What is GDPR?
In May 2018, The General Data Protection Act comes into force, a Europe-wide law that replaces the Data Protection Act 1998 in the UK.
Please see our leaflet about GDPR, by clicking on the file below:
Privacy and Fair Processing Notice
Our Privacy and Fair Processing Notice explains why we collect information about you and how that information may be used to deliver your direct care and manage the local health and social care system.
The notice reflects:
- What information we collect about you;
- How and why we use that information;
- How we retain your information and keep it secure;
- Who we share you information with and why we do this.
- The notice also explains your rights in relation to consent to use your information, the right to control who can see your data and how to seek advice and support if you feel that your information has not been used appropriately.
How do we comply with Subject Access Requests?
If you would like to make a request for your medical record, please email the request to hillccg.sar@nhs.net
When emailing a request please ensure you include:
Full Name, Date of Birth, Address
What specific information you require i.e. clinic letters, consultations, problems list
Please ensure you specify the period of time the request is relevant to i.e. the past 3 years
- Please be aware under GDPR:All third party information must be redacted, this requires a member of the administration team to go through your record and redact out any mention of third parties.
- We have one month to respond to a request – if an extension is required we may ask for one. Under ICO guidelines, we can extend the time to respond to a request by a further two months, if the request is complex or we have received a number of requests from an individual.
- In most circumstances we cannot charge a fee; however, if we believe the request is manifestly unfounded or excessive we may charge a “reasonable fee” for the administrative costs of complying with the request. A fee can also be charged for repeated requests.
- If a request is made via a third party i.e. a solicitor, we require written consent from the patient to release their medical information to a third party before a request can be processed.
- In certain cases we can refuse to comply with a request if the subject access request is considered manifestly unfounded or excessive.
Data Breach Notification Policy
Privacy Notice
Please see below the Privacy Notice for this practice: