Privacy Notice
This privacy notice explains why Fieldhead Surgery collects information about patients, members of staff and visitors to the practice, and how we use your information.
So that we can provide you with the best possible service, a variety of information is collected about you from a range of sources, such as your local NHS hospitals. This information is used to support your healthcare. Under the General Data Protection Regulation (GDPR) information about your physical and mental health, racial or ethnic origin and religious belief are considered as special category (sometimes known as sensitive) personal information and is subject to strict laws governing its use. This page explains why Fieldhead Surgery collects personal information about you, the ways in which such information may be used, and your rights under the General Data Protection Regulation. Fieldhead Surgery is legally responsible for ensuring its processing of personal information is in compliance with the general data protection regulation. Fieldhead Surgery becomes what is known as the data controller, which simply means that we are responsible for maintaining the security and confidentiality of the personal information that you provide us with.
Fieldhead Surgery is a GP practice delivering primary care services as part of the NHS. Our address is Leymoor Road, Golcar, Huddersfield, West Yorkshire, HD7 4QQ. We are registered as a Data Controller with the Information Commissioner’s Office (ICO), registration number Z5797500.
We collect and process the following categories of personal data:
- Personal Identification Information: Name, address, date of birth, phone number and email address
- Health Information: Medical history, test results, prescriptions, referrals and any information you provide during consultations.
- Demographic Information: Ethnicity, gender and language preferences (if provided).
- Administrative Information: NHS number, appointment history and correspondence records.
- Emergency contact details: Next of kin or other contacts you have provided.
All clinicians and health and social care professionals caring for you keep records about your health and any treatment and care you receive from the NHS. We process your personal data to:
- Provide safe, effective and personalised medical care
- Communicate with you about appointments, test results and referrals
- Maintain your medical records in line with legal and professional requirements
- Share information with other healthcare providers to ensure continuity of care (e.g. hospitals, pharmacies, specialists)
- Fulfil our obligations as an NHS provider, such as submitting anonymised data for audits or health research.
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes to your contact details. This minimises the risk of you not receiving important correspondence.
We only share your data when necessary for your care as required by law. Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us also has a legal duty to keep it confidential. This includes sharing with:
- NHS organisations (e.g. NHS Digital. NHS England)
- Healthcare providers involved in your care (e.g. hospitals, community health teams).
- Other organisations for statutory reporting purposes (e.g. Public Health England).
- Third-party service providers for administrative support (e.g. IT providers, appointment systems), under strict confidentiality agreements.
For more information please refer to Summary Care Records (SCR) – information for patients – NHS England Digital.
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information.
Your data is stored securely on NHS-approved systems. We implement robust security measures, including encryption, access controls and regular audits, to protect your data from unauthorised access, loss or misuse.
Confidentiality affects everyone: Fieldhead Surgery collects, stores and uses large amounts of personal and sensitive personal data every day, such as medical records, personnel records and computerised information. This data is used by many people in the course of their work.
We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
The organisation has appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.
GDPR gives you a right to access the information we hold about you on our records. Requests must be made in writing to the Practice. The Practice will provide your information to you within one month (this can be extended dependent on the complexity of the request) from receipt of your application. For more information please refer to A guide to subject access | ICO.
In the UK, patient information is processed based on the following legal grounds:
- Consent: Patient consent is required for certain treatments and sharing data, especially for research or specific purposes.
- Contractual Necessity: Data is processed when necessary to fulfil a healthcare contract, such as providing medical care or services.
- Legal Obligation: Healthcare providers must process data to comply with legal requirements, such as reporting health conditions or maintaining records.
- Vital Interest: In emergency situations, patient data may be processed to protect life or prevent harm
- Public Task: Data may be processed for public health purposes or to fulfil government health services and research needs.
- Legitimate Interests: Data may be processed when it is necessary for the legitimate interests of healthcare providers, provided this doesn’t override patient right.
For more information please refer to: Choose if data from your health records is shared for research and planning – NHS.
Call recording
Telephone calls to Fieldhead Surgery are routinely recorded for the following purposes:
- To make sure that staff act in compliance with Fieldhead Surgery procedures.
- To ensure quality control.
- Training, monitoring and service improvement.
- To prevent crime, misuse and to protect staff.
When attending the Practice for an appointment or a procedure you may be asked to confirm that the Practice has an accurate contact number and mobile telephone number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.
All patients who receive NHS care are registered on a national database. This database holds your name, address, date of birth and NHS number but it does not hold information about the care you receive. The database is held by NHS Digital a national organisation which has legal responsibilities to collect NHS data.
More information can be found at https://digital.nhs.uk/ or by phone on 0300 303 5678
Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital. This means we can offer patients additional care or support as early as possible.
This process will involve linking information from your GP record with information from other health or social care services you have used. Information which identifies you will only be seen by the practice. Please speak to the practice if you require further information.
Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm. These circumstances are rare. We do not need your consent or agreement to do this. Please speak to the practice if you require any further information.
Consent for treatment is a fundamental part of healthcare, ensuring patients are fully informed and able to make voluntary decisions about their care. Before providing any examination, treatment or intervention, healthcare professionals must obtain valid consent, which requires that patients understand the proposed procedure, its benefits, risks, and alternatives. Consent can be explicit (written or verbal) or implied, depending on the nature of the treatment. Patients also have the right to refuse or withdraw consent at any time, even if this may impact their health. For more detailed information on your rights and how consent works please refer to Consent to treatment – NHS
- You have the right to object to information being shared between those who are providing you with direct care.
- This may affect the care you receive – please speak to the practice.
- You are not able to object to your name, address and other demographic information being sent to NHS Digital. This is necessary if you wish to be registered to receive NHS care.
- You are not able to object when information is legitimately shared for safeguarding reasons.
- In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm. This information will be shared with the local safeguarding service.
- You have the right to access your medical records and have any errors or mistakes corrected. Please speak to a member of staff.
- We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
The right to be forgotten and erasure of data does not apply to an individual’s health record or for public health purposes.
All records are retained and destroyed in accordance with the NHS Records Management Code of Practice.
The Practice does not keep patient records for longer than necessary and all records are destroyed confidentially once their retention period has been met, and the Practice has made the decision that the records are no longer required.
The Data Controller responsible for keeping your information confidential is:
Fieldhead Surgery
Data Protection Officer (DPO): Helen McNae. Please contact via email Helen.McNae@this.nhs.uk
Patients who have a concern about any aspect of their care or treatment at the Practice or about the way their records have been managed, should contact the Practice Manager or Operations Manager. If you have any concerns about how we handle your information you have a right to complain to the Information Commissioners Office. Information Commissioner’s Office (ICO).
The Freedom of information Act 2000 provides any person with the right to obtain certain information held by Fieldhead Surgery, subject to a number of exemptions. If you would like to request some information from us, please contact us at the practice.
Please note: if your request is for information we hold about you (for example, your health record), please refer to “How You Can Access Your Records”.