Consent and Information Sharing Policy
At Victoria Road Surgery, we are fully committed to protecting the privacy and confidentiality of our patients in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This includes how we manage and share your personal health information.
Consent is Essential
We will not share any patient information with anyone unless we have received explicit, documented consent from the patient.
This includes partners, family members, friends, carers or any third party.
We understand that sometimes someone may call us on behalf of their partner or relative, especially for convenience or support. However, under no circumstances will we disclose personal information or discuss a patient’s medical matters unless we have the patient’s clear and specific permission recorded.
What This Means in Practice
If you are calling on behalf of your partner (or anyone else), we will still require one of the following before we can engage in any conversation involving the patient’s records or care:
- A signed written consent from the patient held on file
- A verbal consent given directly by the patient during the call (we will need to speak to them directly to record this)
- A Power of Attorney for health and welfare, properly documented and registered
We will not accept implied consent, verbal assurances from a third party, or consent passed on second-hand.
Even if you live in the same household or are the next of kin, we still require the patient’s direct permission.
Emergencies and Capacity
In cases where the patient lacks the capacity to give consent (for example, due to a medical condition), we will follow legal protocols and involve safeguarding teams where appropriate. Any decision to share information will be carefully considered, justified, and recorded in line with professional guidelines and the law.
Updating or Withdrawing Consent
Patients have the right to withdraw or update their consent at any time. This must be done in writing. We will update our records promptly to reflect any change.
Why We’re So Strict
This policy is not about making things harder. It’s about protecting your personal data, respecting your rights, and making sure we’re compliant with the law. Your health records are sensitive, and we treat them with the utmost care.
Questions?
If you have any questions about giving consent or how your information is handled, please contact the surgery’s Data Protection Lead.
We thank you for your understanding and support in keeping everyone’s data safe.
GDPR(General Data Protection Regulation)
On 25 May 2018, the General Data Protection Regulation (GDPR) will be enforced across Europe, including the UK. The law aims to give citizens more control over their data and to create a uniformity of rules to enforce across the continent. Click here to download the GDPR leaflet.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the GDPR (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.
All of our staff, contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff has access to personal information where it is appropriate to their role and is strictly on a need-to-know basis.
We maintain our duty of confidentiality to you always. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
How do we process your personal data?
Health care professionals maintain records about your health and any treatment or care you have received within the NHS (e.g. NHS Hospital Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide the best possible healthcare.
NHS health records may be processed electronically, on paper or a mixture of both, and a combination of working practices and technology are used to ensure that your information is kept confidential and secure. Records held by this GP Practice may include the following information:
Details about you, such as address, telephone numbers, DOB and next of kin
Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
Notes and reports about your health
Details about your treatment and care
Results of investigations, such as laboratory tests, x-rays, etc.
Relevant information from other health professionals, relatives or those who care for you.
How to provide feedback or complain?
We always try to give a good service but sometimes things go wrong. You can help us make changes by telling us about what is wrong and how you would like us to put it right.
You may want to complain about:
- A service
- Any action, attitude or behaviour of a member of staff which has affected you or someone close to you
Please get in touch with Julie Wallis, the Practice Manager, if you need help or support in using our procedure, or if you need the information in another format.
Patient Complaint Form- Third Party Consent
Patient Advice and Liaison Service
Invoice Validation
If you have received treatment within the NHS, access to your personal information may be required to determine which Clinical Commissioning Group should pay for the treatment or procedure you have received.
This information would most likely include information such as your name, address, date of treatment and may be passed on to enable the billing process. These details are held in a secure environment and kept confidential. This information will only be used to validate invoices and will not be shared for any further purposes.
Named GP
- Dr Fuad Ahmed (m)
- Dr Alice Wilkinson (f)
NHS Health Checks
All of our patients aged 40-74 not previously diagnosed with cardiovascular disease are eligible to be invited for an NHS Health Check. Nobody outside the healthcare team in the practice will see confidential information about you during the invitation process and only contact details would be securely transferred to a data processor (if that method was employed). You may be ‘given the chance to attend your health check either within the practice or at a community venue. If your health check is at a community venue all data collected will be securely transferred back into the practice system and nobody outside the healthcare team in the practice will see confidential information about you during this process.
OHP Privacy Notice
This privacy notice explains why the GP Practice collects information about you, and how that information may be used.
As data controllers, GPs have responsibilities which are regulated by law under the General Data Protection Regulations. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect.
Risk Stratification
Risk stratification is a process for identifying and managing patients who are at a higher risk of emergency hospital admission. Typically, this is because patients have a long-term condition such as COPD or cancer. NHS England encourages GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help prevent avoidable admissions.
Information about you is collected from several sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your anonymous information using computer programmes. Your information is only provided back to your GP or member of your care team in an identifiable form. Risk stratification enables your GP to focus on the prevention of ill health and not just the treatment of sickness. If necessary, your GP may be able to offer you additional services.
If you do not wish to be included in the risk stratification process, then please get in touch with the Practice. Please note the purpose of risk stratification is to prevent and detect health issues therefore we will ask our Patients for their consent to be included in this.
Sharing your personal data
Sometimes information about you may be requested to be used for research purposes. The Practice will always endeavour to gain your consent before releasing the information.
Under the powers of the Health and Social Care Act 2012 (HSCA) the Health and Social Care Information Centre (HSCIC) can request Personal Confidential Data (PCD) from GP Practices without seeking the patient’s consent. Improvements in information technology are also making it possible for us to share data with other healthcare providers with the objective of providing you with better care.
Any patient can choose to exercise their right of objection specified under the GDPR regarding their PCD being used in this way. When the Practice is about to participate in any new data-sharing scheme we will make patients aware by displaying prominent notices in the surgery and on our website at least four weeks before the scheme is due to start. We will also explain clearly what you have to do to ‘opt-in’ of each new scheme.
Though a patient can object to their personal information being shared with other health care providers but if this limits the treatment that you can receive then the doctor will explain this to you at the time.
Use of Heidi for Consultation Note-Taking
At Victoria Road Surgery, we’re committed to delivering high-quality, modern care while keeping your personal information safe and secure.
To support our clinicians during consultations, we use a secure digital assistant called Heidi. Heidi helps with note-taking, allowing your GP or nurse to focus more fully on you, while ensuring that accurate and professional records are maintained.
Here’s what you need to know:
Heidi is fully compliant with UK GDPR and NHS data protection standards
It does not store or access your data beyond what is necessary for clinical documentation
Your information remains secure, confidential, and under the control of the practice at all times
Heidi is used only by authorised staff and solely for the purpose of documenting your care
Nothing is shared with third parties or used for marketing
We have strict data handling protocols in place, and all systems are regularly monitored for compliance and safety.
If you have any questions or would prefer not to have Heidi used during your consultation, please let us know when booking or during your appointment.
Thank you for your trust in us as we continue to improve our services through safe and thoughtful use of technology.
What is our policy on zero tolerance?
At Victoria Road Surgery we treat our patients with respect and dignity and do not discriminate against them in any way, on the grounds of age, sex or sexual orientation, colour, race, ethnic background, disability, religion or religious or philosophical belief.
Physical violence and verbal abuse is growing concern. Doctors, nurses and other practice staff have a right to care for others without fear of being attacked or abused. We ask that you treat your doctor and practice staff properly, without violence or abuse. We strongly support the NHS policy on Zero Tolerance.
Any patient either phoning or attending the Practice who abuses any staff member or patient, be it verbally, physically or in any threatening manner whatsoever will risk removal from the Practice list.
What the CCG/PCN does?
We are part of MOBY PCN, this is a group of local GP surgeries who work closely together to offer services and improve patient care. The HUB is based at Yardley Wood Health Centre and evening and weekend appointments are available.
What’s your Slavery statement?
Modern Slavery Statement
Our Health Partnership – Modern Slavery Statement
Section 54 of the UK Modern Slavery Act (2015) requires commercial organisations operating in the UK with an annual turnover in excess of £36m to produce a ‘slavery and human trafficking statement for each financial year of the organisation’.
Organisational Structure and Business
Our Health Partnership is one of the UK’s biggest GP partnerships. It brings together 52 surgeries in the Midlands and Shropshire. By using our shared expertise to tackle the challenges of GP practice today, we can keep local surgeries thriving and provide the excellent care that our patients need now and into the future.
Our approach to slavery and human trafficking
We are committed to tackling modern slavery within every part of our business and its supply chains. Our Anti-slavery statement, in combination with the establishment of effective policies, demonstrates our commitment to the issue of modern slavery and ensures that appropriate and coordinated action is taken throughout the business.
Due diligence
We have taken action to understand and address the risks of modern slavery within our operations, including:
The development of robust processes around whistleblowing, grievance, disciplinary and bullying and harassment policies, to provide both staff and patients with assurance that modern slavery concerns will be raised and dealt with appropriately
Staff training and increasing awareness of modern slavery, on how to spot signs and raise complaints within the organisation, and monitoring the delivery of this training to staff
Putting in place Strict standards for conduct in the workplace, mirroring the NHS code of conduct, as referenced within our staff handbook and code of conduct policy
Ensuring inappropriate employment practices are avoided by adhering to our Illegal Working Prevention, DBS, and Recruitment policies, to ensure identity checks, DBS, qualifications and references are in place
Continued development of policies around safeguarding.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used. The following are examples of the types of organisations that we are likely to share information with:
• NHS and specialist hospitals, Trusts
• Independent Contractors such as dentists, opticians, pharmacists
• Private and Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups and NHS England
• Social Care Services and Local Authorities
• Education Services
• Police, Fire and Rescue Services
• Other ‘data processors’ during specific project work e.g. Diabetes UK
Who are we?
OHP is the data controller. This means it decides how your personal data is processed and for what purposes.
The Health and Social Care Act 2012 changed the way that personal confidential data is processed. Therefore, it is important that patients are made aware of, and understand these changes and that you have an opportunity to object if you so wish and that you know how to do so.
Your Personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come in to such possession. The processing of personal data is governed by the General Data Protection Regulation (the ‘GDPR’).
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –
The right to request a copy of your personal data which this practice holds about you;
The right to request that this practice corrects any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for the practice to retain such data. Although please note for Patients at this practice, your records will be retained until death;
The right to withdraw consent to the processing at any time;
The right to data portability;
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed o further processing;
The right to lodge a complaint with the Information Commissioners Office.