General Data Protection Regulation (GDPR)
Queensway Medical Centre has a legal duty to explain how we use any personal information we collect about you, as registered patients at the practice.
The practice staff maintain records about your health and the treatment you receive in electronic and paper format.
We have a Children's version of this policy available at reception or you can view the policy online here.
What information do we collect about you?
We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, x-rays etc. and any other relevant information to enable us to deliver effective medical care.
It is important that you tell us if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so your records are accurate and up to date for you.
How we will use your information
Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases where the law allows.
In order to comply with its legal obligations, the Practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Additionally, the Practice contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure. Processing your information in this way and obtaining your consent ensure that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the General Data Protection Regulations (GDPR).
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:
- NHS Trusts/Foundation Trusts
- Other GP Practices and GP Organisations Independent Contractors e.g.
- Dentists
- Opticians
- Pharmacists.
- NHS Commissioning Support Units
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Social Care Services
- NHS Digital
- Local Authorities
- Education Services
- Fire and Rescue Services
- Police and Judicial Services
- Other ‘data processors’ of which you will be informed of
You will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen when this is required.
We may also use external companies to process personal information, such as for archiving purposes.
These companies are bound by contractual agreements to ensure information is kept confidential and secure.
Maintaining Confidentiality and accessing your records
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have the right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information.
Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.
Who can directly access your surgery-held electronic GP medical record, if needed and if appropriate?
- Our Management team
- All our GPs and trainee Doctors
- All our Clinical Practitioners, Practice Nurses and Health Care Assistants
- All our Community Nurses
- Our Physiotherapist
- Our Practice Pharmacist and CCG Pharmacist
- All our Admin, Receptionist, Secretarial and Medicines Management Teams
If you choose to make an appointment at one of the Extended Hours clinics (after 6:30pm on weekdays or weekends, in Fleetwood or Blackpool), the GP or nurse that you see will have full access to your GP record, for the purpose of the appointment.
Who cannot access your surgery-held electronic GP medical record without your explicit consent?
Anyone else, in particular:
- The Department of Health
- NHS England
- NHS Digital
- Medical Researches
- Pharmaceutical companies
- Journalists
You have the right to object to ways in which your data is used (or processed)
We will always try to respect your wishes if you do not wish for your data to be used in a particular way, unless to do so would mean that we could not provide you with safe and effective medical care.
You have the right to object to (i.e. opt-out of) the uploading of your medical record to any or all of the NHS Databases (such as The Summary Care Record).
You have the right to object (i.e. opt-out of) to primary uses of your medical record; that is the sharing of your data with health professionals outside of the surgery for the provision of direct medical care, if you so wish.
You have the right (i.e. opt-out of) secondary uses of your medical record; that is the sharing of your data for purposes unrelated to your direct medical care (e.g. health care planning, audit, research, commercial or political uses), if you so wish.
Opting out of secondary uses will prevent all such extractions of data and their processing for secondary purposes, including national audits, risk stratification schemes, extractions and uses of your personal confidential data.
You can opt-out of any or all of these data-sharing schemes.
Opting back into data sharing
You can opt back into any or all of these schemes, at any time, if you have previously opted out. To do so, please see our website for the opt in form, or call into the practice to collect a form from the reception desk.
Secondary uses of your medical records
You have the right to control how medical information about you is processed, used, shared or disseminated, for purposes other than your direct medical care – ‘secondary uses’.
Secondary uses include projected involved in risk stratification, ‘population health management’, national clinical audits, research, healthcare planning, commissioning of healthcare services by CCGs, commercial and even political uses.
You can control your personal confidential information by expressing an objections, or opt-out, to the surgery. We will then add read-codes to your GP record.
One such opt-out is known as a Type 1 opt-out. A Type 1 opt-out will prohibit extraction and uploading for all of the following secondary uses:
- Risk stratification schemes
- National clinical audits (such as the National Diabetes Audit)
- The Clinical Practice Research Datalink (CPRD)
- Extraction of de-identified information about your concerning any eMed3 Statement of Fitness to Work reports (i.e. sick notes), uploaded to NHS Digital, and subsequently passed by NHS Digital to the Department of Work and Pensions
- All extractions and uploading of identifiable information about you to NHS Digital, for any secondary purposes (so-called GPES extractions).
Secondary use objections (either Type 1 or Type 2) will in no way affect how healthcare professionals provide you with direct medical care, or prevent them accessing your medical record if and when appropriate, and with your explicit consent. Secondary uses are not about information sharing between healthcare professionals.
The Type 2 opt-out acts to control information about you as held by NHS Digital (formally the ‘HSCIC’). NHS Digital holds information about you obtained from a variety of sources, such as hospital trust, mental health services, maternity records, community records, collectively known as Hospital Episode Statistics (HES). It also holds some information from your GP record.
A Type 2 opt-out when present in your GP record should prevent identifiable information about you being disseminated or shared by NHS Digital, for purposes other than your direct care. It will not prevent NHS Digital disseminating, sharing or selling information about you that is either effectively anonymised (i.e. cannot identify you,) or aggregated (i.e. just numbers).
More information about Type 2 opt-outs can be found on the government website.
With Type 1 or Type 2 opt-out in force, you will still be invited to cervical screening, breast screening, bowel screening, diabetic retinopathy screening, abdominal aortic aneurysm screening, and any other current or future national screening programmes, if you are eligible, nor will you be prevented from taking part in medical research if you so wish.
If you wish to opt-out of secondary uses of information from your GP record, simply fill out the form at the back of this booklet and return it to the practice.
Risk Stratification
Risk stratification is a mechanism used to identify and subsequently manage those patient deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions e.g. cancer.
Your information is collected by a number of sources; this information is processed electronically and given a risk score which is relayed to you GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.
Invoice Validation
Your information may be shared if you require treatment that the Clinical Commissioning Group (CCG) is responsible for paying for. This information may include your name, address and treatment data. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
Retention Periods
In accordance with the NHS Codes of Practice for Records Management, your healthcare records will be retained for 10 years after death, or if a patient emigrates, for 10 years after the date of emigration.
Your right to see your health records
A health record is any record of information relating to someone’s physical or mental health that has been made by (or on behalf of) a health professional. This could be anything from the notes made by a GP in your local surgery to results of an MRI scan or x-rays.
Health records are extremely personal and sensitive. They can be held electronically or as paper files, and are kept by a range of different health professionals both in the NHS and the private sector.
How can I access my records?
To do so, you will need to make your request in writing to the Practice, or by completing a Subject Access Request form which can be found either at the back of this booklet, on our practice website or requested at the reception desk.
When making your request, please include the following details:
- Your name, address and postcode
- Your telephone number
- Any relevant case reference numbers
- The type of information or documents you want to look at, including any relevant dates
- Any preferences you have for the way you would like us to send the information to you (for example, hard copy, large print or by email)
You do not have to give a reason for applying for access to your health records. However, to save the NHS time and resources, it would be helpful if you would inform us – if you do not need access to your entire health record – of the periods and parts of your health records that you require, along with details which you may feel have relevance (e.g. consultant name, location, diagnosis).
First request for Subject Access Requests are free of charge, however if they are judged to be unfounded or excessive a charge can apply, so being clear in your reason for your request will help the practice to provide the correct information you require.
You should receive a reply to your request within one calender month. However, the practice has the right under GDPR to negotiate a longer timeframe but we will provide a reason why if this is the case.
A Subject Access Request can be declined by the practice, however, we would have to justify reasons as to why. As a patient you can appeal against any decision. One reason why a request may be declined is that the data has not changed since any previous request. Duplicate requests can be charged for and this is to cover administration costs. This would be a minimum of £10. Any photocopying charges for paper copies and administration time costs which must be provided by the practice for security purposes will be advised in advance.
You have the right simply to view your records (i.e. not receive a copy in a permanent form). For this, there is no charge. You should also be aware that in certain circumstances your right to see some details in your health records may be limited in your own interest or for other reasons (e.g. to protect the privacy of third parties).
You also have the right to have information explained to you, where necessary (e.g. medical abbreviations). We can provide you with a printout of the information requested or export the information (e.g. as a .doc or .pdf file).
Secure online access to GP medical records
Patient Access is the name of the software module offered by GP surgeries (such as Queensway Medical Centre) running the EMIS GP records system.
Patient Access enables patients to the following online (or via a smartphone app):
- Book appointments
- Order repeat prescriptions
- Update your contact details (address, phone numbers etc.)
- Access your full electronic GP record securely online
You can look at Patient Access to get an idea of what it is like.
To apply for Patient Access, ask at reception for a registration form, or download one from our website. Once registered, you can logon and use Patient Access on a computer, tablet or smartphone app.
You can have access to your full electronic GP record, including consultations, medication, allergies, vaccinations, GP and hospital letters, blood test results and x-ray/scan reports. You are also able to check the results of any blood tests or x-rays requested by your GP, download them, print them off at home, take then to hospital appointments etc.
You are then able to show your GP record, if you wish, to any healthcare professional that you might see, anywhere in the world.
- With Patient Access, no data is uploaded to any database, government controlled or not
- With Patient Access, the only person with access to your record via the secure website is you
- With Patient Access, Queensway Medical Centre will remain the data controller for your information
How might online access to your medical record be of benefit?
Access abroad
You may be in another country and taken ill. You may decide to allow a doctor temporary access to your records. All they need is access to the internet and your login details (or you log in for them). If necessary, when access to your record by that doctor is no longer required, you can let the practice know and we can immediately disable access until you are provided with new login credentials.
A&E/Outpatient/Out of Hours GP
If you are going to see a healthcare professional in hospital you can allow them to see your records online, if there is a computer in the room, or print out the relevant information and take it with you.
Relative having access
Only if you wish you could share all your records with relatives or just part by printing the part you wish to share.
Saving time
Blood results, x-rays or letters (e.g. from consultant/specialist outpatient appointments) can be checked. If results are normal it saves you time not having to travel to the surgery or ring up for the results.
Information for forms
If you need to know when you had your immunisations, what allergies you have or what date you received a diagnosis, you can look them up.
Better understanding
If you did not understand the conversation with the doctor or nurse, you can look at the record of that consultation. Patients have found that this makes the discussion easier to understand and remembers. You will also find that the information buttons explain technical terms for you. This can be extremely helpful.
Correcting information
You can see if there are incorrect entries in your GP record, or missing information, and speak to your GP about these. Medication information: You can easily check information about any medication prescribed by clicking on the button listed next to your medication in the list. This also includes information on how to take the medication.
Clarity
You can check what results mean or check a condition. There are like to support groups e.g. Diabetes UK.
Security
It is as safe as internet banking if you keep your passwords and security questions secure. Don’t leave your passwords where they can be found. Don’t use obvious ones such as names, birthdays or anniversaries etc.
Disadvantages
Forgotten history
There may be something in your history you don’t want any family members to see. It might be information you had put on the back of your mind and are now confronted with it.
Complex information
The record is designed to be used by doctors for doctors. There will be abbreviations and technical terms. However, most patients understand most of what they read and the information buttons linked with problem titles offer detailed explanations. Please ask if you do not understand.
Test results
Results can be difficult to understand. Results may be abnormal and cause you to worry.
Third-party information
You might want to tell the doctor something about your spouse/partner/child etc. in confidence. If the doctor records the information and the patient then sees this it may cause problems but if the doctor does not then vital information may get lost or forgotten.
The website My Record has very good information about all of this.
The Summary Care Record
Like all GP surgeries, Queensway Medical Centre is required to extract and upload information from GP records to the national Summary Care Record (SCR) database, one of a number of NHS databases. Your SCR will contain all medication prescribed for you in the preceding 6 months, any repeat medications issued over the preceding 18 months, and any allergies or adverse reactions to medicines.
The information will potentially be available to healthcare professionals across England, for the purpose of your direct clinical care (a ‘primary’ use of your information).
The information is extracted and uploaded to NHS Digital, who is therefore the data controller for the Summary Care Record database.
Who can access your SCR with explicit consent, OR in your best interest (if you cannot provide consent, e.g. you are unconscious)?
- Clinicians at NHS 111
- The local ambulance services
- GP out-of-hours centres
- Hospitals – A&E
- Urgent care centres
- Walk-in centres
- Our community staff – district nurses, midwives and health visitors)
If you do not wish to have, or continue to have, a Summary Care Record then you can opt-out at any time. If you do opt-out, your uploaded data will be ‘blanked’, no one will be able to access it, and no further information about you will be uploaded from your GP record.
If you do opt-out, or if you have already opted out, then you can opt back in at any time and have a Summary Care Record created. Further information about
Summary Care Records is available from:
If you wish to opt out of the Summary Care Record then simply fill in the opt-out form.
Learn more about the Summary Care Record
EMIS Web data streaming
Queensway Medical Centre allows Fylde Coast Medical Services (FCMS) GP out-of-hours access to GP records of patients attending their service. FCMS will only be able to see that information if the patient gives explicit consent at the time of attendance. This system is known as EMIS Web data streaming.
The information made available will include important diagnosis, medications, allergies, past operations and past medical history. The hospital already has access to investigations (such as x-rays) performed at the hospital, and blood test results.
How will information be made available?
The information is ‘streamed’ in real-time and on-demand, meaning that data from the GP record is neither extracted, nor uploaded, nor sent anywhere. The data remains within the surgery database and FCMS is only allowed to ‘view’ it.
Who exactly will be looking at the data?
Only clinical staff within FCMS that have a need to look at the GP record in order to provide direct medical care will have access. FCMS will be able to monitor which of their staff have accessed the GP records, and whose records have been accessed in this way.
No other organisation can look at the information, meaning that other GP practices, the CCG, NHS England, NHS Digital or the Department of Health cannot access your GP record in this way. It is therefore a locally accessible scheme.
Controlling what is viewable
GP practices can apply a ‘confidentiality policy’ to any aspect of a GP record, rendering it hidden (this information can only then be disclosed by the patient, if they so wish). Patients have the right to decide which parts of their record they are happy to share, and which items they do not wish for FCMS to have access to.
Opting out of data streaming
All patients have the right not to allow data to be viewable by FCMS in this way.
If you wish to opt out of EMIS Web data streaming then simply fill out the optout form in the back of this booklet and hand it into the surgery.
Opting out of data streaming does not automatically opt patients out of the Summary Care Record.
Data Processors
Queensway Medical Centre use data processors to perform certain administrative tasks for us, particularly where these involve large numbers of patients.
EMIS Health host our electronic GP patient records database at their secure servers in Leeds. As such, they are acting as the data processor in this.
For more information on EMIS Health please visit their website
Docman Ltd allow the practice to view and receive hospital letters. Docman links with our EMIS system to enable the practice to save all outside correspondence received from hospitals and other services to your medical record.
For more information on Docman please visit their website
iPlato send and receive SMS/data messages such as reminders, friends and family feedback, urgent practice information.
We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.