Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the Data Protection Act 2018 and the EU General Data Protection Regulations (GDPR).
Your Information, What You Need to Know
This privacy notice explains why Vassall Medical Centre collects information about you, and how that information may be used.
How We Keep Your Information Confidential and Safe
Everyone working for the NHS is subject to the Common Law Duty of Confidence.
Information provided in confidence will only be used for the purposes advised with
consent given by the patient, unless there are other circumstances covered by the law.
Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, tell you of how your information will be used, and allow you to decide if and how your information can be shared.
Why We Collect Information about You
In carrying out some of these roles we will collect information about you which helps us provide care for you. We may keep your information in written form and/or in digital form. The records include basic - details about you, such as your name and address. They will also contain more sensitive information about your health and also information such as outcomes of needs assessments.
How We Use the Information that We Collect
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS health records may be electronic, on paper or a mixture of both, and we use a
combination of working practices and technology to ensure that your information is kept confidential and secure. Records which this GP Practice may hold about you may include the following;
Details about you, such as address and next of kin
Any contact the surgery has had with you, such as appointments, clinic visits,
emergency appointments, etc.
Notes and reports about your health
Details about your treatment and care
Results of investigations, such as laboratory tests, x-rays, etc.
Relevant information from other health professionals, relatives or those who care for you
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may also be used for clinical
audit to monitor the quality of the service provided.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – the surgery will always endeavour to gain your consent before releasing the information for this purpose.
What We Use your Information For
SMS Text Messaging
We will use the mobile number you have provided to send you the following types of messages providing you have consented to this –
This service is provided to us by a company called MJOG who provide text messaging facilities to a variety of health care providers. They do hold any data about you and only have access to the mobile phone number which you would have provided us. For more information on MJOG you can find them at https://www.mjog.com/
We may contact you via the email address you would have provided providing you have consented for communication on Campaign messages such as eligibility for certain vaccinations/patient group events and health educational events.
Analysis – Risk Stratification
Risk stratification tools are increasingly being used in the NHS to help determine a
person’s risk of suffering a particular condition, preventing an unplanned or
(re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from Vassall Medical Centre.
A risk score is then arrived at through an analysis of your de-identified information using software managed by United Health (also known as Optum) as the data processor and is only provided back to Vassall Medical Centre or member of your care team as data controller in an identifiable form. Risk stratification enables us to focus on the preventing ill health and not just the treatment of sickness. If necessary we may be able to offer you additional services.
Please note that you have the right to opt out, by contacting Vassall Medical Centre.
If you have received treatment within the NHS, NHS Lambeth Clinical Commissioning Group (CCG) may require access to your personal information in order to determine which CCG should pay for the treatment or procedure you have received.
Information such as your name, address and date of treatment may be passed on to enable the billing process. These details are held in a secure environment and kept confidential. This information will only be used to validate invoices, and will not be shared for any further commissioning purposes.
Supporting Medicines Management
CCGs support local GP practices with prescribing queries which generally don’t require identifiable information. Where specialist support is required, e.g., to order a drug that comes in solid form in gas or liquid the CCG medicines management team will order this on behalf of a GP to support your care.
To ensure that adult and children’s safeguarding matters are managed appropriately,
access to identifiable information will be shared in some limited circumstances where
it’s legally required for the safety of the individuals concerned.
A Quality Alert is a systemic issue, generally affecting a service, or the ability to deliver a high quality service. Lambeth CCG’s Governance and Quality Team triage quality alerts (QA’s) reverse quality alerts and incidents reported by GPs/Provider
organisations. The CCG has a statutory duty to support NHSE with the continuous
quality improvement of primary medical services as set out in the HSCA 2012 and the Primary Medical Services assurance framework.
New systems to improve information sharing in Lambeth
The local NHS in Lambeth is developing new systems, such as the Local Care Record
system so that you can receive more joined up services. The services will have access
to your whole medical record. Where appropriate, healthcare professionals will inform
you that they are accessing your shared Local Care Record. In an emergency situation
where you may not be conscious or able to give consent they will open your information
in order to give you the best care. You can ask your GP to hide information in your
medical record that you would not want another service to be able to see. This will not
be visible to other organisations when they open your record.
Lambeth DataNet is a group of general practices in Lambeth working together to
improve local health care by researching information from patient records. This gives us
a better idea of what services are needed for the Lambeth population. If we take part in
an audit or research study we pass on information to the researchers coordinating the
study. Sometimes this research involves linking patient information held by Vassall Medical Centre with NHS information held by the hospital or A&E, for example. This information
is anonymous and cannot be traced back to you in any way. Please contact the CCG Datanet team on LAMCCG.email@example.com if you would like further details.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected
lawfully in accordance with the Data Protection Act 2018 (which is overseen by the
Information Commissioner’s Office), Human Rights Act, the Common Law Duty of
Confidentiality, and the NHS Codes of Confidentiality and Security.
Every member of staff who works for an NHS organisation has a legal obligation to keep
information about you confidential. Anyone who receives information from an NHS
organisation has a legal duty to keep it confidential.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass
on information about you if others involved in your care have a genuine need for it. We
will not disclose your information to any third party without your permission unless there
are exceptional circumstances (i.e. life or death situations), or where the law requires
information to be passed on.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will
be used, with the following organisations;
Independent Contractors such as dentists, opticians, pharmacists
Private Sector Providers
Voluntary Sector Providers
Clinical Commissioning Groups
Social Care Services
Fire and Rescue Services
Other ‘data processors’
We will never share your information outside of health partner organisations without your explicit consent unless there are exceptional circumstances such as when the health or safety of others is at risk, where the law requires it or to carry out a statutory function. Within the health partner organisations (NHS and Specialist Trusts) and in relation to the above mentioned themes – Risk Stratification, Invoice Validation, Supporting Medicines Management, Safeguarding, Quality Alerts, Local Care Record, Lambeth DataNet – we will assume ‘implied consent’ unless you choose to opt out (see below).
This means you will need to express an explicit wish not to have your information shared with the other NHS organisations; otherwise they will be automatically shared.
We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional. There are occasions when we must pass on information, such as notification of new births, where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS), and where a formal court order has been issued.
Our guiding principle is that we are holding your records in strictest confidence.
Your Right to Withdraw Consent for Us to Share Your Personal Information (Opt-
You have the right to consent / refuse / withdraw consent to information sharing at any moment in time. There are possible consequences to not sharing but these will be fully explained to you to help you with making your decision.
You can opt out at any time by contacting:
Vassall Medical Centre
89 Vassall Road
For any queries regarding these matters you may contact our Data Protection Officer - Grant Griffiths
If you would like to find out about what national initiatives may affect you, visit:
Your Data Matters: http://www.nhs.uk/your-data-matters/
NHS Digital: https://digital.nhs.uk/services/national-data-opt-out-programme
Coordinate My Care (CMC): http://www.coordinatemycare.co.uk/
Summary Care Record: https://digital.nhs.uk/services/summary-care-records-scr
Accessing Your Information Held by Vassall Medical Centre
Under the Data Protection Act 2018 you have the right to see or be given a copy of personal data held about you. To gain access to your information you will need to make a Subject Access Request (SAR) to Vassall Medical Centre.
Your request will be reviewed and your records looked over by a GP for any references to a third party and or any information which the GP feels may unduly upset you so we may omit these items.
Fees may be charged for repetitive requests.
Freedom of Information Requests (FOI)
The Freedom of Information Act (2000) gives every Individual the right to request information held by Government Agencies. Private Companies are not subject to this act.
Please note that a Freedom of Information Request is not a Subject Access Request.
Please send your requests to the practice managers:
Vassall Medical Centre
89 Vassall Road
Your request for information must be made in writing and you are entitled to a response
within 20 working days.
Decommissioning of Services
We will retain legal responsibility for the information held about you until it
is formally dissolved or until agreements are put in place to transfer responsibility.
If you have a complaint about Vassall Medical Centre or a service we provide, we will use your
information to communicate with you and investigate any complaint if it’s the responsibility of the Practice.
Please send all complaints to:
Vassall Medical Centre
89 Vassall Road
If you are not happy with our responses and have exhausted all the avenues in our complaints process and wish to take your complaint to an independent body, you can do this by contacting the Information Commissioner's Office in writing to the following address:
You can also telephone their helpline on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Or email: firstname.lastname@example.org
For a translation of this document, an interpreter or a version in large print or
braille, please contact:
Vassall Medical Centre
89 Vassall Road