Easy Read Privacy Notice Leaflet
Welcome to Foundry Lane Surgery
We are a five GP training practice in Leeds. The original partnership pre-dates the NHS and was established on Foundry Lane
With patients' needs at the heart of everything we do, our website has been designed to make it easy for you to gain instant access to the information you need. As well as specific practice details such as how to register, you’ll find a wealth of useful pages covering a wide range of health issues along with links to other relevant medical organisations.
We are confident that our website will provide clear and concise help and give our patients the information they require in an easy and convenient format. It has been designed with the patient’s needs at the forefront of everything, from checking surgery times to letting us know what you think of us.
Our dedicated team are here to treat those minor ailments that occur as well as providing specialist management of long-term conditions and clinics covering a wide range of healthcare issues. The technology also means you can now do a lot of things from the comfort of your home such as order a repeat prescription or cancel an appointment.
Partners in Care
Once registered, patients and healthcare professionals work together to ensure the most appropriate care is provided. This partnership philosophy extends even further and our active patient group exists to make sure that patient needs and the practice offering are always heading in the same direction.
All consultation rooms are on the ground floor with access for wheelchairs, additionally there are disabled toilets facilities within the surgery.
Foundry Lane is not a limited partnership
The name and contact details of our organisation.
Name: Foundry Lane Surgery
Address: 95 Moresdale Lane Leeds LS14 6GG
The contact details of our data protection officer
Our Data Protection Officer is Louise Whitworth and they can be contacted on email: Leedsccg.firstname.lastname@example.org
What we do
As a GP practice we are responsible for your day to day medical care and the purpose of this notice is to inform you of the type of information that we hold about you, how that information is used for your care, our legal basis for using the information, who we share this information with and how we keep it secure and confidential.
It covers information we collect directly from you (that you have either provided to us, or from consultations with staff members), or we collect from other organisations who manage your care (such as hospitals or community services).
We are required by law to maintain records about your health and treatment, or the care you have received within any NHS service.
Our Commitment to Data Privacy and Confidentiality
As a Practice, we are committed to protecting your privacy and will only process data in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, the Common Law Duty of Confidentiality, professional codes of practice, the Human Rights Act 1998 and other appropriate legislation.
Everyone working for the Practice has a legal and contractual duty to keep information about you confidential. All our staff receive appropriate and ongoing training to ensure that they are aware of their personal responsibilities and their obligations to uphold confidentiality.
Staff are trained to ensure how to recognise and report any incident and the organisation has procedures for investigating, managing and learning lessons from any incidents that occur.
All identifiable information that we hold about you in an electronic format will be held securely and confidentially in secure hosted servers that pass stringent security standards.
Any companies or organisations we use we may use to process your data are also legally and contractually bound to operate under the same security and confidentiality requirements.
All identifiable information we hold about you within paper records is kept securely and confidentially in lockable cabinets with access restricted to appropriately authorised staff.
As an organisation we are required to provide annual evidence of our compliance with all applicable laws, regulations and standards through the Data Security and Protection toolkit.
Your information will not be sent outside of the United Kingdom where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.
In addition to our Data Protection Officer, we also have a senior person within the practice who is responsible for protecting the confidentiality of our records and ensuring that any use of your data is fair and appropriate- this person is the Caldicott Guardian. The Caldicott Guardian for the practice is: Dr B Rushforth.
The practice is registered with the Information Commissioners Office as a Data Controller- our registration number is Z6566621 and you can view our registration here from https://ico.org.uk/ESDWebPages/Search
We will endeavour to maintain our duty of confidentiality to you at all times and will only share data about you if we genuinely believe that it would improve the care you provide for you.
Other than for the purposes of direct care or indirect care (such as healthcare planning), we will only share your information without your permission when we are required to do so under exceptional circumstances (such as a serious risk to yourself and others) or if it is required by law.
The categories of personal data we hold and the sources we obtain them from
- Details about you, such as your name, address, carers, biological gender, gender identity, ethnic origin, date of birth, legal representatives and emergency contact details are collected from you when you register with the practice via the GMS1 form and new patient questionnaire you fill in when your register.
- Information that you provide about your health when you consult with healthcare professionals at the practice, which will be recorded in your notes
- Any contact the surgery has with you, such as appointments, clinic visits, emergency appointments, etc. are recorded on our clinical system
- Results of investigations such as laboratory tests, x-rays, etc. which are sent to the practice electronically from hospitals
- Any consultations you may have had with “extended access” hubs, which the practice is part of.
- We are routinely informed of any A&E visits or outpatient appointments at local hospitals
- We are routinely advised of any contact with out of hours providers or NHS111
- We hold details of any other relevant information from other health professionals, relatives or those who care for you. All information flows within the practice are routinely mapped as part of our GDPR compliance and compliance with the Data Security and Protection toolkit.
How we use your personal data (the purposes of processing).
As health professionals, we maintain records about you in order to support your care. By registering with the practice, your existing records will be transferred to us from your previous practice so that we can keep them up to date while you are our patient and if you do not have a previous medical record (a new-born child or coming from overseas, for example), we will create a medical record for you.
We take great care to ensure that your information is kept securely, that it is up to date, accurate and used appropriately. All of our staff are trained to understand their legal and professional obligations to protect your information and will only look at your information if they need to.
For provision of direct care:
In the practice, individual staff will only look at what they need in order to carry out such tasks as booking appointments, making referrals, giving health advice or provide you with care.
Primary Care Networks:
All practices in the UK are members of a Primary Care Network (PCN), which is a group of practices who have chosen to work together and with local community, mental health, social care, pharmacy, hospital and voluntary services to provide care to their patients.
PCNs are built on the core of current primary care services and enable greater provision of proactive, personalised, coordinated and more integrated health and social care.
We are members of Seacroft PCN along with Oakwood Lane Medical Practice, Park Edge Practice and & Windmill Health Centre.
This arrangement means that practices within the same PCN may share data with other practices within the PCN, for the purpose of patient care (such as extended hours appointments and other services), Each practice within the PCN is part of a stringent data sharing agreement that means that all patient data shared is treated with the same obligations of confidentiality and data security.
For commissioning and healthcare planning purposes:
In some cases, for example when looking at population healthcare needs, some of your data may be shared (usually in such a way that you cannot be identified from it). The following organisations may use data in this way to inform policy or make decisions about general provision of healthcare, either locally or nationally.
In order to comply with its legal obligations we may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012.
This practice contributes to national clinical audits and will send the data which are required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form, for example, the clinical code for diabetes or high blood pressure.
For research purposes:
Research data is usually shared in a way that individual patients are non-identifiable. Occasionally where research requires identifiable information you may be asked for your explicit consent to participate in specific research projects. The surgery will always gain your consent before releasing any information for this purpose, unless the research has been granted a specific exemption from the Confidentiality Advisory Group of the Health Research Authority
Where specific information is asked for, such as under the National Diabetes audit, you will be given the choice to opt of the audit.
For safeguarding purposes, life or death situations or other circumstances when we are required to share information:
We may also disclose your information to others in exceptional circumstances (i.e. life or death situations) or in accordance with Dame Fiona Caldicott’s information sharing review (Information to share or not to share).
For example, your information may be shared in the following circumstances:
- When we have a duty to others e.g. in child protection cases
- Where we are required by law to share certain information such as the birth of a new baby, infectious diseases that may put you or others at risk or where a Court has decided we must.
When you request to see your information or ask us to share it with someone else:
If you ask us to share your data, often with an insurance company, solicitor, employer or similar third party, we will only do so with your explicit consent. Usually the requesting organisation will ask you to confirm your consent, often in writing or electronically. We check that consent before releasing any data and you can choose to see the information before we send it.