Privacy Notice

Why we collect information about you

Health care professionals that provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation.  These records help to provide you with the best possible healthcare.

We collect and hold data for the sole purpose of providing healthcare services to our patients.

In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address.

They may also contain more sensitive information about your health and also information such as outcomes of needs assessments.

Summary Care Record (SCR)

Emergency care information such as your name, date of birth, the name of your GP, any medicines your GP may have prescribed, any medicines you are allergic or sensitive to is shared with Out Of Hours as this might be important if you need urgent medical care when the surgery is closed.

NHS staff (Doctors, Nurses, ambulance crew, A&E personnel) can look at your SCR if they need to treat you when the surgery is closed.  They will ask for your consent before they look at your records.  In an emergency and if you are unconscious, staff may look at your SCR without your consent to help them give you the best possible care.

Your SCR is auditable, so we can always check who has looked at your record.

How we keep your information confidential and safe

Upwell Street Surgery is committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998, Article 8 of the Human Rights Act, the Common Law of Confidentiality, The General Data Protection Regulation and the NHS Codes of Confidentiality and Security. 

We will only ever use or pass on your information if there is a genuine need to do so.  Without your explicit permission, we will not disclose information about you to third parties, unless there are exceptional circumstances, such as when the law requires.

To ensure your confidentiality, we will not normally disclose any medical information about you over the telephone, or by fax, unless we are sure that we are talking to you.  We will not disclose information to your family, friends etc. unless we have your verbal or written consent to do so.

How we use your information

We primarily use the information we collect, and keep in your records, to enable our clinicians to provide for your ongoing care.  This information is used to:

•           Provide a basis for all health decisions made for, and with you, by our healthcare professionals.

•           Ensure all care is safe and effective.

•           Work effectively with others who also help provide your care

•           Send you notifications about services, appointment reminders/cancellations, health promotion and flu clinics.

•           Next of Kin for emergency contact only.


We may also use/share your information for the following purposes:

•           Undertaking health research and development (with your consent –  you may choose whether or not to be involved)

•           Training and educating healthcare professionals.

•           Helping staff to review the care you have been given to ensure it is of a high standard.

•           Investigating complaints, concerns or legal claims.

•           Looking after the health of the general public.

•           Making sure services can meet future patient needs.

•           NHS statistics/health trends etc. – steps will be taken to ensure you cannot be identified.

•           Research - steps will be taken to ensure you cannot be Identified. If the research is to do with you personally, your consent will be asked  before any information is provided.

•           Auditing - Patient identifiable information will only be used within the practice.


Sharing your information

We share your personal information with other NHS organisations.  For example, we may share your information for healthcare purposes with NHS hospitals, including private hospitals, care homes, hospices, relevant General Practitioners, Dentists, Opticians, Pharmacies, Out Of Hours services, NHS England and Ambulance services etc. where they are directly involved in your care.

We may need to share information from your health records with other non-NHS organisations, including Social Services.  However, we will not disclose any health information to third parties without your explicit consent to do so, unless there are exceptional circumstances, such as when the health and safety of others is at risk or where the law requires it.

We may also be asked by other statutory bodies to share basic information about you, such as your name and address, but not sensitive information from your health records. This would normally be to assist them to carry out their statutory duties.  In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the General Data Protection Regulation 2016/679 Data Protection Act that we may share that data.

These non-NHS organisations may include, but are not restricted to:

•           Social Services

•           Education services

•           Local authorities

•           The police and fire services

•           Voluntary sector providers who are directly involved in your care


Sharing of information is with your consent only, unless there are exceptional circumstances, such as when the law requires.

Who else may ask for access to your information

•           The court can insist that we disclose medical records to them

•           Solicitors often ask for medical reports.  We will require signed consent from you before releasing any information.  We will not release any information about family (spouse, child etc.) contained within your records, without their express consent.

•           Social services / benefits agencies – may require medical information from time to time. We will need your signed consent before we release any information.

•           Insurance companies/employers/occupational health – may require medical information from time to time. We will need your signed consent before we release any information.


Sharing information without your consent

There may be times when we may be required by law to share your information, for example:

•           Where there is a serious risk of harm or abuse to you or other people

•           Where a serious crime, such as assault, is being investigated or where it could be prevented.

•           Where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not sensitive information such as HIV/AIDS).

•           Where a formal court order has been issued.

•           Where there is a legal requirement, i.e. you had committed a road traffic offence.


Medicine Management

We have a pharmacist and pharmacy technicians, provided by NHS England, who along with the GP’s, perform a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost effective treatments.


Computer System

We operate a clinical computer system to record information about your health securely and in a format which allows us to audit your records.  This information allows us to share your health records with other clinicians in the surgery and anyone who has shared care access to your records (districts nurses etc.).  This ensures that everyone caring for you is fully informed about your relevant medical history.

To provide 24 hour care, we will make this information available to trusted organisations, unless you have asked us not to. Wherever possible, you will be asked consent before any information is viewed.


Shared Care Records

To improve the sharing of relevant health care and to help support your ongoing care, we will share information to other NHS systems i.e. medication details for Out Of Hours care, unless you request us to stop.

If you have any concerns about how we share your information, or you do not wish to us to share your information, please contact the practice manager via email on

Risk Prediction

Risk prediction data tools are used within the NHS to help determine a person’s risk of suffering a particular condition, helping to prevent any unplanned hospital admission or re-admissions. Information is collected from a number or sources such as hospital attendances and your GP practice.  A risk score, (1-100, the greater the score the more likely you are to have an admission to hospital), is generated through an analysis of your data.

De-identifiable information is fed back to your GP’s in an identifiable form.  Theses scores will help your GP to focus on preventing further ill health and not just the treatment of your illness.


Access to your information

Under the General Data Protection Regulation every patient has the right to see, or have a copy of data we hold that can identify you, with some exceptions. You do not need to give a reason to see your data.

If you want to access your data you must make the request in writing. Under special circumstances, some information may be withheld. If you wish to have a copy of the information we hold about you, please contact us in writing (there may be a charge for excessive requests).  We are required to respond to you within one month.

You will need to give us adequate information i.e. full name, address, date of birth, NHS number, two forms of identification etc., to enable us to identify you and provide the correction information


Anyone who receives information from us is also under a legal duty to keep it confidential and secure.

Each staff member at Upwell Street Surgery has signed a confidentiality agreement in relation to patient’s personal health information and the consequences of breaching that duty.

Information is accessed by non- clinical staff such as secretaries, Administrators and receptionists.  This access is for, but not limited to:

•           Typing referral letters

•           Opening letters from hospital/other health care providers.

•           Scanning letters from hospital/other health care provider, reports and any other

Documents not sent in an electronic format.


•           Photocopying or printing documents for referral to hospital/ other health care providers.


•           Photocopying or printing documents for medico legal and insurance reports and other associated documents.


Online registrations

This service allows you to book/cancel appointments, order prescriptions  and review your medications. You can also update your telephone number or email address via this service.

You will need to register to use this service and can de-register at any time.

Mobile telephone number

If you provide us with your mobile phone number we may use this to send you reminders about your appointments or other health screening information. Please let us know if you do not wish to receive reminders on your mobile.

For independent advice about data protection, privacy and data-sharing issues, you can contact:

The Information Commissioner

Wycliffe House

Water Lane




Phone: 0303 123 1113       Website: