As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
Please see the document below for our CCTV policy.
Data Protection Policy
- The practice is committed to security of patient and staff records.
- The practice will display a poster in the waiting room explaining to patients the practice policy
- The practice will take steps to ensure that individual patient information is not deliberately or accidentally released or (by default) made available or accessible to a third party without the patient’s consent, unless otherwise legally compliant. This will include training on Confidentiality issues, DPA principles, working security procedures, and the application of Best practice in the workplace.
- The practice will undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.
- The practice will maintain a system of “Significant Event Reporting” through a no-blame culture to capture and address incidents which threaten compliance.
- DPA issues will form part of the practice general procedures for the management of Risk.
- Specific instructions will be documented within confidentiality and security instructions and will be promoted to all staff.
Freedom of Information
Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
The Data Protection Act 1998 (DPA) requires a clear direction on Policy for security of information within the practice. The policy will provide direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information. The following is a Statement of Policy which will apply.
Freedom of information policy:
- The practice will comply with the FoI Act and sees it as an opportunity to enhance public trust and confidence in the practice
- The practice will maintain a comprehensive ‘Publication Scheme’ that provides information which is readily accessible without the need for a formal FoI Act request.
- The practice will seek to satisfy all FoI Act requests promptly and within 20 working days. However, if necessary we will extend this timescale to give full consideration to a Public Interest test. If we do not expect to meet the deadline, we will inform the requester as soon as possible of the reasons for the delay and when we expect to have made a decision
- The practice will continue to protect the personal data entrusted to us, by disclosing it only in accordance with the Data Protection Act 1998
- The practice will provide advice and assistance to requesters to facilitate their use of FoI Act. We will publish our procedures and assist requesters to clarify their requests so that they can obtain the information that they require.
- The practice will work with Lincolnshire Primary Care Trust and other bodies with whom we work to ensure that we can meet our FoI Act obligations, including the disclosure of any information that they hold on our behalf.
- The practice will apply the exemptions provided in the FoI Act and, where qualified exemptions exist, the practice will disclose the information unless the balance of public interest lies in withholding it.
- The practice will consult with third parties before disclosing information that could affect their rights and interests. However, according to the FoI Act, the practice must take the final decision on disclosure
- The practice will charge for information requests in line with the FoI Act Fees Regulations or other applicable regulations, including the Data Protection Act 1998
- The practice will record all FoI Act requests and our responses and will monitor our performance in handling requests and complaints
- The practice will ensure that all staff are aware of their obligations under FoI Act and will include FoI Act education in the induction of all new staff
A cookie is a small file, typically of letters and numbers, downloaded on to a device (like your computer or smart phone) when you access certain websites.
Cookies allow a website to recognise a user’s device.
Some cookies help websites to remember choices you make (e.g. which language you prefer if you use the Google Translate feature). Analytical cookies are to help us measure the number of visitors to a website. The two types we use are ‘Session’ and ‘Persistent’ cookies. Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time.
We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.
What can I do to manage cookies on my devices?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
If you are concerned about cookies and would like to ask further questions please do not hesitate to write to our website developers – [email protected]surgery.net