Privacy Notice

Our privacy notice explains why we collect your information and how that information may be used.

Under the Data Protection Act 2018 we must ensure that your personal confidential data (PCD) is handled in ways that are transparent and that you would reasonably expect. The Health and Social Care Act 2012 and further legislation, has altered the way that personal confidential data are processed. Consequently, you must be aware and understand these changes and that you have the opportunity to object and understand how to exercise that right.

Healthcare professionals are required to follow a principle that says that the duty to share information can be as important as the duty to protect patient confidentiality, meaning that they should have the confidence to share information in the best interests of the patient and will be supported by their professional bodies and regulators in so doing.

Healthcare professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare. Data Protection law says it is appropriate to do so for health and social care treatment of patients and for management of health and social care systems and services.

Every member of staff who works for an NHS organisation is subject to the Common Law Duty of Confidentiality and has an obligation to keep information about you confidential and will receive annual training on how to do this.

It is important that you tell the person treating you or the reception staff if any of your details such as your name or address have changed or if any of your details are incorrect, such as your date of birth, next of kin or contact details.

NHS health records may be processed electronically, on paper or a mixture of both and through established working procedures and best practice coupled with technology we ensure your personal data is kept confidential and secure. Records held by us may include the following:

  • Your personal data, such as next of kin
  • Your history with us, such as appointments, vaccinations, clinic visits, emergency appointments etc
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations and referrals such as blood tests, x-rays, etc
  • Relevant information from other health professionals, relatives or those who care for you.

We obtain and hold data for the sole purpose of providing healthcare services to our patients and we will ensure that the information is kept confidential. We can disclose your personal information if:

  • It is required by law
  • You consent – either implicitly or for the sake of your own care or explicitly for other purposes
  • It is justified in the public interest, e.g. if a serious crime has been committed, if there is risk to the public or our staff and to protect vulnerable children or adults.

Some of this information is held centrally and used for statistical purposes. Where we hold data centrally, we take strict measures to ensure that individual patients cannot be identified.

Sometimes your information may be requested to be used for research purposes – the practice will always endeavour to gain your consent before releasing the information.

The Health and Social Care Information Centre (HSCIC but known as NHS Digital), under the powers of Health and Social Care Act 2012 (HSCA), can request personal confidential data (PCD) from GP practices without seeking patient consent. Improvements in information technology are also making it possible for us to share data with other healthcare providers with the objective of providing you with better care.

You may choose to withdraw your consent to personal data being used in this way.

When we are about to participate in a new data-sharing project we will make patients aware by displaying prominent notices in the practice and on our website at least four weeks before the scheme is due to start. Instructions will be provided to explain what you have to do to ‘opt out’ of each new scheme.

A patient can object to their personal information being shared with other healthcare providers but if this limits the treatment that you can receive then the doctor will explain this to you at any time. The practice can explain how to opt out of record sharing or to opt back in if you change your mind.


To ensure that adult and children’s safeguarding matters are managed appropriately, identifiable information will be shared in some limited circumstances where it is legally required for the safety of the individuals concerned.

Local sharing via share your care

Your patient record is held securely and confidentially on our electronic system. If you require attention from a health professional such as in an emergency department, minor injuries unit or by an out of hours service, those treating you will be better able to give appropriate care if some of the information from your GP record is available to them.

This information can be shared locally and electronically via the Berkshire Share Your Care system. This information is only used by authorised professionals in local health and social care organisations and involved in your direct care.

Your consent will be required before the information is accessed, unless you are unable to do that, e.g. unconscious, in which case if urgent access is required for your care, consent is overridden and the reason for access logged for auditing. You may opt-out of this sharing by talking to the practice

National sharing via summary care record

The NHS in England uses a national shared record to support safer patient care through providing authorised professionals with fast secure access to essential information about you in an urgent situation where they don’t have access to your detailed record. The core summary care record covers information about your current medications, allergies you suffer from and any bad reactions to medicines that you have previously experienced. Additional details can be added but only with your consent. You may opt-out of this sharing by completing our Summary Care Record Opt Out form.

Risk stratification

Risk stratification is a process that helps your family doctor (GP) to help you manage your health. By using selected information from your health records, a secure NHS computer system will look at any recent treatments you have had in hospital or in the surgery and any existing health conditions that you have.

This will alert your doctor to the likelihood of a possible deterioration in your health. The clinical team at the surgery will use the information to help you get early care and treatment where it is needed. NHS South Central and West CSU (the regional processing centre) supports GP practices with this work. NHS security systems will protect your health information and patient confidentiality at all times. Please note that you have the right to opt out of Risk Stratification.

Should you have any concerns about how your information is managed, or wish to opt out of any data collection at the practice, please contact the practice to discuss how the disclosure of your personal information can be limited. Patients have the right to change their minds and reverse a previous decision.

Invoice validation

We will use limited information about individual patients when validating invoices received for your healthcare, to ensure that the invoice is accurate and genuine. This will be performed in a secure environment and will be carried out by a limited number of authorised CSU staff. These activities and all identifiable information will remain with the Controlled Environment for Finance (CEfF) approved by NHS England. Where possible we will strive to use the NHS number as a quasi-identifier to preserve your confidentiality.

Our partner organisations

We may need to share your information, subject to agreement on how it will be used, with the following organisation:

  • NHS Trusts
  • Health and Social Care Information Centre (HSCIC)
  • Specialist Trusts
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private Sector Provider
  • Voluntary Sector Provider
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Commissioning Support Unit
  • Social Care Services
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police
  • Other data processors

Access to personal information held about you

Under the Data Protection Act 2018, you have a right to access/view information we hold about you, and to have it amended or removed should it be inaccurate. If we do hold information about you we will:

  • Give you a description of it
  • Tell you why we are holding it
  • Tell you who it could be disclosed to
  • Let you have a copy of the information in an intelligent form.

If you would like to make a “subject access request”, please contact the practice manager in writing. There may be charges for this service.

Any changes to this notice will be published on our website and in a prominent area at the practice.

We are registered as a data controller under the Data Protection Act 2018. The registration can be viewed online in the public register at: ICO Website: Register of Data Controllers.

How we keep your personal information confidential

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 2018 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.

We are aware of new legislation affecting confidentiality that is being implemented in the next year and will ensure that account is taken of the implications of the EU General Data Protection Regulation and when passed by parliament, the Data Protection Bill.

Information commissioner’s office

We are registered with the Information Commissioner’s Office under the registration number: Z5359893.