General Practice Privacy Notice
Click here to download the General Practice Privacy Notice (.docx, 55KB)
Data controller: The Partners ( Dr Frederick Mayland, Dr Caroline Taylor and Dr Louise King) of Beechwood Medical Centre, 60a Keighley Road, Ovenden, Halifax, HX2 8AL
Data Protection Officer or DPO - Paul Couldrey (see bottom of this page for full details)
How we use your information
This privacy notice explains why the Beechwood Medical Centre collects personal information about you, and how that information may be used. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
As data controllers, GPs have responsibilities under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA18). This means ensuring that your personal data is handled in ways that are safe, transparent and what you would reasonably expect.
We respect your trust in us to use, store and share your information. In this notice we explain how we collect personal information about you, how we use it and how you can interact with us about it.
We try to keep this notice as simple as possible but if you are unfamiliar with our terms, or want more detail on any of the information here, please contact us at Beechwood Medical Centre, 60a Keighley Road, Ovenden, Halifax, HX2 8AL
Meeting our legal and regulatory obligations
To use your information lawfully, we rely on one or more of the following legal bases:
- for the performance of a task carried out in the public interest or it is necessary in the exercise of official authority vested in us
- the performance of a contract
- where the processing is necessary for compliance with our legal obligations
- protecting the vital interests of you or others
- for our organisational legitimate interests; e.g. for incidental and ancillary data processing, for example the management of non-patient or medical databases used for our internal administrative purposes
- where appropriate with your consent
- where necessary for the purposes of preventative or occupational medicine, for the assessment of medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
We also respect the common law duty of confidentiality and to satisfy the common law we may rely on implied consent to share confidential health data for the provision of direct care; for example, when a patient agrees to a referral from one healthcare professional to another.
Health care professionals are required to maintain records about your health including any treatment or care you have received within the NHS (e.g. NHS hospital trust, GP surgery, walk-in clinic, etc.). Using these records helps us to provide the best possible healthcare for our patients.
NHS health records may be processed electronically or on paper or a mixture of both and a combination of working practices and technology are used to ensure that your information is kept confidential and secure.
Records used and stored by this GP practice may include the following information:
- Any contact we have with you, such as appointments, clinic visits, emergency appointments, telephone triage etc.
- Notes and reports about your health
- Details about your treatment and care
- Details about you, including your date of birth, NHS number, address and next of kin etc.
- Results of investigations about you such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, agencies, relatives or those who care for you
This GP practice collects and holds data for the sole purpose of providing healthcare services to our patients and we will ensure that such sensitive information is kept confidential.
However, we may disclose your personal information if:
(a) It is required by law
(b) You consent to do so – either implicitly (e.g. for your own treatment and care) or explicitly for other purposes (e.g. sending you newsletters etc.)
(c) It is justified in the public interest
Some of your personal data will be held centrally and used for statistical purposes. Where we hold data centrally, we take strict measures to ensure that individual patients cannot be identified.
Sometimes information about you may be requested to be used for research purposes. Beechwood Medical Centre will always endeavour to gain your consent before releasing such information.
Under the powers of the Health and Social Care Act 2012 (HSCA) the Health and Social Care Information Centre (HSCIC) can request Personal Data from GP Practices without seeking the patient’s consent.
Improvements in information technology are also making it possible for us to share data with other healthcare providers with the objective of providing you with better care.
Any patient can choose to withdraw their consent to their data being used in this way. When Beechwood Medical Centre is about to participate in any new data-sharing scheme we will make patients are aware by displaying prominent notices in the surgery and on our website, providing reasonable notice before the scheme is due to start. We will also explain clearly what you have to do to ‘opt-out’ of each new scheme.
A patient can object to their personal information being shared with other health care providers, however if this limits the treatment that you can receive then the doctor will explain this to you at the time.
Risk stratification is a process for identifying and managing patients who are at a higher risk of emergency hospital admission. Normally, this is because patients have a long-term condition such as chronic obstructive pulmonary disease (COPD) or some cancers. NHS England encourages GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help prevent avoidable admissions.
In order to achieve this, information about you is collated from several sources, including this GP Practice and from NHS Trusts etc. A risk score is then produced through an analysis of your anonymous information using computer programmes. Your information is only provided back to your GP or member of your care team in an identifiable form.
Risk stratification enables your GP to focus on the prevention of ill health and not just the treatment of sickness. If necessary, your GP may be able to offer you additional services.
Please note that you have the right to opt out of Risk Stratification.
Should you have any concerns about how your information is managed or wish to opt out of any data collection at Beechwood Medical Centre, please contact The reception staff or your healthcare professional to discuss how the disclosure of your personal information can be restricted.
All our patients have the right to change their minds and reverse a previous decision. Please contact the surgery if you change your mind regarding any previous decision.
If you have received treatment within the NHS, access to your personal information may be required to determine which clinical Commissioning group should pay for the treatment or procedure that you have received.
This information would most likely include information such as your name, address, date of treatment and may be passed on to enable the billing process. These details are held in a secure environment and kept confidential. This information will only be used to validate invoices and will not be shared for any further purposes.
Personal data about any hospital attendance is obtained from the Health and Social Care Information Centre (HSCIC) and matched to NHS data to create a risk profile about you.
NHS Health Checks
All of our patients aged 40-74, not previously diagnosed with certain chronic diseases are eligible to be invited for an NHS Health Check. Your details will be securely transferred to a third-party data processor. You may be offered the chance to attend your health check either within the Beechwood Medical Centre or at a local community venue. If your health check is at a community venue, all data collected will be securely transferred back into the Beechwood Medical Centre system and nobody outside the healthcare team in the surgery will see any confidential information about you during this process.
Improved Access Hubs
Calderdale offers an Improved Access Service 6.30pm – 8.00pm Monday to Friday, bank holidays and weekends 10.00am – 2.00pm
Should you book an appointment with one of the improved access hubs via Beechwood Medical Centre then we will check that you give your consent before sharing your record with the hub
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the GDPR and DPA 18, the Human Rights Act, the Common Law Duty of Confidentiality, the Health and Social Care Act 2012 and the NHS Codes of Confidentiality and Security.
All our staff, contractors and professional members receive appropriate and on-going training to ensure they are aware of their personal responsibilities. They also have employment contractual obligations to uphold your confidentiality, which are enforceable through disciplinary procedures. Your information may be shared internally, including with members of the practice team but only a limited number of authorised staff have access to your personal information (where it is appropriate to their role) and access is only allowed on a strict ‘need-to-know’ basis.
We strive to maintain our duty of confidentiality to you at all times. We will only ever use or pass on personal identifiable information about you if others involved in your care have a genuine need to have it. We will not disclose your information to any third-party without your permission, unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
We are mindful of the UK information sharing principle following Dame Fiona Caldicott’s information sharing review amongst health professionals. We recognise that our duty to share information can be as important as the duty to protect patient confidentiality. Therefore, we encourage our health and social care professionals to have the confidence to share information in the best interests of our patients within the framework set out by the Caldicott principles; ‘To share or not to share – the Information Governance Review’.
Who do we share your information with?
We may also share your information, subject to strict agreements on how it will be used, with other care providers and agencies. These could include:
- NHS and specialist hospitals, trusts
- Other GPs
- Independent contractors such as dentists, opticians, pharmacists
- Private and voluntary sector providers
- GP practice federations
- Ambulance Trusts
- Clinical Commissioning groups and NHS England
- NHS Digital
- National Institute for Health and Care Excellence
- Care Quality Commission
- NHS Improvement
- NHS Shared Business Services
- Social care services and local authorities
- Education services
- Police and fire and rescue services
- Other ‘data processors’ during specific project work e.g. Diabetes UK
How do we protect your data?
We take the security of your data very seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where we engage with third parties to process personal data on our behalf, we stipulate our privacy expectations in written instructions. They are under a strict duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Access to personal information
We aim to be as open as we can regarding access to personal information.
Individuals can find out if we hold any personal information about them by making a ‘subject access request’ under the DPA 18. You also have the right to require it to be amended or removed should it be inaccurate
If we do hold information about you, we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form provided it is lawful to do so.
To make a request to Beechwood Medical Centre for any of your personal information we may hold, you need to contact the reception or admin staff at the surgery on the data controller address given in this document.
You have the right to complain to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 regarding your personal data.
Complaints or Queries
Beechwood Medical Centre tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. We are happy to provide any additional information or explanation needed. Any queries you have should be addressed to: the DPO (Data Protection Officer) at:
NBV Enterprise Centre
6 David Lane
0155 838 6770
Any changes to this notice will be published on our website and on the surgery notice board.