General Data Protection Regulations (GDPR)
To support the care we give you we will be making use of some of your data.
The formal legal basis for processing your data as defined by GDPR is “Necessary for the provision of health or social care or treatment or management of health and social care systems and services” (Article 9(2)(h); this encompasses the following:
- We will ask you to confirm your identity, address and date of birth. This is to confirm that we have the correct records during your treatment.
- The doctor or nurse may ask permission to view your medical records so (s)he can better understand your diagnosis and treatment. The doctor or nurse also has access to the records of any original consultation with 111. If you do not give consent this may harm your treatment. Non-clinical staff do not have access to your medical record.
- The doctor will make notes of the consultation and any treatment. These notes are sent automatically to your own GP – another reason why we need to be sure of your identity.
- We may later contact you about your care; for example if you are given any drugs and need to pay the due prescription fee.
- ELMS’ staff may review data in order to improve performance and investigate incidents with the aim of developing the service. For example we may investigate whether a patient was directed to the correct service in a particular instance; this will mean a review of medical details but will be anonymised as far as possible.
Where we share data for operational and performance reasons outside ELMS we will takes steps to protect your identity. We will not otherwise share your personal details except where required for your personal health care (for example to your own doctor or to any hospital department we may refer you to), for statutory compliance or with the police.
The systems we use are web based which means that data is transferred over the secure NHS N3 network to the data centre. None of this data will be transferred outside the EU.
If you ask us to collaborate with other agencies or individuals from outside ELMS’ services in other ways, we will ask you for formal, written consent to share this data.
You have the right to see your medical record. The best way to do this would be through your own GP as ELMS do not hold the master copy. You have the right to refuse access to your medical record when ELMS’ GP asks, but this may harm your treatment and will be noted on your medical record.
We have CCTV in place at our Blackburn site. These images are recorded for purposes of crime prevention and for the personal safety of staff and patients. They are stored for approximately 30 days before being overwritten. We will not share these images with anyone outside ELMS other than the police.
If you have any questions you can email them to us at email@example.com. Through this email address you can contact the Data Protection Officer (who is in control of data protection issues at ELMS) and we can advise you on where to make complaints about data protection issues.
The Data Controller is East Lancashire Medical Services, St Ives House, Accrington Road, Blackburn BB1 2EG.