Sharing Initiative Fair Processing Materials

We share your medical records with other services involved in your health and care. For full details, please read the leaflets below:

Serious Mental Illness (SMI) Register

Aiming to Improve physical healthcare for people living with severe mental illness (SMI) by ensuring that by 2020/21, 280,000 people living with severe mental illness (SMI) have their physical health needs met by increasing early detection and expanding access to evidence based physical care assessment and intervention each year.

Your practice is involved by sharing information with mental health services in the community about patients with SMI. A register is maintained that allows your practice and the mental health teams to monitor the health checks provided to patients with SMI.

More Information about the Severe Mental Illness Register

For more information about your rights or information sharing – see the main privacy notice page.

Diabetic Eye Screening

Diabetic eye screening is a key part of diabetes care. People with diabetes are at risk of damage from diabetic retinopathy, a condition that can lead to sight loss if it’s not treated.

The practice regularly identifies patients within their clinical system that are eligible for eye screening and sends their details to a partner called Health Intelligence who will invite them to be screened by the eye screening service. Health Intelligence staff are committed to confidentiality and there is an Information Sharing Agreement in place to ensure that personal data is used in a lawful and appropriate way.

More Information about the National Agenda

More Information about how Health Intelligence Use my Information

Summary Care Record Consent Project

As a patient, you currently have a Summary Care Record (SCR) containing key information about the medicines you are taking, allergies you suffer from and any reactions to medicines

you have had in the past. Should an illness or injury occur this information is used, with your consent, to assist healthcare staff such as hospital doctors, district nurses or pharmacy staff that may be unfamiliar with your medical history to make better and safer decisions about how best to treat you.

Patients have been given the option to include “additional information” into the Summary Care Record, this will add information relating to illnesses and any health problems, vaccinations, operations, and how patients would like to be treated.

More Information about Summary Care Records

For more information about your rights or information sharing – see the main privacy notice page.

Child Health Immunisations – Provide

To deliver the Child Health Information Service (CHIS) across Essex and East Anglia, one of the key responsibilities is producing immunisation reminders and appointments on behalf of GP Practices.

The practice allows Provide to extract immunisation history from their clinical systems for each child under the age of six years of age registered with the Practice.

Provide will then invite the patient to attend immunisation appointments.

Provide staff are bound by confidentiality in the same way that practice staff are and there is a Data Processing Contract in place to ensure that personal data is used in a lawful and appropriate way.

More Information about Provide

More Information about Immunisations

For more information about your rights or information sharing – see the main privacy notice page.

GP Connect (IC24)

The GP Connect programme uses technology to allow different clinical systems to communicate so that health and social care staff in different teams and locations can;

  • View a patient’s GP practice record • Manage GP appointments • Import or download data on a patient’s medicines and allergies

This will save time for clinicians, and provide better, more convenient care for patients and allows more information for appointments made outside of usual hours.

More Information about GP Connect

For more information about your rights or information sharing – see the main privacy notice page.

Social Prescribing (Norfolk)

Social prescribing enables GPs, nurses and other primary care professionals to refer people to a range of local, non-clinical services.

Social prescribing enables patients to find non-clinical solutions to improve their own health and wellbeing by supporting them to connect with their local community. This can include advice and information on local services and connecting individuals to social activities, clubs, groups, and like-minded individuals in their community. The practice will do this by employing someone to act as a ‘link’ between the practice, the patient and non-clinical services within the community.

Current providers in the Norfolk and Waveney area include:

  • Norfolk Citizens Advice Bureau
  • North Norfolk District Council

Depending on where they are in the county, the GP practice will refer patients to one of these providers and will send basic information such as name, NHS No, address, date of birth and background to their health and wellbeing needs.

The providers are bound by confidentiality in the same way that practice staff are and there is a Data Sharing Agreement in place to ensure that personal data is used in a lawful and appropriate way.

More Information about Social Prescribing

For more information about your rights or information sharing – see the main privacy notice page.

North Norfolk Risk Stratification (Gemima)

Risk stratification is a process that is used across the NHS.The process uses technology to search the records in clinical systems and find information that tells your GP practice who might need extra care or support.

This might be because they have complicated health conditions or because they are at risk of developing conditions.

The information from your GP record will be combined with other information about when you hae been to hospital or used other community services and will be used by the local NHS Clinical Commissioning Group (CCG) to plan and buyhealthcare services for the local area.

The CCG will not have access to any information that identifies individual patients and instead, will use a code so they will not be able to see particular patients directly.

More Information about Risk Stratification

NSFT Learning Disability Service and GP Practices LD (Waveney Area) Suffolk

The Adult Learning Disability Community Team (Waveney) service as commissioned by the Great Yarmouth and Waveney CCG has been re-modelled. As part of this redesign, the service is developing a project whereby the team link more directly to GP practices in the Waveney area to offer support, advice and training. As part of this project, the team is tasked to assist GP practices in ensuring that their Learning Disability registers are accurate.

This allows health and social care providers to ensure that patients with Learning Disabilities are receiving the correct support.

GP practices will be required to share information with Norfolk and Suffolk Foundation Trust (NSFT).

NSFT are bound by confidentiality in the same way that practice staff are and there is a Data Sharing Agreement in place to ensure that personal data is used in a lawful and appropriate way.

More Information about the NHS and Learning Disabilities

Sharing When Required By Law

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.

Care Quality Commission Access to Health Records

CQC has powers under the Health and Social Care Act 2008 to access and use your health information where it is necessary to carry out their functions as a regulator.

This means that inspectors may ask to look at certain records to decide whether we are providing safe, good quality care.

More information about the CQC can be obtained on their website https://www.cqc.org.uk/about-us/our-policies/privacy-statement

​Information Access and Rights

Data protection law provides you with a number of rights that the practice is committed to supporting you with;

Right to Access

You have the right to obtain:

  • Confirmation that your information is being used, stored or shared by the practice
  • A copy of information held about you

​We will respond to your request within one month of receipt or will tell you when it might take longer.

​We are required to validate your identity including the identity of someone making a request on your behalf

​Right to Object or Withdrawn Consent

We mainly use, store and share your information because we are permitted in order to deliver your healthcare but you do have a right to object to us doing this.

​Where we are using, storing and sharing your information based on explicit consent you have provided, you have a right to withdraw that consent at any time.

​Our Data Protection Officer will be happy to speak with you about any concerns you have.

​Right to Correction

If information about you is incorrect, you are entitled to request that we correct it

There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time

​We will respond to your request within one month of receipt or will tell you when it might take longer.

​Right to Complain

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

​For more detailed information on your rights visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

​​Case Finding and Profiling

Sometimes your information will be used to identify whether you need particular support from us.

​Those involved in your care might look at particular ‘indicators’ (such as particular conditions) and contact you or take action for healthcare purposes.

For example, this might be to prevent you from having to visit accident and emergency by supporting you in your own home or in the community.

​We will use automated technology to help us to identify people that might require support but ultimately, the decision about how or whether to provide extra support you is made by those involved in your care.

​Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.

Sharing Partners Across Norfolk and Waveney

Our practice routinely shares information with other health and social care organisations across the county.

We have signed an ‘Information Sharing Agreement’ to ensure that all sharing partners agree to secure practice when sharing your information.

Here is a list of sharing partners across Norfolk and Waveney

More Info

Information Technology

The practice will use third parties to provide services that involve your information such as:

  • Removal and destruction of confidential waste
  • Provision of clinical systems
  • Provision of connectivity and servers
  • Digital dictation services

​​Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery)

​We have contracts in place with these third parties that prevent them from using it in any other way that instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.

​How Do We Keep Your Information Safe?

We are committed to ensuring the security and confidentiality of your information.

There are a number of ways we do this:

  • Staff receive annual training about protecting and using personal data
  • Policies are in place for staff to follow and are regularly reviewed
  • ​We check that only the minimum amount of data is shared or accessed
  • ​We use ‘smartcards’ to access systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
  • ​We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
  • ​We report and manage incidents to make sure we learn from them and improve
  • ​We put in place contracts that require providers and suppliers to protect your data as well
  • ​We do not send your data outside of the EEA