MAYFIELD SURGERY. BILLING BROOK ROAD. NORTHAMPTON. NN3 8DW
Privacy Notice – Mayfield Surgery
Introduction
This privacy notice explains why Mayfield Surgery collects information about patients, how we use that information, and your rights in relation to it.
Mayfield Surgery manages patient information in line with current data protection legislation and with guidance from organisations responsible for the governance of healthcare in England, including NHS England, the Department of Health and Social Care, and the General Medical Council.
We are committed to protecting your privacy and ensuring that your personal data is used lawfully, fairly, and transparently.
Legal basis for processing your information
We process personal and special category (health) data in accordance with:
•
UK General Data Protection Regulation (UK GDPR)
•
Data Protection Act 2018
•
Human Rights Act 1998
•
Common Law Duty of Confidentiality
•
Health and Social Care Act 2012
•
NHS Codes of Confidentiality, Information Security, and Records Management
As data controllers, GP practices have a duty to ensure that personal confidential data is processed in a way that patients would reasonably expect and that is clear and transparent.
Changes introduced by the Health and Social Care Act 2012
The Health and Social Care Act 2012 changed how certain personal confidential data may be used within the NHS. It is important that patients understand these changes and are aware of their rights, including the right to object to certain uses of their data and how to do so.
Why we collect information about you
Healthcare professionals involved in your care maintain records to ensure you receive safe, effective, and coordinated healthcare. These records help those providing care to make informed decisions.
Your records may be held electronically, on paper, or as a combination of both. We use appropriate technical and organisational measures to ensure your information is kept secure and confidential.
Records held by the surgery may include:
•
Personal details such as name, address, date of birth, and next of kin
•
Details of contacts with the practice (appointments, consultations, home visits)
•
Clinical notes and correspondence about your health
•
Details of treatments, medications, and care received
•
Results of investigations such as blood tests, imaging, and other diagnostics
•
Relevant information from other healthcare professionals, carers, or relatives
How we use and share your information
We collect and use your information primarily to provide you with direct healthcare. We will keep your information confidential and only share it where there is a lawful basis to do so.
We may disclose personal information when:
1.
Disclosure is required by law
2.
You have given consent (explicitly or implicitly for direct care)
3.
Disclosure is necessary in the public interest (for example, safeguarding or serious crime)
Some information may be held centrally within the NHS and used for planning, audit, and statistical purposes. Where this occurs, robust safeguards are applied and data is anonymised or pseudonymised wherever possible so that individuals cannot be identified.
Clinical audit and service improvement
Information may be used for clinical audit, quality monitoring, and service improvement. These activities help ensure that the care provided meets required standards. Where possible, data used for these purposes will not directly identify individual patients.
Your right to object to sharing
You have the right to object to your personal information being shared with other healthcare providers. Please note that restricting information sharing may affect the care you receive. If this is the case, your clinician will explain the implications to you.
Mobile telephone communications
If you provide a mobile telephone number, we may use it to send appointment reminders, health screening invitations, or other messages related to your care. You will be asked for consent to receive text messages and can withdraw this consent at any time.
Risk stratification
Risk stratification is a process used to identify patients who may be at higher risk of unplanned hospital admission or deterioration in health, often due to long-term conditions.
NHS England encourages GP practices to use approved risk stratification tools to support proactive, preventative care and personalised care planning.
Information used for risk stratification may be drawn from this practice and other NHS organisations. The aim is to help clinicians focus on preventing ill health and offering additional support where appropriate.
You have the right to opt out of your data being used for risk stratification. Please contact the practice if you wish to do so.
Invoice validation
If you receive NHS treatment, limited personal information (such as name, address, and date of treatment) may be shared securely for invoice validation purposes. This ensures that the correct Integrated Care Board (formerly Clinical Commissioning Group) is charged for your care.
This information is held in a secure environment, used only for invoice validation, and not for wider commissioning or profiling purposes.
How we protect your information
We maintain strict confidentiality and security standards. Measures include:
•
Access to records restricted to authorised staff on a need-to-know basis
•
Regular training for staff on data protection, confidentiality, and information governance
•
Contractual confidentiality obligations for all staff and contractors
•
Secure IT systems and controlled access to paper records
We will only share information with others involved in your care where there is a genuine need. Information will not be disclosed to third parties without your permission unless required by law or in exceptional circumstances (such as serious risk to life).
Organisations we may share information with
Subject to appropriate safeguards, we may share information with:
•
NHS Trusts and Foundation Trusts
•
Specialist and community healthcare providers
•
Independent contractors (GPs, dentists, opticians, pharmacists)
•
Ambulance services
•
Integrated Care Boards and NHS England
•
Social care services and local authorities
•
Voluntary and private sector providers involved in your care
•
Education services (where relevant, e.g. safeguarding)
•
Police, fire, and rescue services (where legally required)
•
Approved data processors acting on our behalf
Your rights
Under UK GDPR and the Data Protection Act 2018, you have the right to:
•
Access a copy of the information we hold about you
•
Request correction of inaccurate or incomplete information
•
Request erasure of information in certain circumstances
•
Restrict or object to certain types of processing
•
Receive your data in a portable format (where applicable)
•
Withdraw consent where consent is the lawful basis
Accessing your records (Subject Access Requests)
If you wish to access your medical records or other personal data, please contact the practice in writing. We will:
•
Confirm whether we hold information about you
•
Explain why we hold it and how it is used
•
Tell you who it may be shared with
•
Provide a copy in an intelligible form, usually within one month
Keeping your details up to date
Please inform us if your personal details change or if you believe any information we hold is inaccurate. Keeping your records up to date helps ensure safe and effective care.
ICO registration
Mayfield Surgery is registered with the Information Commissioner’s Office (ICO) as a data controller. Details of our registration are publicly available on the ICO website.
Data Controller and Caldicott Guardian
The Data Controller for Mayfield Surgery is:
Dr Azfar Ejaz Caldicott Guardian
The Caldicott Guardian is responsible for ensuring that patient information is used legally, ethically, and appropriately.
ICO Registration Number: ZB201007
How long we keep your information
We retain medical records in line with national guidance, including the Records Management Code of Practice for Health and Social Care. Records are securely destroyed when they are no longer required.
Concerns or complaints
If you have concerns about how your information is managed or wish to exercise your rights, please contact:
Mrs Jo Carr Mayfield Surgery Weston Favell Health Centre Northampton NN3 8DW Email: Mayfieldsurgery1@nhs.net Tel: 01604 415157
If you remain dissatisfied, you may complain to the Information Commissioner’s Office:
•
Website: www.ico.org.uk
•
Telephone: 0303 123 1113
Changes to this notice
Any changes to this privacy notice will be published on our website and displayed prominently within the surgery.
Further information
You can find more information about how the NHS uses personal data and your rights at:
•
NHS Care Record Guarantee
•
NHS Constitution for England
•
NHS Digital – Codes of Practice for Handling Information
•
Information Governance Review (Caldicott Review)
•
Information Commissioner’s Office (ICO)