This is new EU legislation to protect personal data for all EU citizens. It is a significant change in Data protection for every business in the UK including health care. It covers Data processing – any action taken with personal data (including storage) and Personal Data – information that about an individual that can identify them.
The GDPR sets out the key principles about processing personal data for patients:
Data must be processed lawfully, fairly & transparently
It must be collated for specific, explicit & legitimate purposes
It must be limited to what is necessary for the purposes for which it is provided
Information must be accurate and kept up to date
Data must be kept securely
It can only be retained for as long as necessary for the reasons it was collected
There are also more robust rights for patients regarding the information we hold about them, including:
Being informed about how data is used
Having access to their own data
The right to have incorrect data changed
The right to restrict how their data is used
Moving patient data from one health organisation to another
The right to object to their patient information being processed
What is patient data? Patient data is information that relates to a single person such as name, age, medical history & diagnosis.
What is Consent? Consent is permission from a patient. The changes in GDPR mean we must get explicit permission from patients when using their data. This is to protect your right to privacy and we may ask you to provide consent to do certain things such as recording information for your clinical records or to contact you.
As a practice we have policies and procedures in place ensuring all patient data is held securely and all information is strictly confidential.
Please see attached our Privacy Notice which explains why we collect information about our patients and how that information may be used.
Dapdune House Surgery is registered with the Information Commissioners Office (ICO) as a data controller and our registration can be viewed online in the public register at; http://ico.org.uk/what_we_cover/register_of_data_controllers