We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice
How your information is used to provide you with care
This practice keeps medical records confidential and complies with the General Data Protection Regulation.
We hold your medical record so that we can provide you with safe care and treatment.
We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
- We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
- Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see: https://digital.nhs.uk/summarycare-records or alternatively speak to your practice.
- You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.
The practice will contact you by email or text message to send you reminders for booked appointments, to invite you for health checks and immunisations, and to make you aware of information that may be relevant to you specifically. We may also contact you by email or text message regarding your medical care. This may contain personal and sensitive information. If you would prefer not to receive information by text message or email you can opt out by contacting the practice and asking the team to remove this information from your medical record.
Please watch this video on how the NHS uses your personal health information
Other important information about how your information is used to provide you with healthcare
Registering for NHS care
- All patients who receive NHS care are registered on a national database.
- This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.
- The database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.
- More information can be found at: https://digital.nhs.uk/ or call 0300 303 5678.
Identifying patients who might be at risk of certain diseases
- Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
- This means we can offer patients additional care or support as early as possible.
- This process will involve linking information from your GP record with information from other health or social care services you have used.
- Information which identifies you will only be seen by this practice.
- Speak to the practice for more information.
Safeguarding
- Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
- These circumstances are rare.
- We do not need your consent or agreement to do this.
- Speak to the practice for more information.
For research and planning
Your health and care information is used to improve your individual care.
It is also used to help the NHS research new treatments, decide where to put GP clinics and plan for the number of doctors and nurses in your local hospital.
Wherever possible, the NHS try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.
You can opt out from sharing your confidential information for research and planning if you want to.
To opt out, or to find out more information, you can visit NHS: Your Data Matters
You can also call 0300 303 5678.
OpenSAFELY
NHS England has been directed by the Government to establish and operate the OpenSAFELY service. This service provides a Trusted Research Environment that supports COVID-19 research and analysis.
Each GP practice remains the controller of its own patient data but is required to let researchers run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym, through OpenSAFELY.
Only researchers approved by NHS England are allowed to run these queries and they will not be able to access information that directly or indirectly identifies individuals.
The NHS App
We use the NHS Account Messaging Service provided by NHS England to send you messages relating to your health and care. You need to be an NHS App user to receive these messages.
Further information about the service can be found in the privacy notice for the NHS App managed by NHS England.
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details
Sandmere Practice, 10-14 Sandmere Road, London SW4 7QJ
Data Protection Officer contact details
Danielle Gibbons, North East London Commissioning Support Unit (NELCSU)
Purpose of the processing
- To give direct health or social care to individual patients.
- For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
- To check and review the quality of care. (This is called audit and clinical governance).
Lawful basis for processing
These purposes are supported under the following sections of the GDPR:
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
How do we maintain confidentiality of your records?
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- The General Data Protection Regulations 2016
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Codes of Confidentiality, Information Security and Records Management
- Information: To Share or Not to Share Review
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles.
Our practice policy is to respect the privacy of our patients, their families and our staff and to maintain compliance with the General Data Protection Regulations (GDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data related to our patients will be protected.
All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. The practice will, if required, sign a separate confidentiality agreement if the client deems it necessary. If a sub-contractor acts as a data processor for the practice an appropriate contract (art 24-28) will be established for the processing of your information.
In Certain circumstances you may have the right to withdraw your consent to the processing of data. Please contact the Data Protection Officer in writing if you wish to withdraw your consent. If some circumstances we may need to store your data after your consent has been withdrawn to comply with a legislative requirement.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose in an identifiable format. In some circumstances you can Opt-out of the surgery sharing any of your information for research purposes.
Recipient or categories of recipients of the processed data
The data will be shared with:
- healthcare professionals and staff in this surgery
- local hospitals, NHS Trusts / Foundation Trusts
- out of hours services
- diagnostic and treatment centres
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
- IGPR - further information see below
- Healthtech 1 - further information see below
- Heidi - further information see below
- AccuRX Scribe - further information isee below
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Social Care Services
- NHS England (NHSE) and NHS Digital (NHSD)
- Local Authorities
- Education Services
- Fire and Rescue Services
- Police & Judicial Services
- Voluntary Sector Providers
- Private Sector Providers
- Other ‘data processors’ which you will be informed of
-
You will be informed who your data will be shared with and in some cases asked for consent for this to happen when this is required.
We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure. All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. If a sub-contractor acts as a data processor for the practice an appropriate contract (art 24-28) will be established for the processing of your information.
Rights to object
- You have the right to object to information being shared between those who are providing you with direct care.
- This may affect the care you receive – please speak to the practice.
- You are not able to object to your name, address and other demographic information being sent to NHS Digital.
- This is necessary if you wish to be registered to receive NHS care.
- You are not able to object when information is legitimately shared for safeguarding reasons.
- In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
- The information will be shared with the local safeguarding service.
Right to access and correct
- You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website
- We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention period
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found on the NHS England website
Right to complain
You have the right to complain to the Information Commissioner’s Office. If you wish to complain please visit the ICO website or call the helpline 0303 123 1113
Data we get from other organisations
We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.
London Care Record
This practice uses a shared record system called the London Care Record. The London Care Record is a secure view of your health and care information and lets health and care professionals involved in your care see important details about your health when and where they need them. Having a single, secure view of your information helps speed up communication between care professionals across London, improves the safety of care and can save lives.
London Care Record can only be lawfully looked at by staff who are directly involved in your care. Your information isn’t available to anyone who doesn’t need it to provide treatment, care and support to you. Your details are kept safe and won’t be made public, passed on to a third party who is not directly involved in your care, used for advertising or sold. For more information please read the London Care Record privacy notice for South East London
Please watch the What is the London Care Record video
Opting out of the London Care Record
You have the right to object to your information being available through London Care Record. Although patients have the right to object and request restrictions on sharing their records, there may be instances where this request will not be upheld due to a clinical need as determined by the direct care giver. Please discuss this with your GP/ health and social care worker and you can find further information on the One London website
For further information and advice about data protection or your right to object to sharing your data you can contact the team at Lewisham and Greenwich Trust who manage the London Care Record for South East London via their website or you can call 020 3192 6011 and leave your name and number for someone to contact you.
If you have already requested to stop sharing on ConnectCare/Local Care Record in South East London, then you will not have to request this again for London Care Record.
Healthtech-1
We use a third party to process your registration quickly, and to ensure We have the greatest chance at locating your medical record. Accordingly we’ve asked Healthtech-1, to process your personal and sensitive data with the purpose of improving your registration experience in both speed and accuracy. We are the Data Controller, and Healthtech-1 is the Data Processor.
This means that We (the practice) instruct the Data Processor on what data is processed and how this will be done. This role is undertaken in accordance with the General Data Protection Regularly (GDPR) and the Data Protection Act 2018.
For all requests regarding the control of your data, please contact the GP practice.
The purposes of the processing
To deliver GP practice services that are required by law. We’ve instructed, the Data Processor process your data to enable the online registration process to be completed. As a Controller, We need to collect this information to safely register You as a patient, and receive electronic copies of your GP notes from your previous practice.
Accurx Scribe
Accurx Scribe assists clinicians by transcribing medical consultations to improve documentation and reduce administrative workload while maintaining patient care quality and confidentiality. Accurx Scribe aims to
• Enhance accuracy and efficiency in medical record-keeping.
• Reduce administrative workload for clinicians.
• Improve patient-clinician interaction by allowing clinicians to focus on care rather than
note-taking.
During a consultation, Accurx Scribe transcribes real-time discussions between patients and clinicians. The transcribed information is reviewed and validated by the clinician before being added to the patient’s medical record. Data is processed within a secure environment, ensuring compliance with NHS Digital and UK GDPR requirements.
Accurx Scribe does not share patient data with third parties without explicit consent, except where legally required (e.g., safeguarding, legal obligations). Data is encrypted and stored securely in the UK, in compliance with NHS data governance policies. Access to patient data is restricted to authorised healthcare professionals within the practice.
Retention Period Retention Period
• Transcribed consultation records are stored as part of the patient’s electronic medical record and retained in accordance with NHS retention guidelines.
• Any temporary data processed by Accurx Scribe is securely deleted once incorporated into the medical record. This is set to delete within 90 days by Claremont Medical Centre. No data is held by Accurx Scribe.
Opt-Out Option
If you prefer not to have your consultation transcribed by Accurx Scribe, you can opt out at any time by informing your clinician before or during your appointment.
Heidi
Heidi AI is used as a transcription tool by some clinicians at Stockbridge Practice to transcribe live clinician-patient consultations in real time. This tool listens to the conversation between the clinician and patient, generating consultation notes based on that interaction. Explicit patient consent is obtained before each session, informing patients of how their data will be processed and used.
Some clinicians also use the tool to dictate referrals but no patient information is used. The text is sent to the medical secretaries advising them of the patient to whom the referral relates.
Heidi AI adheres to NHS Digital standards for data protection and encryption. Only the clinician has access to the transcriptions during the session, and the transcriptions are securely stored in accordance with GDPR and NHS requirements.
Data Sharing with iGPR
We use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for.
iGPR manages the reporting process for us by reviewing and responding to requests in accordance with our instructions and all applicable laws, including UK data protection laws. The instructions we issue to iGPR include general instructions on responding to requests and specific instructions on issues that will require further consultation with the GP responsible for your care.
IGPR will only access the clinical record on behalf of either the patient themselves (e.g. subject access request), a third party where the patient has given their consent (e.g. insurance report) or the information is required by the Government (e.g. DWP forms).
The aim of asking IGPR to process certain requests for information (where a clinical judgement is not required) is to reduce the administrative burden from GPs, allowing additional time to be available for clinical work.
If you have made a subject access request, or an organisation has made a request with your consent, and you do not wish your data to be processed by IGPR you can write or email the Practice to advise us of this.