GDPR & Privacy
Pembroke Medical Group Privacy Notices
These privacy notices let you know what happens to any personal data that you give to us, or any that we may collect from or about you.
These privacy notices apply to personal information processed by or on behalf of the practice.
These Notices explain
- Who we are, how we use your information and our Data Protection Officer
- What kinds of personal information about you do we process?
- What are the legal grounds for our processing of your personal information (including when we share it with others)?
- What should you do if your personal information changes?
- For how long your personal information is retained by us?
- What are your rights under data protection laws?
The General Data Protection Regulation (GDPR) is a single EU-wide regulation on the protection of confidential and sensitive information. It became law on the 25th May 2018, and will read alongside the new UK Data Protection Act 2018 also coming into force on the same day.
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), and the Data Protection Act 2018 (currently in Bill format before Parliament) the practice responsible for your personal data is Pembroke Medical Group.
These Notices describe how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
Pembroke Medical Group Privacy Notice COVID-19
Pembroke Medical Group Medical Research Privacy Notice
Pembroke Medical Group Improved Access Privacy Notice
Pembroke Medical Group National Screening Programmes Privacy Notice
Pembroke Medical Group One Devon Dataset Privacy Notice
The Devon and Cornwall Care Record Privacy Notice
Privacy Notice – Devon Lung Health Check
Pembroke Medical Group – Heidi Health Privacy Notice
This practice is supporting vital health and care planning and research by sharing your data with NHS Digital. For more information about this see the GP Practice Privacy Notice for General Practice Data for Planning and Research, along with our NHS Digital Privacy Policy
How we protect your data
Confidentiality Policy
Confidentiality is the cornerstone of health care and central to the work of everyone working in general practice. All information about patients is confidential: from the most sensitive diagnosis, to the fact of having visited the surgery or being registered at the practice.
The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person.
All patients can expect that their personal information will not be disclosed without their permission except in the most exceptional of circumstances, when somebody is at grave risk of serious harm.
Responsibilities of practice staff
All health professionals must follow their professional codes of practice and the law. This means that they must make every effort to protect confidentiality. It also means that no identifiable information about a patient is passed to anyone or any agency without the express permission of that patient, except when this is essential for providing care or necessary to protect somebody’s health, safety or well being.
All health professionals are individually accountable for their own actions. They should also work together as a team to ensure that standards of confidentiality are upheld and that improper disclosures are avoided.
Additionally, the GP as employer:
- is responsible for ensuring that everybody employed by the practice understands the need for. and maintains, confidentiality;
- has overall responsibility for ensuring that systems and mechanisms to protect confidentiality.are in place;
- has vicarious liability for the actions of those working in the practice -including the health professionals and non-clinical staff.
Standards of confidentiality apply to all health professionals, administrative and ancillary staff – including receptionists, secretaries, practice managers, cleaners and maintenance staff who are bound by contracts of employment to maintain confidentiality -and also to students or others observing practice. They must not reveal to anybody outside the practice, personal information they learn in the course of their work, or due to their presence in the surgery, without the patient’s consent. Nor will they discuss with colleagues any aspect of a patient’s attendance at the surgery in a way that might allow identification of the patient, unless to do so is necessary for that patient’s care.
If disclosure is necessary
If a patient or another person is at grave risk of serious harm which disclosure to an appropriate person would prevent, the relevant health professional will counsel the patient about the benefits of disclosure. If the patient refuses to allow disclosure, the health professional can take advice from colleagues within the practice, or from a professional, regulatory or defence body, in order to decide whether a disclosure without consent is justified to protect the patient or another person. If a decision is taken to disclose, the patient should always be informed before the disclosure is made, unless to do so could be dangerous. If at all possible, any such decisions should be shared with another member of the practice team.
Any decision to disclose information to protect health, safety or well being will be based on the degree of current or potential harm, not on the age of the patient.
All staff have to sign a document which legally binds them to abide by the above agreement.
General Data Protection Regulation (GDPR)
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will work alongside the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with) but strengthens many of the DPA’s principles.
To view our Data Protection Privacy Notice for Patients please click here
Freedom of Information
This scheme is produced in accordance with the requirements of the Freedom of Information Act 2009
This Publication Scheme is a complete guide to the information routinely made available to the public by Pembroke House Surgery, 266-268 Torquay Road, Paignton, TQ3 2EZ. It is a description of the information about our General Practitioners and Practice which we make publicly available. It will be reviewed at regular intervals and we will monitor its effectiveness.
Click below to download and view the Pembroke House Surgery Freedom of Information Act 2009 document.
National Data Opt Out
Patients personal confidential data is extracted and shared with NHS Digital in order to support vital health and care planning and research. Further information can be found here.
Patients may opt out of having their information shared for Planning or Research by applying a Type 1 Opt Out and/or a National Data Opt Out.
- Type 1 Opt Out means NHS Digital will not collect data from your GP practice. Your opt out must be registered before 1st September 2021. If a type 1 opt out is registered after this date, no extraction will occur from the date but NHS Digital will still hold data extracted before the opt out date. To do the Type 1 Opt Out, complete this form and return it to our reception team or via email to enquiries.pembrokehouse@nhs.net Click here to access the form
- National Data Opt Out means that NHS Digital will not share any confidential patient data it holds but will collect data from your GP medical record to use for its own service planning and research purposes
How can a patient enable their National Data Opt Out choice?
This can not be done via the Surgery. If a patient is aged 13 or over, they can set their own opt-out choice using:
- The online service https://www.nhs.uk/your-nhs-data-matters/
- The telephone service (0300 303 5678)
- The NHS App
- ‘Print and post’ completing a form by hand and sending it in (download the form here National Data Opt Out form or call 0300 303 5678).
Is it possible for somebody to set an opt-out-choice on behalf of a patient by proxy but they can only do this using the Print and post service when:
- The are the parent of legal guardian of the patient, who is a child aged 12 or under
- They have a formal legal relationship with the patient, for example they have legal power of attorney or are a court-appointment deputy.
See our Privacy Notice for more information on how we share data.
Your data matters
How the NHS and care services use your information
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is compliant with the national data opt-out policy.
