Your Data, Privacy & the Law. How We Use Your Medical Records

  • This practice handles medical records according to the laws on data protection and confidentiality
  • We share medical records with health professionals who are involved in providing you with care and treatment. This is on a need to know basis and event by event.
  • Some of your data is automatically copied to the Shared Care Summary Record
  • We share some of your data with local out of hours / urgent or emergency care services
  • Data about you is used to manage national screening campaigns such as Flu, Cervical cytology and Diabetes prevention
  • Data about you, usually de-identified, is used to manage the NHS and make payments
  • We share information when the law requires us to do, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable people
  • Your data is used to check the quality of care provided by the NHS
  • We may also share medical records for medical research

privacy policy

For information on choosing if data from your health records is shared for research and planning please click here. 

For more information please read the following Detailed Privacy Notices:

Privacy Notice for CQC

Privacy Notice for Direct Care Emergencies

Privacy Notice for Direct Care

Privacy Notice for Disclosures to the Police

Privacy Notice for Docmail

Privacy Notice for Email Messages

Privacy Notice for Employees

Privacy Notice for National Data Opt Out

Privacy Notice for National Screening Programs

Privacy Notice for NHS Counter Fraud

Privacy Notice for NHS Digital

Privacy Notice for Other Third Parties

Privacy Notice for Pandemics

Privacy Notice for Patient Online Access

Privacy Notice for Payments

Privacy Notice for Public Health

Privacy Notice for Research

Privacy Notice for Risk Stratification

Privacy Notice for Safeguarding

Privacy Notice for SMS Text Messages

Privacy Notice for Summary Care Record

Privacy Notice for the Courts

Privacy Notice for the Driver & Vehicle Licensing Agency (DVLA)

Privacy Notice for the General Medical Council (GMC)

Privacy Notice for the Health Service Ombudsman (HSO)


Data Privacy Impact Assessments (DPIA)

The core principles of Data Privacy Impact Assessment (DPIA) are applied to any project which involves the use of personal data, or to any other activity which could have an impact on the privacy of individuals.

We will carry out a DPIA where processing is likely to result in high risk to the rights and freedoms of individuals, in particular:

  • Automated processing
  • Large scale processing of special categories data – which includes health and genetic data
  • Systematic monitoring of a public area on a large scale

Below are links to existing Data Privacy Impact Assessments:

Data Privacy Impact Assessment for AccuRx Chain SMS

Data Privacy Impact Assessment for Formstack

Data Privacy Impact Assessment for MJog