Direct Care Privacy notice
Aspire Medical Health uses your information to provide you with healthcare.
This practice keeps medical records confidential and complies with data protection legislation.
We hold your medical record so that we can provide you with safe care and treatment.
We are required by law to provide you with the following information about how we handle your information. Our full list of Privacy Notices can be found here.
Direct Care privacy notice details
| Data Controller contact details |
Aspire Medical Health, Wells Road , Strood, Rochester, Kent, ME2 2PW |
| Purpose of the processing |
To give direct health or social care to individual patients. For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care. A list of Practice processing activities can be found here. |
| Information we collect and use |
- Special data information including racial or ethnic origin; religious or philosophical beliefs; genetic data; biometric data (where used for identification purposes); data concerning health; data concerning a person’s sex life; and data concerning a person’s sexual orientation.
- Demographics: name, address, date of birth, postcode, and NHS number
- Medical history
- Adult and Children safeguarding information
- Third party identifying data: basic details about other individuals that may be involved in providing your care and support services, e.g. emergency contacts, relatives, mobility services providers, home care support
|
| Lawful basis for processing |
These purposes are supported under the following sections of the UK General Data Protection Regulations:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018
The legal obligation relies on the Health and Social Care Act 2012 s251(b) (as amended by the Health and Social Care (Safety and Quality) Act 2015 which created a statutory ‘duty to share’).
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” to keep information about you confidential. |
| Recipient or categories of recipients of the processed data |
Please see our main privacy notice for a full list of organisation we share information with
The Practice may also receive information about your health from these organisations who are involved in providing you with health and social care. This means your GP medical record is kept up-to date when you receive care from other parts of the health service. |
| NHS Summary Care Record |
The Summary Care Record is an electronic record of important patient information created from GP Medical Records. They can be seen and used by authorized staff in other areas of the health and social care system involved in a patient’s direct care. |
| National Screening Programmes |
The NHS provides national screening programmes so that certain diseases can be detected at an early stage. The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme. Information regarding screening programmes can be found here. |
| Population Health Management |
This enables the Practice to identify the appropriate level of care and services for distinct groups of patients. It is the process of assigning a risk status to patients, then using this information to direct care and improve overall health outcomes. |
| National Data Opt-out |
The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning.
The National Data opt-out can be applied here.
It is worth noting that in a small number of exceptional circumstances, where senior health care professionals can decide to share information based on public interest, and in these cases the National Data Ot-out does not apply.
The Confidentiality Advisory Group (CAG) considers applications for the use of patient data without consent under the following regulations of Control of Patient Information Regulations 2002 , Section 251 of the NHS Act 2006:
Regulation 2 – for diagnosis and treatment of cancer
Regulation 5 – for general medical and research purpose
Specific exemptions to the national data opt-out policy have been made for disclosure of data for:
- Public Health England National Disease Registers
- Assuring Transformation
- National patient experience surveys
There are also specific policy considerations for NHS Digital, as the national safe haven of health and care data with specific powers under the Health and Social Care Act 2012. National data opt-outs do not apply where NHS Digital indicate data should be provided to them under s259 of the Health and Social Care Act 2012.
|
For details on your rights and who to complain please see the main privacy notice