We ask you for personal information so that you can receive appropriate care and treatment. This information is recorded on computer and we are registered under the Data Protection Act.
The practice will ensure that patient confidentiality is maintained at all times by all members of the practice team. However, for the effective functioning of a multi-disciplinary team, it is sometimes necessary that medical information about you is shared between members of the team.
Patient Privacy Notice
Covid-19 and your information - Updated on 25.05.2021
How sharing patient data with NHS Digital helps the NHS and you:
The NHS needs data about the patients it treats in order to plan and deliver its services and to ensure that care and treatment provided is safe and effective. The General Practice Data for Planning and Research data collection will help the NHS to improve health and care services for everyone by collecting patient data that can be used to do this. For example patient data can help the NHS to:
monitor the long-term safety and effectiveness of care
plan how to deliver better health and care services
prevent the spread of infectious diseases
identify new treatments and medicines through health research
GP practices already share patient data for these purposes, but this new data collection will be more efficient and effective.
We have agreed to share the patient data we look after in our practice with NHS Digital who will securely store, analyse, publish and share this patient data to improve health and care services for everyone. This includes:
informing and developing health and social care policy
planning and Commissioning health and care services
taking steps to protect public health (including managing and monitoring the coronavirus pandemic)
in exceptional circumstances, providing you with individual care
enabling healthcare and scientific research
This means that we can get on with looking after our patients and NHS Digital can provide controlled access to patient data to the NHS and other organisations who need to use it to improve health and care for everyone.
Contributing to research projects will benefit us all as better and safer treatments are introduced more quickly and effectively without compromising your privacy and confidentiality.
NHS Digital has engaged with the British Medical Association (BMA), Royal College of GPs (RCGP) and the National Data Guardian (NDG) to ensure relevant safeguards are in place for patients and GP practices.
To view further information please click here to navigate to the NHS Digital Webpage which provides up to date information on the Data Collection.
Privacy note on Covid-19 for Patients
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is available.
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on the gov.uk website and some FAQs on this law are available here.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of
protecting public health, providing healthcare services to the public and monitoring and
managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.
This Privacy Notice explains what information we collect about you, how we store this information, how long we retain it and with whom and for which legal purpose we may share it.
Westbrook Medical Center also publishes a number of specific notices which are available at the bottom of this page.
Who we are?
Why we collect personal information about you?
What is our legal basis for processing your personal information?
What personal information do we need to collect about you and how do we obtain it?
What do we do with your personal information and what we may do with your personal information?
Who do we share your personal information with and why?
How we maintain your records?
How long do we keep your information?
What are your rights?
Who is the Data Protection Officer?
How to contact the Information Commissioners Office
Who we are?
Westbrook Medical Centre employs more than 25 staff and runs from 301-302 Westbrook Centre, Westbrook, Warrington, WA5 8UF.
Our Practice is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 and our registration number is Z4860030.
For further information please refer to the ‘About US’ page on our website
Why we collect personal information about you?
The staff caring for you need to collect and maintain information about your health, treatment and care, so that you can be given the best possible care. This personal information can be held in a variety of formats, including paper records, electronically on computer systems, in video and audio files.
What is our legal basis for processing personal information about you?
Any personal information we hold about you is processed for the purposes of ‘provision of health or social care or treatment or the management of health of social care systems and services under chapter 2, section 9 of the Data Protection Act 2018
For further information on this legislation please visit: http://www.legislation.gov.uk/
What personal information do we need to collect about you and how do we obtain it?
Personal information about you is collected in a number of ways. This can be from referral details from our staff, other 3rd parties or hospitals, directly from you or your authorised representative.
We will likely hold the following basic personal information about you: your name, address (including correspondence), telephone numbers, date of birth, next of kin contacts, etc. We might also hold your email address, marital status, occupation, overseas status, place of birth and preferred name or maiden name.
In addition to the above, we may hold sensitive personal information about you which could include:
Notes and reports about your health, treatment and care, including:
your medical conditions
results of investigations, such as x-rays and laboratory tests
future care you may need
personal information from people who care for and know you, such as relatives and health or social care professionals
other personal information such as smoking status and any learning disabilities
Your religion and ethnic origin
Whether or not you are subject to any protection orders regarding your health, wellbeing and human rights (safeguarding status).
It is important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care plans in accordance with your needs.
What do we do with your personal information?
What we may do with your personal information.
Your records are used to directly, manage and deliver healthcare to you to ensure that:
The staff involved in your care have accurate and up to date information to assess and advice on the most appropriate care for you.
Staff have the information they need to be able to assess and improve the quality and type of care you receive.
Appropriate information is available if you see another healthcare professional, or are referred to a specialist or another part of the NHS, social care or health provider.
The personal information we collect about you may also be used to:
Remind you about your appointments and send you relevant correspondence.
review the care we provide to ensure it is of the highest standard and quality, e.g. through Audit or service improvement;
support the funding of your care, e.g. with Commissioning organisations;
prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory bodies;
help to train and educate healthcare professionals;
report and investigate complaints, claims and untoward incidents;
report events to the appropriate authorities when we are required to do so by law;
review your suitability for research study or clinical trial
contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients
Where possible, we will always look to anonymise/ pseudonymise your personal information so as to protect patient confidentiality, unless there is a legal basis that permits us to use it and we will only use/ share the minimum information necessary.
Who do we share your information with and why?
We may need to share relevant personal information with other NHS organisations. For example, we may share your information for healthcare purposes with health authorities such as NHS England, Public Health England, NHS Practice, other general practitioners (GPs), ambulance services, primary care agencies, etc. We will also share information with other parts of the NHS and those contracted to provide services to the NHS in order to support your healthcare needs.
We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services or private care homes. However, we will not disclose any health information to third parties without your explicit consent unless there are circumstances, such as when the health or safety of others is at risk or where current legislation permits or requires it.
There are occasions where the Practice is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
There may also be situations where we are under a duty to share your information, due to a legal requirement. This includes, but is not limited to, disclosure under a court order, sharing with the Care Quality Commission for inspection purposes, the police for the prevention or detection of crime or where there is an overriding public interest to prevent abuse or serious harm to others and other public bodies (e.g. HMRC for the misuse of public funds in order to prevent and detect fraud).
For any request to transfer your data internationally outside the UK/EU, we will make sure that an adequate level of protection is satisfied before the transfer.
The Practice is required to protect your personal information, inform you of how your personal information will be used, and allow you to decide if and how your personal information can be shared. Personal information you provide to the Practice in confidence will only be used for the purposes explained to you and to which you have consented. Unless, there are exceptional circumstances, such as when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. Where there is cause to do this, the Practice will always do its best to notify you of this sharing.
How we maintain your records
Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.
We hold and process your information in accordance with the Data Protection Act 2018 as amended by the GDPR 2016, as explained above. In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.
We have a duty to:
maintain full and accurate records of the care we provide to you;
keep records about you confidential and secure;
provide information in a format that is accessible to you.
Use of Email - Some services in the Practice provide the option to communicate with patients via email. Please be aware that the Practice cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk.
Further information can be found in our Information Governance policies, which are available at: http://www.sthk.nhs.uk/about/freedom-of-information/our-policies-and-procedures
How long do we keep your information?
All records held by the Practice will be kept for the duration specified by national guidance from the Department of Health. The Records Management Code of Practice for Health and Social Care 2016.
Records Management Code of Practice for Health and Social Care 2016
Confidential information is securely destroyed in accordance with this code of practice.
What are your rights?
If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 gives you certain rights, including the right to:
Request access to the personal data we hold about you, e.g. in health records. The way in which you can access your own health records is further explained in our ‘Subject Access Request Policy’.
Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. This is also explained in our ‘Subject Access Request Policy’.
Refuse/withdraw consent to the sharing of your health records: Under the Data Protection Act 2018, we are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.
Request your personal information to be transferred to other providers on certain occasions.
Object to the use of your personal information: In certain circumstances you may also have the right to ‘object’ to the processing (i.e. sharing) of your information where the sharing would be for a purpose beyond your care and treatment (e.g. as part of a local/regional data sharing initiative). This so called ‘‘Data Opt-out’ initiative, developed by Dame Caldicott, is set to commence in March 2018 and conclude in March 2020. Further information can be found on the following website: https://digital.nhs.uk/national-data-opt-out
We will always try to keep your information confidential and only share information when absolutely necessary.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
Practice Information Governance Lead
Data Protection Officer
Please contact the Practice Manager, Valerie Hinds.
Head of Information Governance and Quality Assurance: Craig Walker
Information Governance Team
St Helens & Knowsley Teaching Hospitals NHS Trust
Alexandra Business Park
Or via IG@sthk.nhs.uk
Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is the body that regulates the Practice under Data Protection and Freedom of Information legislation. https://ico.org.uk/. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the. ICO at:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
What is a Privacy Notice?
A Privacy notice helps your doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your Healthcare record whenever you come to see us. It also tells you how we make sure your information is kept safe
How we protect your information?
The General Data Protection Regulation (GDPR) came into force from 25th May 2018. This new regulation has been introduced to strengthen data protection for individuals within the EU. This will sit alongside the Data Protection Act 2018
What information do we collect about you?
We collect information about you such as: your name, why you are coming to see us, your birthday and year you were born, your address, the name of the person who will generally bring you to your appointments, your family doctor (General Practitioner or GP), the reason that you are coming to see us, any information that your family doctor or you or your family gives us, test results, X-rays and any other information to enable us to care for you.
Why we collect it?
Our main purpose at Westbrook Medical Centre is to deliver quality healthcare to adults and children. We collect the information we need to care for you in the best way. We ask for your address so that we know where we can contact you, we ask for your date of birth as your age may be important to your care and each time you come to see us we will write down things that you tell us, things that we tell you and any medicines or treatment we give you so that way we can look back at what we have done for you to make sure we are treating you in the best way.
What do we do with it?
We keep the information we collect electronically and on paper. All of this information together is called your Health Record and anyone involved in caring for you at the practice can see what has been collected. This way we can all make the right decisions about your care with all of the information you have given us.
Who we share it with?
We may share the information we record about you with other hospitals involved in your care. We routinely share information with school nurses, but not directly with school unless it is important for them to know. If you have a social worker, we will share it with them too. That way they are kept up to date on what we are doing for you. Your parents/guardians should get a copy of any letters we send to your doctor about your care.
If you tell us something that makes us worried about your safety or the safety of someone else you know, we might have to share this with other people outside of the practice - even if you don’t want us to. This is part of our job to keep you and others safe
How do we keep your information safe?
Everyone working in our practice understands that they need to keep your information safe; this is called keeping your information confidential or protecting your privacy. They have training every year to remind them of this, we tell them that they are only allowed to look at your information if they are involved in your care or to help us run our practice and they understand that they must keep any information safe especially the information that identifies you. This might be your name or address and anything you come to see us about. We are not allowed to give any of this type of information to anyone who shouldn’t see it. This includes talking to them about it.
Checking we are doing our best
All GP Practices are checked by organisations to make sure they are treating and caring for patients and families in the best way they can. The people who inspect us may ask to see a small number of Health Records. They check that notes are written clearly and are kept safe to ensure that we are recording and storing your information safely.
How long do we keep your information for?
We will keep a copy of your information in our Practice for as long as you are registered with our Practice.
Am I able to see the information you collect about me?
Yes! You or your family will need to ask your doctor or nurse first though as there may be things that we would need to explain to you such as abbreviations or medical words.
Can I have a copy of my records?
Yes! Your parent/ guardian will need to contact us to tell us what they want to see - it may just be part of your record, your x ray or a report. We will check they are who they say they are to make sure we are not sharing your information with anyone who shouldn’t see it. You may be able to request your health records yourself.
If I think some of my information is wrong can I do anything about it?
Yes! You or our parent or guardian needs to contact us at Westbrook Medical Centre. Let the practice know what it is that you think is wrong.
If I’m unhappy with the way you’ve used some of my information can I do anything?
Yes! Let us know by emailing us at WARCCG.email@example.com If you’re still not happy, you can contact the Information Commissioners office www.ico.org.uk
We hope this leaflet tells you what you need to know about the information we collect about you. If you want to know anything else, please email us at WARCCG.firstname.lastname@example.org
This information can be made available in other languages and formats if requested.
This information is available on our website: