The General Data Protection Regulation (GDPR) comes into effect in May 2018 and is an update to the data protection laws previously in place.
Medical confidentiality is the cornerstone of trust between doctor and patient and it has always been vital to us to keep your records secure and confidential. This will continue as before; however, we are now legally obliged to provide you with the following information in respect of how we process your data, and of your legal rights under GDPR.
St Brycedale Surgery is the data controller. We can be contacted at St Brycedale Road, Kirkcaldy, Fife, KY1 1ER, or by telephone on 01592 640 800.
The Practice Manager is the data protection officer, and can be contacted at St Brycedale Road, Kirkcaldy, Fife, KY1 1ER, or by telephone on 01592 640 800.
This practice can contribute to medical research and may send relevant information to medical research databases such as SPIRE (Scottish Primary Care Information Resource in Scotland) – when the law allows.
For the purpose of direct patient care, either from the practice or within the NHS hospital service, we imply your consent to pass on relevant clinical information to other professional staff involved in your direct care.
GDPR protects certain sensitive information, such as race or sexual orientation, as ‘Special Category Data’. This information would only be processed in respect of direct patient care when ‘necessary... in the exercise of official authority vested in the controller’ (Article 6(1)(e)) or when ‘necessary for compliance with a legal obligation’ (Article 6(1)(c)) or when ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...’ (Article9(2)(h))’.
For purposes other than the provision of direct patient care, we would only pass on relevant clinical information when ‘necessary for compliance with a legal obligation’ (Article 6(1)(c)) or when ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...’ (Article9(2)(h)) or when ‘necessary for the performance of as task in the public interest’.
Special category data would only be shared in respect of a legal obligation when ‘for the purpose of preventative...medicine...the provision of health or social care or treatment or the management of health or social care systems and services...’ (Article9(2)(h)), and only shared in respect of medical research when ‘necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject’ (Article9(2)(j)).
You have a right to object to your data being processed in certain circumstances.
You have the right to access your medical record and to have inaccurate data corrected.
Your records will be retained by us for as long as you remain registered here as a patient.
You have the right to lodge any complaint in relation to the processing of your data with the Information Commissioner’s Office (ICO).
For further information on GDPR, please visit the website of the ICO - https://ico.org.uk/