Working together for excellent healthcare

Mobile Site

Sign in


Are you aware that your personal medical information that you share with your GP or other healthcare professional is about to be extracted and stored on a computer outside of the control of this practice where the practice will have no say on who has access to that information?


There are changes occurring in how we protect the confidential and personal information that we record in your medical records. The changes make it a legal obligation for us to share your information (see below).  The proposed benefits of sharing identifiable data are to help you plan and monitor effective patient services, especially where patients receive care from several different organisations.


What we record at our practice:


Healthcare professionals in our practice record information about the care we provide.


The type of information that is recorded includes the following;


  • Demographics, e.g. address, telephone number, e-mail, date of birth, gender, etc.
  • What you tell us when you see us in consultations e.g. about your physical and psychological health and social circumstances.
  • Diagnoses, investigations, treatments, referrals, family background.
  • Social information e.g. housing status, alcohol, smoking data.
  • Third party sources e.g. hospital letters, A&E attendances, relatives, carers, insurance companies, solicitors.


What we already share about you:


We share different types of information about our patients. These include:


  • Personal information about you and your illness, when needed for your direct care, e.g. referral to hospital consultants, district nurses, health visitors, midwives, counsellors, the summary care record.
  • Patient indentifiable information to public health, in order to arrange programs for childhood immunisations, communicable diseases, cervical smears and retinal screening.
  • With explicit consent, personal information to other organisations outside the NHS e.g. insurance companies, benefits agencies.
  • Limited information about you, if relevant, to protect you and others, e.g. to social services child protection investigations.
  • Under certain acts of parliament to protect you and others e.g. court order.
  • Summary information which is anonymised (can not identify you) e.g. quality and outcome frameworks (QoF), medical research and clinical audit.


It is also important to understand that currently a limited amount of patient information or data is used mostly at local level to help design health services or undertake clinical audit.

Some information is used at a national level. Information from lots of individual patients allows the NHS to build a picture of what is happening to the nation's health. The majority of this information is anonymised before it leaves the healthcare professional, in other words no one can identify who the information relates to.


How we protect your personal information:


Currently, your GP is responsible for protecting your information and to do this they comply with the Data Protection Act 1998 (DPA). As part of the DPA, all healthcare professionals have an obligation to only share information on a need to know basis.

For further information on the DPA, please follow the link below;



So what is changing?


Under the Health and Social Care Act 2012 the Health & Social Care Information Centre (HSCIC) on behalf of NHS England (the body responsible for commisioning health services across England) will be able to extract personal and identifiable information about all patients in England. The programme, called, is administered by the HSCIC using software and services provided by a private sector company. Once your identifiable information has been taken from different health organisations (GP practice, hospitals, mental health trusts) it will then be linked together to produce a complete record about you. This information will be stored on national secure servers and will be managed by HSCIC. Although access to information will be strictly controlled, the HSCIC is planning to share this information with other organisations both NHS and private. The HSCIC will decide what information they will share and who they then share this information with.


Your GP will not be able to object to this information being released to HSCIC and will no longer be able to protect your information under the DPA as stated above.

Effectively, where the HSCIC is concerned the health and social care act over rules the DPA with regard to disclosure of personal information.


What you need to do:


  • If you are happy for NHS England to direct the HSCIC to extract, store and manage/use your personal information then you need to do nothing as the information will be automatically taken from your GP's computer systems.


  • If you don't wish your information to be extracted then you MUST complete the document below, which will block the uploading of your identifiable and personal information to the HSCIC.


  • If you are happy for your information to be extracted and used by the HSCIC for anonymised reports but NOT shared by the HSCIC with other agencies or companies in identifiable format, you can ask your GP practice to add a code to your record which will alert the HSCIC not to use your information in this way.


  • It should be emphasised that your access to health care and the care that you receive will not be affected by either decision.


Opt-Out Form:


If you wish to opt-out, please click here. Once complete, please hand into reception.

Confidentiality, Patient Data and GDPR

Accessibility                    Cookies                    Terms of Use                    Site Map

Patient Data


All patient information is considered to be confidential and we comply fully with the Data Protection Act. All employees have access to this information in relation to their role and have signed a confidentiality agreement. Information may be shared, in confidence, with other NHS organisations in the interests of patient care.


CCTV is installed internally in public areas for security. Recordings are used entirely at the discretion of the partners and management team including provision of images to the police or other official bodies, and will otherwise comply with the Practice's Data Protection registration. The practice is not able to provide CCTV recordings to patients or any third parties unless requested by the police.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) became law on 24th May 2016. This is a single EU-wide regulation on the protection of confidential and sensitive information. It enters into force in the UK on the 25th May 2018, repealing the Data Protection Act (1998).


To view our data protection privacy notice for patients in full, please click here.