Coronavirus (COVID-19) pandemic and your information
The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the Coronavirus (COVID-19) pandemic.
The ICO also recognise that 'Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.'
The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a Notice under Regulation 3(4) of The Health Service (Control of Patient Information) Regulations 2002 requiring organisations such as GP Practices to use your information to help GP Practices and other healthcare organisations to respond to and deal with the COVID-19 pandemic.
In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non-clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the Covid-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease.
Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs.
The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 30th September 2020 unless a further extension is required. Any further extension will be communicated via an update to this Privacy Notice.
Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.
It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice.
In response to receiving a completed Processing Activities Log which Little St John’s Surgery has confirmed is an accurate and complete record of processing carried out by the practice, the following suggested Privacy / Transparency Notice has been drafted.
Little St John’s Surgery takes your privacy very seriously. We are registered with the Information Commissioner’s Office as a Data Controller and our registration number is Z7335907.
If you have any questions or wish to make a request in relation to your information, please contact us at;
7 Little St Johns Street, Woodbridge, Suffolk IP12 1EE
Emma Cooper, DPO, emma.cooper35@nhs.net
Little St John’s Surgery aims to provide you with the highest quality health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
Your doctor and other health professionals caring for you, such as nurses or physiotherapists, keep records about your health and treatment so that they are able to provide you with the best possible care.
These records are called your ‘health care record’ and may be stored in paper form or on computer and electronic systems and may include Personal Data;
as well as Sensitive Personal Data;
Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.
Follow this link to see a list of the partners that we usually share with.
Little St John’s Surgery has signed a Suffolk Wide Information Sharing Agreement which allows health and social care providers to agree a secure and lawful way to share your information.
Along with activities related directly to your care, we also use information in ways which allow us to check that care is safe and provide data for the improvement and planning of services.
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.
Data protection law provides you with a number of rights that the practice is committed to supporting you with;
Right to Access
You have the right to obtain:
If you only require a particular part of your record, tell us and this may mean we can respond quicker.
We will respond to your request within one month of receipt or will tell you when it might take longer.
We are required to validate your identity including the identity of someone making a request on your behalf
Your request for information and other information rights may be delayed due to urgent operational responses to dealing with Public Health priorities. We apologise for any inconvenience this may cause, we do remain committed to responding to your request and will respond as soon as we are able. Should our response to your request breach the statutory time frame and you remain unhappy with our response you have the right to complain to the Information Commissioners Office.
We mainly use, store and share your information because we are permitted in order to deliver your healthcare but you do have a right to object to us doing this.
Where we are using, storing and sharing your information based on explicit consent you have provided, you have a right to withdraw that consent at any time.
Our Data Protection Officer will be happy to speak with you about any concerns you have.
If information about you is incorrect, you are entitled to request that we correct it.
There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time.
We will respond to your request within one month of receipt or will tell you when it might take longer.
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights please click here.
Sometimes your information will be used to identify whether you need particular support from us.
Those involved in your care might look at particular ‘indicators’ (such as particular conditions) and contact you or take action for healthcare purposes. For example, this might be to prevent you from having to visit accident and emergency by supporting you in your own home or in the community.
We will use automated technology to help us to identify people that might require support but ultimately, the decision about how or whether to provide extra support you is made by those involved in your care.
Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.
The practice will use third parties to provide services that involve your information such as;
Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery).
We have contracts in place with these third parties that prevent them from using it in any other way that instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.
Please visit this link to find out more about our sharing partners and providers.
We are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;
Staff receive annual training about protecting and using personal data
Policies are in place for staff to follow and are regularly reviewed
We check that only the minimum amount of data is shared or accessed
We use ‘smartcards’ to access systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
We report and manage incidents to make sure we learn from them and improve
We put in place contracts that require providers and suppliers to protect your data as well
We do not send your data outside of the EEA
In line with the Department of Health Code, we will retain / store your health record for your lifetime. When a patient dies, we will review the record and generally it will be destroyed 10 years later, unless there is a reason to keep it for longer.
If you move away or register with another practice, we will send your records to the new practice.
You may be aware of a recent fine issued Bounty, a pregnancy and parenting club, by the Information Commissioner for sharing information with third parties without making the public aware. You can find more information by clicking this LINK. The practice takes privacy and lawful use of information seriously and works hard to ensure that our service providers, partners and suppliers are trustworthy and compliant and although the practice is not directly affiliated with Bounty, we have looked into the matter to provide our patients with reassurance.
The Information Commissioner has recognised that the information sharing was an historic practice that ceased before recent changes in data protection law came into force. Bounty have confirmed that they have stopped selling details of members who sign up and that they have implemented robust data protection practices. They also have a privacy policy that now explicitly states they have stopped sharing data with those data brokerage firms and will never sell members information in the future. Finally, they have appointed an independent data expert who will assess Bounty's procedures annually and publish the findings on the Bounty website.
Should you have any questions or concerns, please do let us know.
Processing Activities |
Sharing Partners (including any third party providers of services) |
Link |
Referral / Test Results |
Ipswich Hospital |
|
West Suffolk Hospital |
||
Norfolk and Norwich Hospital. |
||
Addenbrookes Hospital. |
||
West Suffolk Disability Resource Centre | Papworth Trust |
||
Guy's & St Thomas |
||
Great Ormond Street |
||
DESMOND |
||
OneLife Suffolk |
||
Norfolk and Suffolk NHS Foundation Trust |
||
Sue Ryder Dementia |
Click here › Neurological centres › The Chantry › Care services |
|
Suffolk GP Federation CIC |
||
Moorfields Eye Unit |
||
Care UK |
||
Express Diagnostics (24hr ECGS |
||
Nuffield Ipswich |
||
Nuffield Ipswich Diagnostic Imaging |
||
St Nicolas Hospice |
||
The Pathology Partnership |
||
St Elizabeth’s Hospice Ipswich |
||
Macmillan |
||
Suffolk Community Healthcare |
||
SCH Speech & Language |
||
Suffolk Recovery Network |
||
Well Being Suffolk |
||
Suffolk Family Carers |
||
Ivry Street Minor Surgery Unit |
||
Single Access Podiatry |
||
East Suffolk Consortia - Stroke/TIA |
||
Allied Health Professionals |
||
GP+ |
Suffolk GP Federation |
|
EPS |
Pharmacy 2U |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
Fresenius Homecare |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Select Home Delivery |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Fittleworth |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Jade Euromed |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Salts Medilink |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Charter Ltd |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Alphamed |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
NWOS |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Waterton Pharmacy Woodbridge |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Woodbridge Pharmacy Woodbridge |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Tesco Stores Limited Martlesham |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Tesco Stores Limited Kesgrave |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Boots Woodbridge |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Martlesham Pharmacy |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Kesgrave Pharmacy |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Boots Ipswich |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Rushmere Pharmacy |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Sia Healthcare |
Sent using TPP SystmOne from this GP practice via NHS Spine to Pharmacy system. Pharmacy has been nominated by patient’ |
|
Discharge notices |
West Suffolk Hospital |
|
Ipswich Hospital |
||
Norfolk and Norwich Hospital. |
||
Addenbrookes Hospital. |
||
West Suffolk Disability Resource Centre | Papworth Trust |
||
Guy's & St Thomas |
||
Nuffield Ipswich |
||
Moorfield Hospital |
||
Colchester Hospital |
||
Colchester Hospital AAA Screening |
||
Great Ormond Street |
||
Childhood Immunisations |
CHIS |
|
Confidential waste removal |
Avena |
|
Patient Texts |
TPP System One |
|
Pathology Courier |
Ipswich Hospital |
|
PCSE Notes |
City Sprint |
|
Coroner reports |
Ipswich Coroners |
|
Norfolk Coroners |
||
Commissioner Reports |
West Suffolk CCG |
|
Ipswich and East Suffolk CCG |
||
Provision of IT Systems and Support |
North East London CCG |
|
Provision of clinical system |
TPP (SystmOne) |
|
Infectious Diseases |
Anglia Health Protection Team |
|
Payroll |
Payedoc Payroll Services Ltd |
|
Debit/Credit Card Payments |
Barclays Bank Ltd |
|
BACS Payments In & Out |
Barclays Bank Ltd |
We are committed to protecting the privacy of all individuals using this website.
This policy explains how we use any personal information we collect from you through this website.
Collection of personal information
You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.
By submitting your personal information, you consent to our use of the information as set out in this privacy policy.
Use of personal information
We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:
We shall use your personal information to administer, and may respond to, your request.
We shall securely store the information you supply together with any response we may provide.
If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.
Website privacy
This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.
Data storage
All data obtained by us is held and used in compliance with the Data Protection Act 2018.
Cookie Policy
Please click here to read our Cookie Policy.
Links
This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.
Access to your personal information
You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.
111 is the NHS non-emergency number. It's fast, easy and free. Call 111 and speak to a highly trained adviser, supported by healthcare professionals.
How likely are you to recommend this Surgery to friends and family if they needed similar care or treatment? Please spend 2 minutes to take the Friends and Family Test.
The NHS website. Take control of your health and wellbeing. Get medical advice, information about healthcare services and support for a healthy life.
Patient is one of the most trusted medical resources online, supplying evidence based information on a wide range of medical and health topics to patients and health professionals.
