector Providers
- Other ‘data processors’ which you will be informed of
You will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen when this is required.
Data Breaches
How do we protect your Information?
We are committed to ensuring the security and confidentiality of your information. There are a number of ways in which we do this:
- Staff receive annual training about protecting and using personal data
- Policies are in place for staff to follow and are regularly reviewed
- We check that only minimum amount of data is shared or accessed
- Every member of staff uses a ‘smartcard’ to access the clinical system, this helps ensure that the right people are accessing data – people with a ‘need to know’
- Smartcard usage can be audited and monitored
- We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
- We report and manage incidents to make sure we learn from them and improve
- We put in place contracts that require providers and suppliers to protect your data as well
- We do not send your data outside of the EEA
Breaches of data
- The ICO ( information Controlling officer) will be notified if the data breach is likely to result in a risk to the rights and freedoms of individuals
- Procedures are in place to effectively detect, report and investigate any personal data breaches
- Audits (Data Protection Impact Assessments) will be undertaken to ensure that these processes are in place.
Consent
Consent must be freely given, clear, specific , informed and unambiguous. We will seek your consent to
- Pass information to some third parties (eg solicitors acting on your behalf)
- Have invasive procedures such as minor surgery carried out
Children
The GDPR sets the age when a child can give their own consent to this processing at 16 years currently. If a child is younger than this, consent will need to be obtained for their continued healthcare from a person holding ‘parental responsibility’.
Further information
Further information about the way in which the NHS uses personal information and your rights in that respect can be found in:
- The NHS Care Record Guarantee
- The NHS Constitution
- Care.data programme
- The HSCIC Guide to Confidentiality gives more information on the rules around information sharing
- An independent review of how information about patients is shared across the health and care system led by Dame Fiona Caldicott was conducted in 2012. The report, Information: To share or not to share?
- The NHS Commissioning Board – NHS England – Better Data, Informed Commissioning, Driving Improved Outcomes: Clinical Data Sets provides further information about the data flowing within the NHS to support commissioning
- The Information Commissioner’s Office is the Regulator for the Data Protection Act 1998 and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information.
Suggestions and Complaints
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint please contact the practice manager who will deal with your concerns appropriately.
For written complaints, please use the following contact methods:
Email: nelondonicb.chingfordmedicalpractice@nhs.net
Post: Chingford Medical Practice, 109 York Road, E4 8LF
Summary Care Record
Summary Care Records (SCR)
Your Summary Care Record is a short summary of your GP medical records. It tells other health and care staff who care for you about the medicines you take and your allergies.
This will enable health and care professionals to have better medical information about you when they are treating you at the point of care. This change will apply for the duration of the coronavirus pandemic only. Unless alternative arrangements have been put in place before the end of the emergency period, this change will be reversed.
All patients registered with a GP have a Summary Care Record, unless they have chosen not to have one. The information held in your Summary Care Record gives health and care professionals, away from your usual GP practice, access to information to provide you with safer care, reduce the risk of prescribing errors and improve your patient experience.
Your Summary Care Record contains basic information about allergies and medications and any reactions that you have had to medication in the past.
Some patients, including many with long term health conditions, have previously agreed to have additional information shared as part of their Summary Care Record. This additional information includes information about significant medical history (past and present), reasons for medications, care plan information and immunisations.
During the coronavirus pandemic period, your Summary Care Record will automatically have additional information included from your GP record unless you have previously told the NHS that you did not want this information to be shared.
There will also be a temporary change to include COVID-19 specific codes in relation to suspected, confirmed, Shielded Patient List and other COVID-19 related information within the additional information.
By including this additional information in your SCR, health and care staff can give you better care if you need health care away from your usual GP practice:
- in an emergency
- when you’re on holiday
- when your surgery is closed
- at out-patient clinics
- when you visit a pharmacy
Additional information is included on your SCR
In response to the coronavirus (COVID-19) pandemic we are temporarily removing the requirement to have explicit consent to share the SCR additional information. This change of requirement will be reviewed when the pandemic is over.
You can be reassured that if you have previously opted-out of having a Summary Care Record or have expressly declined to share the additional information in your Summary Care Record, your preference will continue to be respected and applied.
Additional information will include extra information from your GP record, including:
- health problems like dementia or diabetes
- details of your carer
- your treatment preferences
- communication needs, for example if you have hearing difficulties or need an interpreter
This will help medical staff care for you properly, and respect your choices, when you need care away from your GP practice. This is because having more information on your SCR means they will have a better understanding of your needs and preferences.
When you are treated away from your usual doctor’s surgery, the health care staff there can’t see your GP medical records. Looking at your SCR can speed up your care and make sure you are given the right medicines and treatment.
The only people who might see your Summary Care Record are registered and regulated healthcare professionals, for example doctors, nurses, paramedics, pharmacists and staff working under their direct supervision. Your Summary Care record will only be accessed so a healthcare professional can give you individual care. Staff working for organisations that do not provide direct care are not able to view your Summary Care Record.
Before accessing a Summary Care Record healthcare staff will always ask your permission to view it, unless it is a medical emergency and you are unable to give permission.
Protecting your SCR information
Staff will ask your permission to view your SCR (except in an emergency where you are unconscious, for example) and only staff with the right levels of security clearance can access the system, so your information is secure. You can ask an organisation to show you a record of who has looked at your SCR – this is called a Subject Access Request.
Find out how to make a subject access request.
Opting out
The purpose of SCR is to improve the care that you receive, however, if you don’t want to have an SCR you have the option to opt out. If this is your preference please inform your GP or fill in an SCR opt-out form and return it to your GP practice.
Regardless of your past decisions about your Summary Care Record consent preferences, you can change your mind at any time. You can choose any of the following options:
- To have a Summary Care Record with additional information shared. This means that any authorised, registered and regulated health and care professionals will be able to see a enriched Summary Care Record if they need to provide you with direct care.
- To have a Summary Care Record with core information only. This means that any authorised, registered and regulated health and care professionals will be able to see information about allergies and medications only in your Summary Care Record if they need to provide you with direct care.
- To opt-out of having a Summary Care Record altogether. This means that you do not want any information shared with other authorised, registered and regulated health and care professionals involved in your direct care, including in an emergency.
To make these changes, you should inform your GP practice or complete the SCR patient consent preferences form and return it to your GP practice.
More information on your health records
Read more about your medical records.
Violence Policy
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety.
In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.