The practice keeps information about you, your health, treatment and care. Health records are held on paper and electronically. We have a legal duty to keep accurate health records. Personal information must be kept confidential and secure in line with Data Protection Legislation and Regulation.
This is information that can identify you and includes:
We may also ask for other information, such as whether you have a disability, your religion or beliefs, sexuality and race. This helps us plan to meet any particular care needs.
The practice must manage your personal information in line with the:
UK Data Protection Act 18 EU General Data Protection Regulation (GDPR)
We must be clear about the legal basis for processing your information and we record this. Our staff members are trained to handle your information correctly and protect your privacy. We aim to maintain high standards and we regularly check and report on how we are doing. Where we, as a practice, find that we fall below the acceptable standards we investigate and report serious incidents to the Information Commissioner’s Office (ICO).
For Beacon staff to be involved in your treatment we need to have accurate and up to date information to assess your health and provide you with care. As a GP practice, we have been authorised by the Government to provide healthcare and as such must keep accurate records for this care. Under GDPR our legal basis for holding this information is Article 6(1) (e) and 9(2) (h).
You may receive care from staff from other care organisations – such as Devon Doctors, Livewell South West and University Hospital Plymouth NHS Trust – and it will be necessary for us to share relevant information with them to insure that your care is optimised. This will include other health care, social care and educational organisations. Your identifiable information will only be shared for direct care purposes.
Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital. This means we can offer patients additional care or support as early as possible. This process will involve linking information from your GP record with information from other health or social care services you have used. Information which identifies you will only be seen by this practice.
Your health information is never collected for direct marketing and is not sold on to third parties. We do not use your information to make automated decisions with no human intervention.
This personal information forms part of your health record (a lifelong record) and needs to be kept to enable general practice to provide a high standard of care to you. Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care 2016 – NHS Digital.
We ensure the security of your information held on our computer systems and areas where paper records are held are robust to prevent unauthorised access.
You have a number of rights under the Data Protection Legislation:
Sometimes we need to pass on your information by law, for example:
We may use your information to help look after the health of the public and to make sure that our services can meet future patient needs. Your information may also be used to help us to:
NHS Digital is developing a new system to support the national data opt-out which will give patients more control over how identifiable health and care information is used. The system will offer patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes.
You can also tell your GP practice if you do not want your confidential patient information held in your GP medical record to be used for purposes other than your individual care. This is commonly called a type 1 opt-out. This opt-out request can only be recorded by your GP practice.
AccuRx are governed by a Data Processing Agreement and will only act under the instructions of the Data Controller (the Practice). AccuRx have completed the Data Security an Protection Toolkit assurances (under NHS ODS Code 8JT17 and both the Cyber Essentials and Cyber Essentials Plus certification.
The Practice may collect, hold and share information about you in relation to the COVID-19 pandemic in order to plan and manage services, check that care is being provided and prevent COVID-19 from spreading.
Information about your COVID-19 status may be shared within the NHS and with other partners involved in your care and treatment, along with:
We do not need your consent or agreement to do this.
More information can be found at: https://digital.nhs.uk/news-and-events/latest-news/data-and-services-supporting-coronavirus and https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report
As well as using your information to support the delivery of care to you, your data may be used to help improve the way health and social care is delivered to patients and service users throughout all patinets of Beacon Medical Group using Population Health Management methods. We will only use a pseudonomised extract (ie not identifiable information) which will be sent securely to Livewell and UHP and in partnership with Optum. Please note that at no time will patient identifiable data be used in the delivery of this programme. Patients who have a “type 1” opt- out, will be excluded from this programme and will not have their data extracted for this purpose. Further information about Population Health Management can be found here https://www.england.nhs.uk/integratedcare/building-blocks/phm/ . We will rely on Public interest task as the legal basis for processing your data for this purpose.
To support the response to the coronavirus outbreak, NHS Digital has been legally directed to collect and analyse healthcare information about patients, including from their GP record, for the duration of the coronavirus emergency period. See GPES data for pandemic planning and research (COVID-19) for more information.
The implementation of eConsult within the NHS App and associated documents will be formally reviewed within 6 months by NHSE in order to ensure that they remain fit for purpose in the longer term.
If you have any questions or concerns about how we manage your Information then please contact our Data Protection Officer.
Data Protection Officer Beacon Medical Group,
Plympton Health Centre,
Bex Lovewell, Data Protection Officer
Data Protection Officer
Delt Shared Services Ltd.
BUILDING 2 - DELT
Derriford Business Park
The UK regulator for Data Protection Legislation can be contacted as follows:
Information Commissioner’s Office (ICO
Information Commissioner’s Office
Please note the use of a VPN is not supported on our website.