Your personal information in someone else’s hands
Are you aware that your personal medical information that you share with your GP or other healthcare
professional may be extracted and stored on a computer outside of this practice where the practice will
have no say on who has access to that information?
Purpose of this leaflet:
There are changes occurring in how we protect the confidential and personal information that we record in
your medical records. The changes make it a legal obligation for us to share your information (see below).
We feel it is vital that you as our patient are made aware of these changes.
The majority of patients come to their GP Practice when they have something wrong with them. Problems
discussed are usually of a personal nature and patients expect that the information they are sharing will
remain confidential. This confidentiality is central to the trust between healthcare professionals and you as
our patient. Without confidentiality, you may be reluctant to disclose information of a personal nature that we
may need to help provide you with the best possible healthcare.
What we record at Our Practice
Healthcare professionals in our practice record information about the care we provide.
The type of information that is recorded includes the following;
§ Demographics, e.g. address, telephone number, e-mail, date of birth, gender, etc.
§ What you tell us when you see us in consultations e.g. about your physical and psychological health and
§ Diagnoses, investigations, treatments, referrals, family background
§ Social information e.g. housing status, alcohol, smoking data
§ Third party sources e.g. hospital letters, A&E attendances, relatives, carers, insurance companies, solicitors.
What we already share about you:
We share different types of information about our patients. These include;
§ Personal information about you and your illness, e.g. referral to hospital consultants, district nurses, health
visitors, midwives, counsellors.
§ With explicit consent personal information to other third parties’ e.g. insurance companies, benefits agencies.
§ Social information about you if relevant, e.g. to social services, to insurance companies.
§ Patient identifiable information to public health (childhood immunisations, communicable diseases, cervical
smears and retinal screening) and under certain acts of parliament to protect you and others e.g. court order.
§ Summary information which is anonymised (can not identify you) e.g. quality and outcome frameworks (QoF),
medical research and clinical audit.
How we protect your personal information:
Currently, your GP is responsible for protecting your information and to do this they comply with the Data Protection
Act 1998 (DPA). As part of the DPA all healthcare professionals have an obligation to only share information on
a need to know basis. For further information on the DPA please follow this link; (http://www.legislation.gov.uk/ukpga/1998/29/contents).
The physical storage of information is on secure servers which are protected by firewalls. Access to the information
is by strong authenticated password. The number of people who have access to your information is limited to members
of the practice team and in a few instances some pre agreed data is shared with other health care professional
e.g. District Nurses but on a need to know basis.
So what is changing?
Under the Health and Social Care Act 2012 the Health & Social Care Information Centre (HSCIC) on behalf of NHS
England (the body responsible for commissioning primary care health services across England) will be able to
extract personal and identifiable information about all patients in England. The extraction process will be carried
out by a private, third party organisation. This information will be stored on national secure servers and will be
managed by NHS England. NHS England will decide what information they will share and who they then share
this information with.
Your GP will not be able to object to this information being released to HSCIC and will no longer be able to protect
your information under the DPA as stated above. Effectively, where the HSCIC is concerned this Act trumps the DPA.
What you need to do:
§ If you are happy for NHS England to extract, store and manage/use your personal information
then you need do nothing as the information will be automatically taken from your GP’s computer
§ If you don’t wish your information to be extracted then you MUST inform your GP practice who will
then block the uploading of your identifiable and personal information to the HSCIC.
§ It should be emphasised that your access to health care and the care that you receive will not be
affected by either decision.
If you do not wish for your data to be extracted please complete the form below and return to the surgery
Care.Data Opt out form
If you have any questions or concerns regarding what you read in this leaflet, please contact reception at the surgery.