Privacy Policy

  • This privacy policy sets out how The Grantham Practice uses and protects any information that you give. The Grantham Practice when you use this website.
    The Grantham Practice is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
    The Grantham Practice may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from: June 2015.
    The Grantham Practice exercises a legal duty to tell patients and staff how their personal information will be used by us. This is a specific requirement that is set out in the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) and is known as a “privacy notice”.
    Information that we collect
    We collect the following information:
     Contact information including your address, telephone number, email address
     Your name, date of birth, NHS number
     Name(s), contacts details of carers and next of kin
     Demographic information such as location
     We hold your medical record that contains clinical information about you so that we can provide you with safe care and treatment

Information about our staff

We collect information about employed staff, volunteers or agency staff. The types of information we may collect for staff are:

  •  Names, addresses and telephone numbers as part of their employment information
     Next of kin or emergency contact for staff
     Bank details
     Proof of eligibility to work in the UK
     Documentation and information that will be obtained during the course of employment including: appraisals, training plans, bank details, pension details, payroll details, etc.
     Safeguarding information
     CCTV images are captured in the surgery and the immediate surrounding area outside the building
  • What we do with the information we gather
    We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
     Internal record keeping.
     We may use the information to improve our services
     We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
     From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

How we use and share your information

We use information about you so that we can check and review the quality of care that we provide. It helps us to improve our services we deliver. To find out more about how we use your information you can visit https://www.ourhealthiersel.nhs.uk/privacy-notice.htm

How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
• Data Protection Act 2018 and General Data Protection Regulation 2018
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality, Information Security and Records Management
• Information: To Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or, in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.

Who we share your information with

- We share your information with other health organisations who provide you with care. Examples of other organisations we share information with are: 1) a hospital specialist if you are referred to them by us, 2) a prescription to a pharmacy that you have nominated for us to send your prescription to by the Electronic Prescribing Service [EPS]
- We share your information with organisations that are involved in your healthcare through something called the Local Care Record [LCR]. For more information go to https://www.thegp.london/medical-records/
- Staff working in A&E and any out of hours organisations can also get access to your information. It is very important that the staff in these organisations know if you have any allergic reactions, e.g. they will use your Summary Care Record [SCR]. A summary of your data will automatically upload to your SCR. However, this information will not be sent to your SCR if you have asked for this not to happen. If you want to know whether you have opted in or out, you can contact us. For more information - https://www.thegp.london/medical-records/ or https://digital.nhs.uk/summary-care-records
- Lambeth DataNet can get access to your information. The information they obtain is anonymised. It helps them make improvements on healthcare services. To opt out, just contact us.
- National Database If you receive NHS services you will be registered on a national database. This database holds information about you. The national database is held by an organisation known as NHS Digital. The information held will be your name, date of birth, NHS number, address, telephone number or mobile and your email address (if you have one) It does not contain data about any care that you have received. To find out more information about NHS Database and the information it holds, visit their website at https://digital.nhs.uk/ or call them on 0300 303 5678
- Your consent is given. We share your information with organisations / person(s) where you have given us consent to do so. Examples here would be for an insurance report, a solicitor’s request, relative acting on your behalf.

  • Who are our partner organisations?
    We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
    • NHS Trusts / Foundation Trusts
    • GP’s
    • NHS Commissioning Support Units
    • Local Care Record
    • Lambeth access Hubs
    • http://www.lambethgpaccesshubs.co.uk/
    • NHS national database managed by NHS Digital https://digital.nhs.uk/
    • Summary Care Records
    • https://digital.nhs.uk/services/summary-care-records-scr
    • Independent Contractors such as dentists, opticians, pharmacists
    • Private Sector Providers
    • Voluntary Sector Providers
    • Ambulance Trusts
    • Clinical Commissioning Groups
    • Social Care Services
    • Health and Social Care Information Centre (HSCIC)
    • Local Authorities
    • Education Services
    • Fire and Rescue Services
    • Police & Judicial Services
    • Voluntary Sector Providers
    • Private Sector Providers
    • Other ‘data processors’ which you will be informed of
  • There are some circumstances where we will share information about our employees with other organisations. In these circumstances we do not need their permission to share such data. These organisations are:
    • Disclosure and Barring Service
    • HMRC
    • DWP
    • Home Office

We will not:

- Share any identifiable information about you with anyone that is not involved with your healthcare. However, the exception to this would be if we were legally obliged to share your information, e.g. if we were issued with a court order or any public health matter.
- We will not divulge any information about you over the telephone, we will not send a text or email to anyone unless we know it’s you that we are speaking with. In this instance you may be asked questions by the staff to prove it is you. Staff may need to call you back on a number that we hold for you in your records.

Your rights

You have the right to:

- Access to your personal data or be provided with a copy of your information.
- Access your data online. You will need to complete an application form for this to be set up for you. Please speak with our reception team. Accessing you data online will enable you to view your medical records [subject to approval].
- Receive a copy of your medical records. If you want a copy of your medical records you will need to complete a Subject Access Request application. For more information about this you can visit: https://www.nhs.uk/using-the-nhs/about-the-nhs/how-to-access-your-health-records/ There is no fee for this but you may be charged for repetitive requests.
- Discuss with a healthcare professional any mistakes or errors you find in your record.

Rights to object

You have the right to object to:

- Information being shared about you with other providers of health care – it may affect any care you receive so please call us
You are not able to object to:

- Your name, address, and other demographic information being sent to NHS Digital because it is necessary if you wish to be registered to receive NHS care.
- When information needs to be shared for safeguarding purposes. In cases where necessary, we have a legal and professional requirement to share data for safeguarding purposes. This is to protect people from being harmed. Information for safeguarding adults can be found on http://www.lambethccg.nhs.uk/about-us/our-governance/safeguarding-adults/Pages/default.aspx and for safeguarding children http://www.lambethccg.nhs.uk/about-us/our-governance/safeguarding-children/Pages/default.aspx

Risk Stratification - Identifying patients at risk of certain diseases

- So that we can identify anyone who might be at risk from, say, heart disease, stroke, any unplanned admissions to hospital, you records will be searched by a computer programme known as the Risk Stratification Tool. For more information you can visit: https://www.unitedhealthgroup.com/businesses/optum.html

- What risk stratification allows us to do is to look at preventing ill health as well as treating illness. It links information that we hold for you with information to other health care services that you may have used.

- Any information that identifies you will only be viewed by the Grantham Practice. For more information on this, please speak to us.

- You have the RIGHT TO OPT OUT. Just contact us if you want further advice

Safeguarding

- Sometimes it might be necessary to share information so that other people, including healthcare staff, children or others with safeguarding needs are protected from risk of harm. These circumstances are rare and we do not need your consent or agreement to do this.
- Information on safeguarding children and adults is on the Lambeth CCG website: http://www.lambethccg.nhs.uk/pages/results.aspx?u=https://www.lambethccg.nhs.uk&k=safeguarding

Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user's device.
You can find more information about cookies at:
 www.allaboutcookies.org
 www.youronlinechoices.eu
The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide.
Category 1: strictly necessary cookies
These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website.
Category 2: performance cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
By using our website, you agree that we can place these type of cookies on your device.

Retention of records
Your records are kept for a certain period of time. You can visit nhs digital to see how lone records are kept for: https://digital.nhs.uk/article/1202/Records-ManagementCode-of-Practice-for-Health-and-Social-Care-2016 You can also call us for more information.
Right to complain
Should you have any concerns about how your information is managed by the Practice please contact our Patient Liaison and Practice Administrator, Jonathan Wilmshurst, at the following address:

The Grantham Practice, Beckett House
Grantham Road
London
SW9 9DL

Tel: 0207 733 6191

Email: lamccg.granthamcentrepractice@nhs.net

If you are still unhappy following a review by the Practice you can then complain to the Information Commissioners Office (ICO). www.ico.org.uk , casework@ico.org.uk telephone: 0303 123 1113 (local rate) or 01625 545 745

Who is the Data Controller?

The Data Controller, responsible for keeping your information secure and confidential is:
Louise Cobbett-Witten or Jonathan Wilmshurst

The Grantham Practice at Beckett House, Grantham Road, Stockwell, London, SW9 9DL.

Tel: 020 7733 6191 or email at the lamccg.granthamcentrepractice@nhs.net
Our Data Protection Officer is the NEL Commissioning Support Unit [CSU]
Lawful basis for processing
These purposes are supported under the following sections of the GDPR:
Article 6(1)(e) necessary for the performance of a task carried out in the public interest or in the exercise of official authority; and
Article 9(2)(h) necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence. https://www.health-ni.gov.uk/articles/common-law-duty-confidentiality

Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so.
You may request details of personal information which we hold about you under the Data Protection Act 2018.
A fee will be payable. There is no charge for this information.
If you would like a copy of the information held on you please write to:
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.