We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
How we use your information to provide you with healthcare.
- This practice keeps medical records confidential and complies with the UK General Data Protection Regulation and the Data Protection Act 2018 and the Common Law Duty of Confidentiality.
- We hold your medical record so that we can provide you with safe care and treatment.
- We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
- We will share relevant information from your medical record with other health or social care staff organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital, or your GP will send details about your prescription to your chosen pharmacy.
- We use a medical record system called SystmOne. Other health and social care organisations, for example GP Out of Hours services and community services, who also use this system may have the ability to view your GP medical record when they are providing care to you. You may be asked if you are happy for your record to be viewed, or in some circumstances you may be sent a verification code to allow services caring for you to view your record. You can choose not to allow other organisations to be able to view your GP medical record.
- Healthcare staff working in A&E and out of hours care may also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This information may be obtained from your Summary Care Record or from SystmOne. For more information see the NHS Digital website
- You have the right to request to have any mistakes in your medical record corrected.
Other important information about how your information is used to provide you with healthcare.
Registering for NHS care.
- All patients who receive NHS care are registered on a national database.
- This database holds your name, address, date of birth and NHS Number but it does not hold medical information about the care you receive.
- The database is held by NHS Digital, a national organisation which has legal responsibilities to hold the NHS register.
- More information can be found on the NHS Digital website or the phone number for general enquiries at NHS Digital is 0300 303 5678
Identifying Patients who Might be at Risk of Certain Diseases.
- Your medical records may be searched by approved computer programmes so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
- This means we can offer patients additional care or support as early as possible.
- This process may involve linking information from your GP record with information from other health or social care services you have used.
Safeguarding.
- Sometimes we need to share information so that other people, including healthcare staff, children, or others with safeguarding needs, are protected from risk of harm.
- These circumstances are rare.
- We do not need your consent or agreement to share information in these circumstances, as we are required to do this.
- Please see local policies for more information
Purpose of the processing.
To provide direct health or social care to individual patients. For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
To check and review the quality of care. This is called audit and clinical governance.
Lawful basis for processing.
These purposes are supported under the following sections of the General Data Protection Regulation:
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
Recipient or categories of recipients of the processed data.
- The data will be shared with:
- healthcare professionals and staff in this surgery;
- local hospitals;
- out of hours services;
- diagnostic and treatment centres;
- screening services;
- or other organisations involved in the provision of direct care to individual patients.
Organisations who help us manage our data for specific purposes, and under formal agreement, include:
- NHSE
- iGPR
- Ardens Manager
- NHS Digital
- Box-it
- ICE
- NHSE Open Exeter
- Anima
- iMail
- PCSE/Capita
- EK Interactive Innovations
- TPP
- Niche Health
- Four Counties Primary Care Network
- Interactive Innovations (self help kiosk)
- Arden and GEM CSU
- ICO
- INR Star
- NHS e-mail
- Accurx
- Lincolnshire ICB
Right to object.
- You have the right to request to object to information being shared between organisations who are providing you with direct care.
- This may affect the care you receive.
- You are not able to object to your name, address and other demographic information being sent to, and held by, NHS Digital.
- This is necessary if you wish to be registered to receive NHS care.
- You are not able to object when information is legitimately shared for safeguarding reasons.
- In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
- The information will be shared with the local safeguarding service(s).
Data we get from other organisations.
We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is updated when you receive care from other organisations.
How your information is used for medical research and to measure the quality of care.
Medical research using population-based information.
We share information from medical records:
- To support medical research when the law allows us to do so, for example to learn more about why people get ill and what treatments might work best.
- We will also use your medical records to carry out research within the practice.
This is important because:
- The use of information from GP medical records is very useful in developing new treatments and medicines.
- Medical researchers use information from medical records to help answer important questions about illnesses and disease so that improvements can be made to the care and treatment patients receive.
We share information with the following medical research organisations with your explicit consent or when the law allows:
- Academic and non-Commercial Research Studies which are adopted by the National Institute of Health Research (NIHR) – we send out letters to our patients who may be suitable for studies and may wish to take part.
- Commercial Research Organisations on whose behalf we approach potentially suitable patients about Research trials which may be of relevance to them.
We share information with the following medical research organisations with your explicit consent or when the law allows:
- Clinical Research Network East Midlands
- Medinova
- National Diabetes Prevention Programme
You have the right to object to your identifiable information being used or shared for medical research purposes.
Please speak to your practice if your wish to object.
Medical research trials that individual patients may agree to take part in.
- If the practice takes part in a medical research trial, individual patients may be invited to be part of the trial. To take part, patients will be asked to consent to their data being used and shared for the particular research trial.
Checking the quality of care – national clinical audits.
- This practice contributes to national clinical audits so that healthcare can be checked and reviewed.
- Information from medical records can help doctors and other healthcare workers measure and check the quality of care which is provided to you.
- The results of the checks or audits can show where hospitals are doing well and where they need to improve.
- The results of the checks or audits are used to recommend improvements to patient care.
- Data is sent to NHS Digital which is a national body with legal responsibilities to collect data.
- The data will include information about you, such as your NHS Number and date of birth and information about your health which is recorded in coded form - for example the code for diabetes or high blood pressure.
- We will only share your information for national clinical audits or checking purposes when the law allows.
- For more information about national clinical audits see the Healthcare Quality Improvements Partnership website or phone 020 7997 7370.
- You have the right to object to your identifiable information being shared for national clinical audits. Please contact the practice if you wish to object.
We are required by law to provide you with the following information about how we handle your information for research.
Purpose of the processing.
- Medical research, and to check the quality of care which is given to patients (this is called national clinical audit).
Lawful basis for processing.
The following sections of the General Data Protection Regulation mean that we can use medical records for research and to check the quality of care (national clinical audits)
- Article 6(1)(e) – ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.
For medical research: there are two possible Article 9 conditions.
- Article 9(2)(a) – ‘the data subject has given explicit consent…’ (where an individual has agreed to take part in a specific research trial)
OR
- Article 9(2)(j) – ‘processing is necessary for… scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member States law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject’. (where data is used for medical research using population based information)
To check the quality of care (clinical audit):
- Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’
Recipient or categories of recipients of the processed data.
For medical research the data will be shared with NHS Digital and:
- Clinical Practice Research Datalink
- NHS Digital Data Collections
- National Bowel Cancer Screening Programme
- For national clinical audits which check the quality of care the data will be shared with NHS Digital.
How you information is shared so this practice can meet legal requirements.
The law requires the practice to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:
- plan and manage services.
- check that the care being provided is safe.
- prevent infectious diseases from spreading.
We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information.
We must also share your information if a court of law orders us to do so.
NHS Digital.
- NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.
- It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
- This practice must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
- More information about NHS Digital and how it uses information can be found on the NHS Digital website
- NHS Digital sometimes shares names and addresses of patients suspected of committing immigration offences with the Home Office. More information on this can be found on the government's website
Care Quality Commission (CQC).
- The CQC regulates health and social care services to ensure that safe care is provided.
- The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk.
- For more information about the CQC see their website
Public Health.
- The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population.
- We will report the relevant information to local health protection team or Public Health England.
- For more information about Public Health England and disease reporting see the government's website
We are required by law to provide you with the following information about how we handle your information and out legal obligations to share data.
Purpose of the processing.
- Compliance with legal obligations or court order.
Lawful basis for processing.
The following sections of the General Data Protection Regulation mean that we can share information when the law tells us to:
- Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’
- Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’
Recipient or categories of recipients of the processed data.
- The data will be shared with NHS Digital.
- The data will be shared with the Care Quality Commission.
- The data will be shared with our local health protection team or Public Health England.
- The data will be shared with the court if ordered.
Rights to object and the national data opt-out.
There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.
NHS Digital.
You can choose whether your data is used for research and planning. There are different types of data-sharing you can opt out of.
Stop your GP surgery from sharing your data. This is called a Type 1 Opt-out.
- To do this you need to fill in an opt-out form and return it to your GP surgery.
- Only your GP surgery can process your opt-out form. They will be able to tell you if, and when, you have been opted out.
If you choose a Type 1 Opt-out, your GP will not share your data for research and planning. However, NHS Digital will still be able to collect and share data from other healthcare providers, such as hospitals.
You can find out more about Type 1 Opt-out from NHS Digital’s transparency notice
There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.
Stop NHS Digital and other health and care organisations from sharing your data for research and planning. This is called the National Data Opt-out.
- To opt out online or find out more, visit the NHS website
- If you choose this opt-out, NHS digital and other health and care organisations will not be able to share any of your personal data with other organisations for research and planning, except in certain situations. For example, when required by law.
- If you want to check if you have opted out, you can enter your details again at https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/ or check your settings in the NHS App.
You can opt out, or opt back in again, at any time.
If you choose to opt out of sharing your data, your personal health information will still be used to make sure you get the treatment and care your need. For example, your data may be shared so that you can be referred to hospital or get a prescription.
NHS Digital sharing with the Home Office.
There is no right of objection to NHS Digital sharing names and addresses of patients who are suspected of having committed an immigration offence.
Public health.
Legally information must be shared under public health legislation. This means that you are unable to object.
Care Quality Commission.
Legally information must be shared when the Care Quality Commission needs it for their regulatory functions. This means that you are unable to object.
Court order.
Your information must be shared if it ordered by a court. This means that you are unable to object.
National Screening Programmes.
- The NHS provides national screening programmes so that certain diseases can be detected at an early stage.
- These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service.
- The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme.
- More information can be found on the government's website
We are required by law to provide you with the following information about how we handle your information in relation to our legal obligations to share data.
Purpose of the processing.
- The NHS provides several national health screening programmes to detect diseases or conditions early such as cervical and breast cancer, aortic aneurysm and diabetes.
- The information is shared so that the correct people are invited for screening. This means those who are most at risk can be offered treatment.
Lawful basis for processing.
The following sections of the General Data Protection Regulation allow us to contact patients for screening:
- Article 6(1)(e) – ‘processing is necessary…in the exercise of official authority vested in the controller...’
- Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’
Recipient or categories of recipients of the processed data.
- The data will be shared with NHS Digital, hospital laboratory services, local breast screening units, and Health Intelligence who provide diabetic eye screening.
Recipient or categories of recipients of the processed data.
- The data will be shared with NHS Digital, hospital laboratory services, local breast screening units, and Health Intelligence who provide diabetic eye screening.
- The Practice shares your diabetes related data with the Lincolnshire Diabetic Eye Screening Programme
Rights to object.
For national screening programmes you can opt so that you no longer receive an invitation to a screening programme. See the government's website
Data we get from other organisations.
- We receive information about your screening test results from other organisations who are involved in providing these services.
- This means your GP medical record is updated with screening results.
We are required by law to provide you with the following information about how we handle your information in relation to our legal obligations to share data.
We are a member of Four Counties Primary Care Network (PCN). This means we will be working closely with other Practices and health and care organisations to provide healthcare services to you. These practices/ organisations include:
- Lakeside Healthcare Stamford
- Lakeside Healthcare Hereward
During the course of our work, we may share your information with these Practices and health care organisations/professionals. We will only share this information where it relates to your direct healthcare needs.
When we do this, we will always ensure that appropriate agreements are in place to protect your information and keep it safe and secure. This is also what the Law requires us to do.
If you would like to see the information the PCN holds about you please contact Dr T Ashley-Norman, Clinical Director. You can contact him via email
Data we hold about you.
We hold data about you in electronic and paper records. We use a combination of working practices and technology to ensure that your information is kept confidential and secure.
The type of data that we hold about you may include the following:
- Details about you, such as your address and next of kin;
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health;
- Details about your treatment and care;
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you.
Your medical record is held in a computer system called SystmOne. This system is provided to us under a National contract. Your data is held and managed in secure data centres by TPP. For more information visit their website
Calls, SMS and Email.
- We will hold your mobile phone number and email address where you have provided these to us.
- We may use these to send you text messages or emails about your care, for example, messages about appointments, test results, or inviting you to attend for a clinic.
- Incoming and outgoing telephone calls to the practice are recorded for training and monitoring purposes.
- You have the right to provide your mobile number for calls only. If you do not wish to receive text messages from us, please speak to the practice so we can add this to your record to prevent text messages being sent to you.
- You have the right to have your email address or mobile phone number removed from your GP record.
- We will only use the email address or mobile phone number for direct medical care purposes, unless you have provided us with your explicit consent to text or email you for other purposes as well, for example, for us to send you surgery newsletters, details from patient participation group meetings, or details about new services.
- If you provide your consent for us to send you information other than for your direct care, you can remove this consent at any time.
Right to access and correct.
- You have the right to access the data we hold about you, and request to have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website
- We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention period.
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found on the NHS England website
Right to complain.
If you have concerns about the way we manage your data please contact: Teri White, Hub Manager, Lakeside Healthcare Stamford, Ryhall Road, Stamford, Lincolnshire, PE9 1YA using our secure online form
You have the right to seek independent advice about data protection, as well as the right to complain, by contacting the Information Commissioner’s Office. Visit the ICO website or call the helpline 0303 123 1113.
Data Controller contact details.
Teri White, Hub Manager, Lakeside Healthcare Stamford, Ryhall Road, Stamford, Lincolnshire, PE9 1YA. Teri can be contacted via our secure online form
Data Protection Registration Number.
Z6727413
Data Protection Officer.
Judith Jordan, Data Protection Officer, Arden and GEM Commissioning Support Unit. Judith can be contacted via email
Date last reviewed or updated.
- 16 Jan 2018
- 15 Nov 2019
- June 2023
- September 2024