The General Data Protection Regulation (GDPR) was incorporated into the UK's Data Protection Act on 25th May 2018. This is a single EU-wide regulation on the protection of confidential and sensitive information.

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), and the Data Protection Act 2018 (currently in Bill format before Parliament) the practice responsible for your personal data.

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

• Data Protection Act 2018
• The General Data Protection Regulations 2016
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality, Information Security and Records Management
• Information: To Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on.

Our practice policy is to respect the privacy of our patients, their families and our staff and to maintain compliance with the General Data Protection Regulations (GDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data related to our patients will be protected.

How can you access, amend move the personal data that you have given to us?

Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.

Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example for a research project), or consent to market to you, you may withdraw your consent at any time.

Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will Delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this with a GP to GP data transfer and transfer of your hard copy notes

Access to your personal information

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

• Your request should be made to the Practice – for information from the hospital you should write direct to them
• There is no charge to have a copy of the information held about you
• We are required to respond to you within one month
• You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified, and your records located information we hold about you at any time.

What should you do if your personal information changes?

You should tell us so that we can update our records please contact the Practice as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number), the practice will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.

The Liffock Surgery aims to ensure the highest standard of medical care for our patients. The privacy and dignity of patients is respected at all times. All consultations / treatments are carried out in person by qualified personnel in the privacy of the surgery.

If patients have a preference for consulting with a male or female member of staff please make this know when making an initial appointment.

To do this we keep records about you, of all consultations and treatments your health and the care we have provided or plan to provide to you.  This privacy notice does not provide exhaustive details of all aspects of the collection and use of personal information by Liffock Surgery. However, we are happy to provide any additional information or explanation needed. If you wish to request further information please contact the Practice Manager on 028 70848206

Disclosure of Information to Other Health and Social Professionals

We may need to pass some of this information to other health and social care professionals in order to provide you with the treatment and services you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidence that we do.

Below is a list of organisations that we may share your information with:

• NHS hospitals;
• relevant GP Practices;
• dentists, opticians and pharmacies;
• Private Sector Providers (private hospitals, care homes, hospices, contractors providing services to the NHS).
• Voluntary Sector Providers who are directly involved in your care;
• Ambulance Service
• Clinical Commissioning Groups;
• Out of Hours medical service;
• Northern Health & Social Care Trust

We may also share your information, with your consent, and subject to strict sharing protocols, about how it will be used, with:

• local authority departments, including social care and health (formerly social services), education and housing and public health;

• Police and fire services

Disclosures required or permitted under law

• The law provides that in certain instances personal information (including health   information) can be disclosed, for example, in the case of infectious diseases.
• Disclosure of information to Employers, Insurance Companies and Solicitors
• In general, work related Medical Certificates from your GP will only provide a  confirmation that you are unfit for work with an indication of when you will be fit to resume work. Where it is considered necessary to provide additional information we will discuss that with you. However, Social Welfare Certificates of Incapacity for work must include the medical reason you are unfit to work.
• In the case of disclosures to insurance companies or requests made by solicitors form your records we will only release the information with your signed consent.

Changes to this privacy notice

We keep our privacy notice under regular review.

Concerns

If you have any concerns about how we use or share your information, or you do not wish us to share your information, then please contact our Practice Manager, who will be able to assist you.