This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.
 

Noticeboard

Are you a female patient aged 16 - 65 years and suffering with pain when passing urine or feeling like you need to go more often? You may have a urinary tract infection and could be eligible to receive antibiotics straight from your local chemist under the new Pharmacy First Initiative. Please click here for more information.

Practice Privacy Notice

The Broomhill Practice Privacy Notice

This privacy notice explains why the GP Practice collects information about you, how that information may be used and which organisations the information will be shared with to ensure you receive the best possible care.

Who we are:

Drs Marshall, Gambhir, Cuthbertson and MacSween of the Broomhill Practice, 41 Broomhill Drive, Glasgow G11 7AD

Our responsibility to you:

We take your trust and right to privacy seriously and are committed to ensuring that whenever we process personal information we do this fairly, lawfully and in a transparent manner. We comply fully with all of our obligations under the data protection laws. These laws include the Data Protection Act 1998 (DPA), and any statutory modification or re-enactment thereof, and the EU General Data Protection Regulation (GDPR)

Data Protection Act

The Data Protection Act 1998 (DPA) was enacted to ensure the fair and lawful processing of personal data. The DPA governs how organisations can collect and process information about individuals. It explains the rights of individuals (data subjects) and the responsibilities of the organisations (data controllers) which collect and process personal data. It also details the requirements of any third party organisations (data processors) which process personal data on behalf of data controllers. The DPA is regulated and enforced by the UK Information Commissioner's Office (ICO).

General Data Protection Regulation

A new General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), which strengthens and unifies data protection for individuals within the European Union, will come into force on 25 May 2018. The Regulation has been designed to harmonise data privacy laws across Europe, to protect and empower all citizens' data privacy and to reshape the way organisations across the EU approach data privacy. NRS is working in collaboration with our partners in government and other sectors to implement the Regulation and to ensure that all of our policies and operations are compliant with it.

 

Data Protection in the Broomhill Practice

We regard the fair, lawful, and transparent treatment of personal information as integral to the success of our business operations and to maintaining the confidence of our patients. Our commitment to effective data protection is set out in the Broomhill Practice Data Protection Policy.

 The data controllers in the Broomhill Practice are the Partners and the Practice Manager who are responsible for ensuring that all collection and processing of personal data within the Brommhill Practice complies with the data protection laws. The Broomhill Practice Data Protection Officer is the Practice Manager. She is responsible for monitoring and auditing compliance with the data protection laws, ensuring that our doctors, nurses and all staff understand and comply with their obligations, and assessing the risks associated with the processing of personal data.

The registration number of our entry in the ICO Register of data controllers is ZA184541.

 Subject Access Requests

The DPA and the GDPR give data subjects a legal right to access the personal information the Broomhill Practice holds about them. These requests are known as subject access requests and we will process them within one month. We will also provide you with information about any processing of your personal data that is being carried out, the retention periods which apply to your personal data, and any rights to rectification, erasure, or restriction of processing that may exist.

Subject access requests must be submitted in writing and anyone making an oral request will be invited to complete our Subject Access RequestForm. More information about making a subject access request is available in the form.

 

Privacy Notices

The Broomhill Practice uses privacy notices to tell you what to expect whenever we collect and process personal information. If at any time you feel that we are not being transparent enough about how we process your personal data or you would like more information then please let us know using the contact information below.

Data Protection Impact Assessments

The Broomhill Practice uses data protection impact assessments (DPIAs), also known as privacy impact assessments (PIAs), to help us identify the most effective way of complying with our data protection obligations and meeting individuals' expectations of privacy.

DPIAs are a tool organisations can use to identify and reduce risks to privacy. They help minimise the risks of harm to individuals through the misuse of their personal information.

 

It is our policy to carry out DPIAs for all projects which involve the handling of personal data and which may have an impact on privacy.

 

CCTV

CCTV is in use within the Building and complies with the Information Commissioner’s Office CCTV Code of Practice.

 

Right to complain

Should you feel that the Broomhill Practice is handling your data unfairly or unlawfully, you can report your concern to the Information Commissioner’s Office (ICO). For more information visit the ICO website:   

 

Practice Contact Information

Broomhill Practice

Data Protection Officer

41 Broomhill Drive

Glasgow

G11 7AD

Tel: 0141 339 3926

What Information Do We Collect?

Your healthcare records contain information about your health and any treatment or care you have received previously (e.g. NHS Health Board, GP Surgery, NHS24, etc.). NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your healthcare record may include the following information;

 

  • Details about you, such as address and next of kin
  • Any contact the surgery has had with you, such as appointments, clinic visits, and emergency appointments, etc.
  • Notes and reports about your health
  • Your CHI Number
  • Your NHS Number
  • Details about your treatment and care
  • Results of investigations, such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you
 Why Do We Collect This Information?

To ensure you receive the best possible healthcare, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may also be used for clinical audit to monitor the quality of the service provided.

 Who Will We Share Your Information With?

For the purposes of providing the best possible healthcare and to fulfil our statutory obligations, we may need to share your information with the following organisations:

 

  • Secondary Care (Hospitals)
  • Community Pharmacy
  • Primary Care Pharmacy
  • Community-based Nurses
  • Other Primary Care Health Organisations
  • Other NHS Greater Glasgow and Clyde Employed Staff
  • Common Services Agency (NHS National Services Scotland)
  • Home Office
  • UK Regulatory Bodies such as the General Medical Council
  • NHS Blood and Transplant
  • NHSCR/General Registers Office


What are the Statutory Obligations regarding your healthcare information?

What is shared

Who is it shared by

Who is it shared with

Why

When

All data on GP practice registration form (electronic)

General Medical Practices

Common Services Agency (NHS National Services Scotland)

Community Health Index and Accurate payment

All GPR forms from all General Medical Practices in Scotland

All data on prescription (electronic)

General Medical Practices

Common Services Agency (NHS National Services Scotland)

To support accurate dispensing of the prescription

All prescriptions

All data on GP practice registration form (electronic)

Common Services Agency (NHS National Services Scotland)

Common Services Agency (NHS National Services Scotland)

Prevention, Detection and investigation of Crime.  NSS host NHS Scotland Counter Fraud Services

Only when a patient, GP or other worker in the GP practice has been identified as potentially committing fraud

Patient demographic data from the GP Practice registration form

Common Services Agency (NHS National Services Scotland)

Home Office

Prevention, Detection and investigation of Crime

Only data for specific patients who are subject to enquires by NHS Scotland healthcare providers or by the Home Office for proscribed offences, in respect of receipt of NHS Scotland treatment and services as an overseas visitor (non-EEA foreign national)

All data on GP practice registration form (electronic) as held on CHI

Common Services Agency (NHS National Services Scotland)

NHS Boards

Accurate payment, Clinical Governance, Public Health, Screening Services

All data relating to all patients registered with General Medical Practices in that NHS Board area

All data on GP practice registration form (electronic) as held on CHI

Common Services Agency (NHS National Services Scotland)

UK Regulatory Bodies such as the General Medical Council 

Professional Regulation

Only data relating to specific patients registered by someone under investigation by a Regulatory Body

GP medical records (paper and electronic) for patients who are moving to another practice or have left the UK or have died.

General Medical Practices

Common Services Agency (NHS National Services Scotland)

To transfer to the next registered GP practice or to retain in secure storage

Whenever a patient leaves a GP practice or dies

GP temporary medical records (paper and electronic) for patients who have been seen by someone other than their registered GP practice

General Medical Practices

Common Services Agency (NHS National Services Scotland)

To transfer to the registered GP practice or to retain in secure storage

Whenever a patient is seen by a GP practice other than the one they are registered with

 Patient demographic data and choice of organ donation

Common Services Agency (NHS National Services Scotland)

NHS Blood and Transplant

Maintenance of the UK organ donor register

Whenever a patient decides to provide organ donation information via the GP registration form

Patient demographic data from the GP Practice registration form

Common Services Agency (NHS National Services Scotland)

NHSCR/General Registers Office

Maintenance of NHSCR  dataset

Demographic data for all patient is shared in order to keep the NHSCR dataset in line with CHI. The NHSCR dataset is used to identify which patients are in which NHS Boards, and which have left Scotland to other parts of the UK


 How Do We Maintain the Confidentiality of Your Records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of confidentiality and Security. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an

NHS organisation has a legal duty to keep it confidential. We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on. Anyone who receives information from us is also under a legal duty to keep this information confidential.

 

How your records are used to help the NHS

Your information may be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development, monitor NHS performance, to help the NHS plan for the future and to investigate complaints in respect of the services we commission.

We will not publish any information that identifies you or routinely disclose any information about you without your express permission. At any time you have the right to refuse/ withdraw consent to information sharing. The possible consequences will be fully explained to you, such as potential delays in receiving care.

There may be circumstances where we are bound to share information about you owing to a legal obligation, such as for the benefit of public health in the event of a pandemic.

Access to Your Information

You have a right under the Data Protection Act 1998 to access/view what information the surgery holds about you, and to have it corrected should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

If you would like to make a ‘subject access request’ please contact the Practice Manager in writing.

 



 
NHS ScotlandThis site is brought to you by My Surgery Website