Narrowcliff SurgeryNarrowcliffNewquay, TR7 2QFTel: 01637 854433
One in three of us will get cancer and it’s the toughest thing most of us will ever face. If you’ve been diagnosed with cancer, or a loved one has, you’ll want a team of people in your corner supporting you every step of the way. Macmillan provide practical, medical and financial support and push for better cancer care.
Marie Curie Cancer Care is a UK charity dedicated to the care of people with terminal cancer and other illnesses. Over the financial year 2010/11, we reached a total of 31,799 patients
Youthhealthtalk enables young people, their family and friends, and professionals such as doctors and teachers to understand young people's experiences of health, illness and life in general. The website feature real-life accounts of issues such as effect on work and education, social life and relationships, consulting health professionals and treatment.
This Practice believes everyone has the right to confidentiality. Our patients can be sure that anything discussed with any member of our staff will stay confidential. We are able to see and treat patients under 16 years old without their parents’ consent.
If you wish to access your medical records, please contact the Practice Secretary who will explain the process.
The ICO has published a new Model Publication Scheme that all public authorities are required to adopt. Further information can be found on the Information Commissioners Website.
Information Commissioner's Website
We value your feedback and use comments, suggestions, compliments and complaints to try and improve our services. We hope you will never have cause for serious complaint, but if you do we have a complaints procedure aimed at sorting out problems quickly and informally. Please ask for a leaflet.
If you want to make a formal complaint, please contact Susan Beadle, our Practice Manager. You will be asked to put your complaint in writing and your letter will be acknowledged within 3 days. Your complaint will not be recorded in your medical notes. If you are making a complaint on behalf of another person, we may need to ask that person’s consent before investigating the complaint.
We hope that, if you have a problem, you will use our practice complaints procedure. We believe this will give us the best chance of putting right whatever has gone wrong and an opportunity to improve our practice.
If you feel you cannot raise your complaint with us or you are dissatisfied with the result of our investigation, you should contact:
Health Watch on 0800 0381 281 who can provide local information and a signposting service.
SEAP (Support Empower Advocate Promote) who provide independent advice and support with regard to NHS complaints. You can find them at 17 Dean St, Liskeard, PL14 4AB,
Tel 0300 343 5706.
For more complex issues for resolution please contact
NHS England on 0300 311 2233
The Health Service Ombudsman has published a booklet that describes the ‘six principles for remedy’ in relation to complaints handling and involves:
If you remain unhappy after everything has been done to try to resolve your concern or complaint you have the right to approach the Ombudsman. Tel: 0345 015 4033 Email: email@example.comWrite: Millbank Tower, Millbank, London SW1P 4QP.
Violent, threatening or abusive behaviour towards any of the staff whether physical or verbal will not be tolerated. We are within our rights to remove patients from our list without delay.
Would you recommend our service to friends and family?
The NHS friends and family test (FFT) is an important opportunity for you to provide feedback on the care and treatment you receive at the surgery.
It asks patients whether they would recommend GP services to their friends and family if they needed similar care or treatment. This means patients are able to give quick feedback on the quality of the care they receive, giving us a better understanding of the needs of our patients and enabling improvements.
How does it work?
Click on the ‘Friends & Family Test’ link on the practice web site, and then access the Friends and Family Survey option.
Do you have to respond to the question?
Your answer is voluntary. But if you do answer, your feedback will provide valuable information to celebrate good practice, and identify opportunities to make improvements. Your answer will not be traced back to you, and your details will not be passed on to anyone. A member of your family or a friend is welcome to answer the question if you are unable to.
How will the results be used?
We will gather the results and analyse them rapidly to see if any action is required. The responses to the FFT question will be used to create an overall score, which will be published on this website.
Does this replace the NHS complaints procedure or other forms of feedback?
No, this will not replace the current complaints procedure or other forms of feedback.
What is GDPR?
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with) but strengthens many of the DPA’s principles. The main changes are:
Practices must comply with subject access requests
Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
There are new, special protections for patient data
The Information Commissioner’s Office must be notified within 72 hours of a data breach
Higher fines for data breaches – up to 20 million euros
PRACTICE FAIR PROCESSING
& PRIVACY NOTICE
Your Information, Your Rights
Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the Data Protection Act 2018 and the EU General Data Protection Regulations (GDPR).
The following notice reminds you of your rights in respect of the above legislation and how your GP Practice will use your information for lawful purposes in order to deliver your care and the effective management of the local NHS system.
This notice reflects how we use information for:
As your registered GP practice, we are the data controller for any personal data that we hold about you.
What information do we collect and use?
All personal data must be processed fairly and lawfully, whether is it received directly from you or from a third party in relation to your care.
We will collect the following types of information from you or about you from a third party (provider organisation) engaged in the delivery of your care:
Your healthcare records contain information about your health and any treatment or care you have received previously (e.g. from an acute hospital, GP surgery, community care provider, mental health care provider, walk-in centre, social services). These records may be electronic, a paper record or a mixture of both. We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.
Why do we collect this information?
The NHS Act 2006 and the Health and Social Care Act 2012 invests statutory functions on GP Practices to promote and provide the health service in England, improve quality of services, reduce inequalities, conduct research, review performance of services and deliver education and training. To do this we will need to process your information in accordance with current data protection legislation to:
How is the information collected?
Your information will be collected either electronically using secure NHS Mail or a secure electronic transferred over an NHS encrypted network connection. In addition, physical information will be sent to your practice. This information will be retained within your GP’s electronic patient record or within your physical medical records.
Who will we share your information with?
In order to deliver and coordinate your health and social care, we may share information with the following organisations:
Your information will only be shared if it is appropriate for the provision of your care or required to satisfy our statutory function and legal obligations.
Your information will not be transferred outside of the European Union.
Whilst we might share your information with the above organisations, we may also receive information from them to ensure that your medical records are kept up to date and so that your GP can provide the appropriate care.
Telephone calls to and from the surgery
Due to the nature of our business Narrowcliff Surgery record all incoming and outgoing telephone calls. This is necessary to protect the interests of one or more of the call participants.
By contacting the surgery via telephone patients are consenting to their telephone call being recorded. Patients who do not wish their telephone calls to be recorded should contact the surgery in person or via email at firstname.lastname@example.org.
The calls are held on a dedicated and secure PC and the data is only accessed by a limited number of authorised staff when there are concerns about a call, this could be in the event of a complaint, a query raised about the clinical advice given or where threats to staff are received.
A transcript of the call may be shared with indemnity providers where it relates to clinical content or the police in the event of extreme threats.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information that has been collected lawfully. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access.
Information is not held for longer than is necessary. We will hold your information in accordance with the Records Management Code of Practice for Health and Social Care 2016.
Consent and Objections
Do I need to give my consent?
The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps you build trust and enhance your reputation. However, consent is only one potential lawful basis for processing information. Therefore your GP practice may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. Your GP Practice will contact you if they are required to share your information for any other purpose which is not mentioned in this notice. Your consent will be documented in your electronic patient record.
What will happen if I withhold my consent or raise an objection?
You have the right to write to withdraw your consent to any time for any particular instance of processing, provided consent is the legal basis for the processing. Please contact your GP Practice for further information and to raise your objection.
Health Risk Screening / Risk Stratification
Health Risk Screening or Risk Stratification is a process that helps your GP to determine whether you are at risk of an unplanned admission or deterioration in health. By using selected information such as age, gender, NHS number, diagnosis, existing long-term condition(s), medication history, patterns of hospital attendances, admissions and periods of access to community care your GP will be able to judge if you are likely to need more support and care from time to time, or if the right services are in place to support the local population’s needs.
To summarise Risk Stratification is used in the NHS to:
As mentioned above, you have the right to object to your information being used in this way. However, you should be aware that your objection may have a negative impact on the timely and proactive provision of your direct care. Please contact the Practice Manager to discuss how disclosure of your personal data can be limited.
Sharing of Electronic Patient Records within the NHS
Electronic patient records are kept in most places where you receive healthcare. Our local electronic systems (such as SystmOne, EMIS and Eclipse) enables your record to be shared with organisations involved in your direct care, such as:
In addition, NHS England has implemented the Summary Care Record which contains information including medication you are taking and any bad reactions to medication that you have had in the past.
In most cases, particularly for patients with complex conditions and care arrangements, the shared electronic health record plays a vital role in delivering the best care and a coordinated response, taking into account all aspects of a person’s physical and mental health. Many patients are understandably not able to provide a full account of their care, or may not be in a position to do so. The shared record means patients do not have to repeat their medical history in every care setting.
Your record will be automatically set up to be shared with the organisations listed above, however, you have the right to ask your GP to disable this function or restrict access to specific elements of your record. This will mean that the information recorded by your GP will not be visible in any other care setting.
You can also reinstate your consent at any time by giving your permission to override your previous dissent.
Your Right of Access to Your Records
The Data Protection Act and General Data Protection Regulations allows you to find out what information is held about you including information held within your medical records, either in electronic or physical format. This is known as the “right of subject access”. If you would like to have access to all or part of your records, you can make a request in writing to the organisation that you believe holds your information. This can be your GP or a provider that is or has delivered your treatment and care. You should, however, be aware that some details within your health records may be exempt from disclosure, however, this will in the interests of your wellbeing or to protect the identity of a third party. If you would like access to your GP record please submit your request in writing to:
Narrowcliff Surgery, Narrowcliff, Newquay, TR7 QF
In the event that you feel your GP Practice has not complied with the current data protection legislation, either in responding to your request or in our general processing of your personal information, you should raise your concerns in the first instance in writing to the Practice Manager at:
If you remain dissatisfied with our response you can contact the Information Commissioner’s Office at Wycliffe House, Water Lane, Wimslow, Cheshire SK9 5AF – Enquiry Line: 01625 545700 or online at www.ico.gov.uk
Narrowcliff Surgery uses a data processing company called DocMail to handle some mailings to patients. Typically this is for bulk mailings such as the invitations to attend the flu clinics where it is difficult to accommodate the administrative work involved without affecting our ability to serve patients. This is permissible under guidance from both the Information Commissioner’s Office (ICO) and the Department of Health (DoH) subject to the provisions of the Data Protection Act
Please find below some more information about DocMail and how we work with them to ensure that we protect our patients’ personal data at all times.
1.1 What is DocMail
DocMail is provided by CFH Total Document Management Ltd a secure print and mailing company who provide print and mailing services for Local Government, GPs, Dentists, Medical practices, Schools, Exam Boards and Banks etc. throughout the UK.
The system can be found online at http://www.docmail.co.uk/ and requires a secure username and password for us to log on and upload our letters and address lists to create the printed output for despatch to Royal Mail. The system allows us to upload a letter template and mailing data for the patients we want to write to via a secure web portal.
1.2 The Data Protection Act (1998) (DPA)
Narrowcliff Surgery and DocMail are both fully compliant with the Data Protection Act.
The Information Commissioners Office issued guidance in February 2012 for organisations that outsource some of its data processing to a third party. The Data Protection Act allows outsourcing to take place but stipulates certain conditions that must be met for it to be compliant.
An organisation that processes personal data is required to handle personal data in accordance with the data protection principles. A data controller may choose to use another organisation to process personal data on its behalf – a data processor.
The data controller remains responsible for ensuring its processing complies with the DPA, whether it processes in-house or engages a data processor.
Where a data processor is used the data controller must ensure that suitable security arrangements are in place in order to comply with the seventh data protection principle.
Further extracts from the guidance are reproduced below and the entire document is available on the ICO website.
Narrowcliff Surgery has strictly adhered to this guidance in setting up the partnership with DocMail.
1.3 Connecting For Health
DocMail has achieved a 100% rating in the Department of Health's Information Governance Toolkit Assessment for 2011-2012 and we meet the terms and conditions of the DH Information Governance Assurance Statement. This assessment is publicly available and can be viewed here
1.4 Other Approvals
DocMail is also approved by the following:
1.5 Accreditations & Security Policies
In addition to the credentials listed above, we have been supplied with DocMail’s Corporate Policies and certifications as detailed below:
We have permission from DocMail to allow any patient of Narrowcliff Surgery to view them on request. Please ask at reception if you wish to do this.
The data file provided to DocMail will only contain enough data to enable them to fulfil the contract. This means that it will include name and address details. We will, of course, exercise the same discretion in writing the letters as we would if we were printing and posting them at the surgery.
The letters will be delivered to your address by Royal Mail in the normal way. The letters will carry the DocMail logo and does not identify the letter as having come from a doctor’s surgery.
DocMail delete the personal data 28 days after the mailing.
If you have any questions or require further information about this please ask to speak to the Practice Manager.
For more information about this visit NHS Digital
As of 1st July 2021 your data will be shared with NHS Digital to help improve health, care and services
Patient data from GP medical records kept by GP practices in England is used every day to improve health, care and services through planning and research, helping to find better treatments and improve patient care. The NHS is introducing an improved way to share this information - called the General Practice Data for Planning and Research data collection.
NHS Digital will collect, analyse, publish and share this patient data to improve health and care services for everyone. This includes:
Any data that NHS Digital collects will only be used for health and care purposes. It is never shared with marketing or insurance companies.
READ MORE HERE
NHS Digital will not collect any patient data for patients who have already registered a Type 1 Opt-out in line with current policy. If this changes patients who have registered a Type 1 Opt-out will be informed.
If you do not want your patient data shared with NHS Digital, you can register a Type 1 Opt-out with us. You can register a Type 1 Opt-out at any time. You can also change your mind at any time and withdraw a Type 1 Opt-out.
Data sharing with NHS Digital will start on 1st July 2021.
If you wish to register a Type 1 Opt-out with your GP practice before data sharing starts with NHS Digital, this should be done by returning this form. If you have previously registered a Type 1 Opt-out and you would like to withdraw this, you can also use the form to do this.
If you register a Type 1 Opt-out after your patient data has already been shared with NHS Digital, no more of your data will be shared with NHS Digital. NHS Digital will however still hold the patient data which was shared with us before you registered the Type 1 Opt-out.
If you do not want NHS Digital to share your identifiable patient data with anyone else for purposes beyond your own care, then you can also register a National Data Opt-out (also known as Type 2 Opt out).
If you are happy for your data to be shared as above, and haven't previously Opted out - you do not need to do anything.
Complete this form Type+1+Opt-out+form (or you can complete this to opt back in)
You can complete the online form via YOUR NHS MATTERS