NICS - Privacy Notice
NICS has a legal duty to explain how we use any personal information we collect about you, as a registered patient.
If you have been asked by your practice if you would like an appointment in an Improved Access Clinic for GP, Nurse or Physiotherapy and you have agreed. Then your details will have been forwarded to NICS.
NICS are the GP Federation for the 38 practices in North West Surrey and we support your practice by offering medical services.
NICS maintain records about your health and the treatment you receive in electronic format on our EMIS System.
What information do we collect about you?
We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.
How we will use your information
Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. NICS may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.
In order to comply with its legal obligations, NICS may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Additionally, NICS contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure.
Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the GDPR.
In order to deliver the best possible service, the practice will use carefully selected third party service providers. When we use a third party service provider to process data on our behalf, we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share the information other than in accordance with our instructions and that they operate securely.
Examples of functions that may be carried out by third parties include companies that provide;
· IT services and support, including our clinical systems,
· systems which manage patient facing services (e.g. our website)
· Data hosting service providers,
· Systems which facilitate appointment bookings, electronic prescription services,
· Document management service
Maintaining confidentiality and accessing your records
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please send an email to email@example.com to request a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected.
You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff at your own GP surgery who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering to opt out online (national data opt-out programme) or if you are unable to do so or do not wish to do so online, by speaking to a member of staff.
If you opt out you cannot be seen in any of NICS clinics.
What to do if you have any questions
Contact NICS data controller via email at firstname.lastname@example.org.
The Data Protection Officer (DPO) for NICS is Dr Mohan Kanagandasaram.
In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select “Raising a concern”.