The new Data Protection rules, General Data Protection Regulations, come into effect from 25th May 2018.

This means that the practice is now ensuring we are compliant with the new legislation.

There are some things that are not clear yet, some things we are working on, and some things we have completed.

The GDPR is something all GPs are working towards and you may see a few changes to the information you are given.  On the whole, the GDPR ensures that Information Governance and Information Security are at the forefront of any decisions that we make; ensuring your data and information is secure at all times.  We want to reassure patients that we have always taken Data Protection extremely seriously and will continue to safeguard your information as patients.

What are we working towards?

We are working on our Data Security & Protection Toolkit – a new assessment tool all GP Practices should now be working on (more information here)

https://www.dsptoolkit.nhs.uk/

We are working on updating our Data Protection and Security policies.  As not all of the information from the GDPR is clear we expect this will be completed towards the end of May 18.  We will publish these on our website once they are fully updated.

We are working on completing our Information Flows document – a list of information we use and share that will be published for patients on our website when it is fully completed. If you would like to request a draft copy please contact main reception.

Training

Staff will be trained in the new GDPR guidelines in May and June.

DPO

NAME: Denise Brookes

ROLE: Practice Manager

EMAIL sheccg.richmondmc@nhs.net

Further Information

If you would like to know more about the GDPR you might find these websites useful:

Information Governance Alliance

ICO

General Data Protection Regulation Policy

Data Sharing

DATA OPT-OUTS – PATIENT INFORMATION LEAFLET

Type One

The Type 1 / (Read 3 Code XaZ8A) secondary uses opt-out is a code which can, at your request, be applied to your electronic medical records by your GP Practice. When a Type 1 opt-out code exists:

● No record-level information will be uploaded from your GP record to NHS Digital

● NHS Digital will only continue to hold information extracted from your hospital records, as well as aggregate information (i.e. numbers) from your GP practice Opt-out rights are under discussion, and it may be that in future the Department of Health will withdraw the right of citizens to prevent the extraction and uploading of their personal confidential information to NHS Digital and you may no longer be able to request a Type 1 opt-out from your GP surgery.

A Type 1 opt-out, for as long as it is available, may prevent the extraction of your GP medical information to the Single National GP Dataset, the replacement to the now decommissioned care.data project.

Type Two NHS Digital is introducing a new tool that people can use to opt out of their confidential patient information being used for reasons other than their individual care and treatment. It will be secure and accessible, and will be available from 25 May 2018.

Visit https://digital.nhs.uk/services/national-data-opt-out-programme

The new system will offer patients and the public the opportunity to make an informed choice about whether they wish their confidential patient information to be used just for their individual care and treatment or also used for research and planning purposes. Patients who decide they do not want their confidential patient information used for planning and research purposes will be able to set their national data opt-out choice online.

NHS Digital will provide a non-digital alternative for patients who cannot or do not want to use an online system. Individuals can change their mind anytime.

Existing Type 2 opt-outs (the option for a patient to register with their GP, to prevent their confidential patient information leaving NHS Digital) will be converted to the new national data opt-out.

Patients with type 2 opt-outs will be informed of this change individually. Patients and the public will be able to use the system from 25 May 2018.

All health and care organisations will be required to uphold patient and public choices by March 2020. The national data opt-out will be introduced alongside the new data protection legislation. It is important that patients who have concerns about Data Sharing visit the NHS Digital National data opt-out programme website for the latest information: https://digital.nhs.uk/services/national-data-opt-out-program