We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
North Hyde Practice
167 North Hyde Road, Hayes, Middlesex UB3 4NS | Telephone: 020 8573 8560
Privacy Notice
Introduction
At North Hyde, we are committed to safeguarding and respecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information. The General Data Protection Regulation (GDPR) became law on 24 May 2016. This was a single EU-wide regulation on the protection of confidential and sensitive information. It entered into force in the UK on the 25 May 2018, repealing the Data Protection Act (1998).
Following Brexit, the GDPR became incorporated into the Data Protection Act 2018 (DPA18) at Part 2, Chapter 2 titled The UK GDPR.
This organisation will ensure that any personal data is processed in accordance with Article 5 of the UK GDPR and information about how this is done will be provided to applicants in a format that is compliant with Article 12 of the UK GDPR.
This policy outlines your rights in relation to the processing of your personal data and the steps we take to ensure your data is handled lawfully, fairly, and transparently. By registering with us and receiving care at our practice, you agree to the collection and processing of your personal data in accordance with this policy.
Data Controller
As your registered GP practice, North Hyde Practice is the Data Controller for any personal data we hold about you.
Data Protection Officer
The Practice Data Protection Officer (DPO) is Ernest Norman-Williams. If you have any questions regarding data protection, please contact the Practice Manager at North Hyde Practice, 167 North Hyde Road, Hayes, Middlesex, UB3 4NS. Alternatively, you may contact us via our secure online form.
What Information We Collect
We collect both personal data and special category (sensitive) data as necessary to provide you with appropriate care. The following types of information may be collected:
1. Personal Data:
- Name
- Date of birth
- NHS Number
- Address information
- Contact details (email, mobile, landline)
- Medical notes (Paper or Electronic)
- Next of kin details
- Details of Treatment (pathology, X-ray, etc.)
- [Other relevant data such as gender, ethnicity, etc.]
2. Special Category Data:
- Health-related data (e.g., medical history, medication, appointments, treatments)
- Social care information
- Ethnicity, sexual orientation, and religious beliefs
This information is collected during registration or through your interactions with healthcare providers involved in your care.
Why We Collect This Information
We collect and process your personal data for several lawful purposes under the NHS Act 2006, the Health and Social Care Act 2012, and other related legislation. These purposes include:
- To provide medical care and treatment
- To improve the quality of care through audits, research, and retrospective reviews
- To coordinate with other healthcare providers, including hospitals, community services, and mental health services
- To perform tasks that are in the public interest or necessary for healthcare delivery
- For compliance with regulatory and legal obligations
How We Collect Information
We collect your information either directly from you (e.g., during registration) or from third parties (e.g., other healthcare providers). This information is securely stored in electronic or physical records, and we use a variety of secure technologies and working practices to ensure its confidentiality.
Who We Share Your Information With
To ensure coordinated care and appropriate treatment, we may share your information with the following organizations:
- Other GP practices, hospitals, and healthcare providers
- Local social services and community care organisations
- Urgent care providers, including minor injury units and out-of-hours services
- Mental health services, care homes, and palliative care facilities
- Clinical commissioning groups (CCGs) and NHS bodies
- Independent contractors (e.g., dentists, pharmacists, opticians)
- Ambulance services and emergency services
- Health and care research organisations (with your consent)
Information will only be shared where necessary for your healthcare or legal obligations, and we will ensure that your information remains confidential and secure. Your information will not be transferred outside the EU.
Third Party Processors
When third-party service providers process data on our behalf (e.g., IT services or data hosting), we ensure appropriate contracts are in place to protect your information and ensure it is handled according to our instructions.
Maintaining Confidentiality
We are committed to keeping your information confidential. Our staff is trained on the importance of data protection and confidentiality, and we ensure that only authorised personnel have access to your information. We will never disclose your information to a third party without your consent unless there are exceptional circumstances, such as:
- Risk of serious harm to yourself or others
- Court order or legal obligation
- Public health reporting (e.g., infectious disease notifications)
Electronic Patient Records and Sharing
We use secure electronic systems to maintain your healthcare records, which may be shared with other organisations involved in your care. If you prefer to restrict access to your records, you have the right to object. However, this may affect the continuity of your care.
Your Rights Regarding Your Data
Under the GDPR and Data Protection Act 2018, you have the following rights:
- Right of Access: You can request access to the personal data we hold about you.
- Right to Rectification: If your data is inaccurate or incomplete, you can request that we correct it.
- Right to Erasure: In certain cases, you can request that your personal data be deleted.
- Right to Restrict Processing: You can request that we limit how we process your data in certain situations.
- Right to Data Portability: You can request a copy of your data in a structured, commonly used format to transfer to another provider.
To exercise any of these rights, please contact the Practice Manager at the address provided above.
Health Risk Screening (Risk Stratification)
Risk stratification helps identify patients at higher risk of health deterioration or emergency admission. This information is used to tailor care and support to those who need it most. You have the right to object to this process, although this may affect your care.
Access to Medical Records Online
In Autumn 2023, we will provide patients with online access to their full medical records, including free text notes, letters, and documents. There may be some circumstances where access is restricted for safeguarding reasons.
Invoice Validation
In certain situations, we may need to share your personal data with the Integrated Care Board (ICB) for invoice validation purposes. This is necessary for determining the correct Integrated Care Board (ICB) responsible for payments related to treatments.
How Long We Retain Your Information
We will retain your information in accordance with the NHS Records Management Code of Practice and the NHS England retention schedule. Your data will be securely stored and deleted when no longer required.
Consent and Objections
Your consent may not be required for all types of processing, as some activities are carried out based on legal obligations or public interest. However, if we require explicit consent for specific processing, we will obtain it from you. You have the right to withdraw consent at any time.
National Data Opt-Out
If you wish to opt out of your data being used for purposes beyond your care (such as research or planning), you can register your choice with the NHS via the NHS website or by calling 0300 303 5678 (Monday to Friday between 0900 and 1700).
General practice data for planning and research collection
NHS E advise that the General Practice Data for Planning and Research (GPDPR) programme has been designed to help the NHS:
- Monitor the long-term safety and effectiveness of care
- Plan how to deliver better health and care services
- Prevent the spread of infectious diseases
- Identify new treatments and medicines through health research
NHS E About the GPDPR programme and Looking after your data provides additional information on data sharing.
Complaints
If you believe that your data protection rights have not been respected, you may file a complaint with the Practice Manager or contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 01625 545700
Online: Visit the ICO website
Changes to this Policy
We may amend this Privacy Notice from time to time. If there are significant changes to how we handle your data, we will notify you. For any questions or concerns about this Privacy Policy, please contact the Practice Manager.
This policy will remain in effect until further amendments are made and is in line with the latest legal requirements.