Data Protection and Confidentiality
The practice is compliant under the Data Protection Act 1998 (DPA) and will continue to be under the EU General Data Protection Regulation (GDPR). These regulations introduce strict requirements on how the practice handles personal data.
To provide you with the care you need we hold the details of your consultations, illnesses, tests, prescriptions and other treatments that have been recorded by everyone involved in your care and treatment. This information may be stored on paper or electronically on computer files by practice staff.
We sometimes disclose some of your personal health information to other organisations involved in your care. For example, when you are referred to the hospital we send relevant details about you in the referral letter and receive information about you from them. Our practice also participates in regional and national programmes such as the cervical cytology screening service and your name, address, date of birth and health number will be given to them in order to send an invitation to you.
We need to use some of your personal health information for administrative purposes. In order to receive payment for services provided to you, we have to disclose basic details about you to NHS Tayside, the Common Services Agency and the Scottish Heath Service. These organisations have a role in protecting public funds and are authorised to check that payments are being properly made. We are required to co-operate with these checks and the disclosure of your data is a necessary part of our provision of health care services.
Sometimes we may participate in studies that are designed to improve the way services are provided to you or check that our performance meets required standards and benchmarks. Whenever we take part in such an activity we will ensure that, as far as possible, any details that may identify you are not disclosed.
We are sometimes involved in health research and the teaching of student nurses, doctors or other health professionals. We will not use or disclose your personal health information for these purposes unless you have been informed beforehand and given your consent for us to do so.
Where you need a service jointly provided with a local authority we will seek your permission before giving them your details. Sometimes we are required by law to pass on information, e.g. the notification of births, deaths, and certain diseases or crimes to the government.
Our use of your personal health information is covered by a duty of confidentiality and this is regulated by the Data Protection Act. This Act gives you a number of rights in relation to how your personal information is used, including a right to access the information we hold about you. You can access this information by making a Subject Access Request.
Everyone working for the NHS has a legal duty to keep information about you confidential and adheres to a Code of Practice on protecting patient confidentiality. Further information on this can be found at https://www.nhstayside.scot.nhs.uk/YourRights/PROD_298457/index.htm