This practice is committed to preserving, as far as is practical, the security of data used by our information systems. This means that we will take all reasonable actions to;

Maintain the Confidentiality of all data within the practice by:

• Ensuring that only authorised persons can gain access to our systems
• Not disclosing information to anyone who has no right to see it

Maintain the integrity of all data within the practice by:

• Taking care over input
• Ensuring that all changes are reported and monitored
• Checking that the correct record is on the screen before updating
• Reporting all apparent errors and ensuring that they are resolved

Maintain the availability of all data by:

• Ensuring that all equipment is protected from intruders
• Ensuring that backups are taken at regular, predetermined intervals
• Ensuring that contingency is provided for possible failure or equipment theft and that any such contingency plans are tested and kept up to date

Additionally we will take all reasonable measures to comply with our legal responsibilities under:

• The Data Protection Act (2018)
• The Health and Safety at Work Act (1992)
• The Access to Health Records Act (1990)

Right of Access to your Health Information

The General data Protection Regulation allows you to find out what information about you is held on computer and in manual records. This is known as “right of subject access” and applies to personal information held about you. If you want to see the information about you that the practice holds:

• you will need to make a written request to the Practice manager,
• we are required to respond to you within 1 month;
• you will need to give adequate information (for example full name, address, date of birth NHS number etc);
• you will be required to provide ID before any information is released to you.

Transferring to another practice

If you decide at any time and for whatever reason to transfer to another practice we will facilitate that decision by making available to your new doctor a copy of your records following the request from BSO. For medico-legal reasons an archived copy will be retained within the computer system.

Use of information for research, audit or quality assurance

• It is usual for patient information to be used for these purposes in order to improve services and standards of practice.
• In fact GPs on the specialist GP register of the Medical Council are now required to perform audits. In general, information used for such purposes is done in an anonymous manner with all personal identifying information removed.
• If it were proposed to use your information in a way where it would not be anonymous or the Practice was involved in external research we would discuss this further with you before we proceeded and seek your written informed consent.
• Please remember that the quality of the patient service provided can only be maintained and improved by training, teaching, audit and research.