General Data Protection Regulations (GDPR) March 2021
GDPR came into force on 25th May 2018 and in accordance with these new regulations patients have a right to know how we process, manage and share your personal and sensitive data.
In general terms we need to inform you of:
- The purposes for which we process your information
- Provide you with a description of the data subjects / type of personal data we hold
- Provide you with details on who the various recipients of your data are
- Advise you of how long we need to retain your data
- Advise you of how we will keep your data secure.
All this information and full details can be found in Jubilee Medical Group's Privacy Statement, please see below:
ACR project for patients with diabetes
The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and confirm that you wish them to send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care. Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care. Further information about this is available at http://bit.ly/uACRtest.
NHS England has commissioned a provider, Xyla Health and Wellbeing, to provide the ‘Your local Healthier You: NHS Diabetes Prevention Programme’ for patients at risk of type 2 diabetes. Once a patient is referred, they will be contacted for a motivational interview with the provider (Xyla) to help them enrol onto the course and to have an opportunity to ask any questions they have at this time, including if you don’t want to enrol in the programme. Xyla Health and Wellbeing is part of the Acacium Group and sometimes, if required and legally allowed, Xyla may share some of your basic details such as your name and contact details with providers who have been identified as suitable to contact you to provide support for you during this programme. Any sharing of your data is done as little as possible, under due diligence and in compliance with applicable laws. For full details on how Xyla would use your data for the diabetes prevention programme, see their privacy notice at: https://preventing-diabetes.co.uk/diabetes-prevention-privacy-policy/ For general information on the national diabetes prevention programme, please visit the NHS England website on this at: https://preventing-diabetes.co.uk/
Access to Your Medical Records
Access to Health Records under the General Data Protection Regulations May 2018
The GDPR 2018 gives every living person, or an authorised representative, the right to apply for access to their health records.
Requests can be made:
- In writing (there are application forms available for this should you wish to use one)
- By email
When making your request for access, it would be helpful if you could provide details of the time-periods and aspects of your health record you require (this is optional, but it may help save Practice time and resources in completing your request).
No fee will be normally be charged for supplying your records unless - the request is:
- manifestly unfounded
- repetitive in nature.
Information required to process your request:
The data controller may not be able to easily comply with your access request if they do not have sufficient information to identify you and to locate the information held about you. You may therefore be asked to provide us with identification and asked for specific details about what information you require.
Timescale for completing your request:
Subject access requests will normally be responded to within one month of the date they are received.
However there may be occasions when this timeframe is extended if the request is complex or you have submitted a number of requests.
The maximum extension time is two months. Should we need to extend the time it takes us to respond to your request we will keep you informed and notify you of the reasons for the extension.
If you are using an authorised representative, you need to be aware that in doing so they may gain access to all health records concerning you, which may not all be relevant. If this is a concern, you should inform your representative of what information you wish them to specifically request when they are applying for access.
Your representative will need to provide us with evidence of their entitlement to request information on your behalf.
If you have any complaints about any aspect of your application to obtain access to your health records, you should first discuss this with the practice. If the issues cannot be resolved then you have the right to make a complaint to the Health Service Ombudsman at:
Helpline: 0845 015 4033
Alternatively you can contact the Information Commissioners Office (responsible for governing Data Protection compliance).
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Tel 0303 123 1113 or 01625 545 745 or