Kenton Clinic 020 8204 2255
Lines open 8.00am to 6.30pm

Privacy

Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.

Our data protection officer is Dr Peter J David.

Fair Processing

How we use your information

This privacy notice explains why the GP Practice collects information about you, and how that information may be used.

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.

NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which this GP Practice may hold about you may include the following information;

  • Details about you, such as address and next of kin
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations, such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided.

Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.

Sometimes your information may be requested to be used for research purposes – the surgery will always endeavour to gain your consent before releasing the information.

Risk Stratification

Risk stratification tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information using software managed by the North West London Commissioning Support Unit as the data processor and is only provided back to your GP or member of your care team as data controller in an identifiable form. Risk stratification enables your GP to focus on the preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services.

Please note that you have the right to opt out.

Should you have any concerns about how your information is managed at the surgery please contact the Practice Manager to discuss how the disclosure of your personal information can be limited.

Invoice Validation

If you have received treatment within the NHS, North West London Commissioning Support Unit may require access to your personal information in order to determine which Clinical Commissioning Group should pay for the treatment or procedure you have received.

Information such as your name, address and date of treatment may be passed on to enable the billing process. These details are held in a secure environment and kept confidential. This information will only be used to validate invoices, and will not be shared for any further commissioning purposes.

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation has a legal duty to keep it confidential.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;

  • NHS Trusts
  • Specialist Trusts
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private Sector Providers
  • Voluntary Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Social Care Services
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police
  • Other ‘data processors’
  • Access to personal information

You have a right under the Data Protection Act 1998 to access/view what information the surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.
  • If you would like to make a ‘subject access request’. please contact the practice manager in writing.

If you would like further information about how we use your information, or if you do not want us to use your information in this way, please contact the Kenton Clinic.

Website privacy policy

This GP Practice, as the data controller may collect personal information from visitors to this site. This information is used only to respond to enquiries, monitor site usage and to enhance the use of certain technologies – such as activity based information. The GP Practice will at all times comply with the requirements of the Data Protection Act 1998.

Use of Personal Information Provided by the User

Where personal information (e.g. name, address, telephone number etc) is provided to the GP Practice via its website for whatever purpose (e.g. registration, survey, feedback), it is made clear to the individual what the information collected will be used for and who it will be provided to. The GP Practice will only use the information collected for the stated purpose.

At this current time, any personal information provided, is only used by the GP Practice. It will not sell, trade, provide or rent personal information to third parties. Specific personal information will be released where the NHS is required to do so by law, e.g. court order. Transfer of data will be done so on the express permission of the supplying individual.

When you submit personal information, you consent to our use of the information as set out in this privacy policy.

Scope of this Privacy Policy

This privacy policy only covers sites belonging to and operated by the GP Practice. Links within this site to other websites are not covered by this policy.

Changes to this Privacy Policy

The GP Practice may amend this policy from time to time. If substantial changes are made to the way in which the Practice obtains and uses your personal information the website will show prominently any announcement to this effect.

Date published: 18th October, 2014
Date last updated: 23rd March, 2023