This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

General Data Protection Regulation (GDPR) Privacy Notice



Andy Smith

Revision Date

November 2018

Version Number

Version 3



As a result of a revision of the Data Protection Act 1988, the new General Data Protection Regulation (GDPR) requires Kingswood Health Centre to ensure that our patients and employees are aware of what personal data we hold on them, how we collect that data and with whom it is shared.


Our Data Controller is: Kingswood Health Centre

The GDPR Lead is: Andrew Smith

The Caldicott Guardian is: Dr Alex Hickson

The Data Protection Officer is: Kate Radziminska


How we use your personal information


This fair processing notice explains why Kingswood Health Centre collects information about you and how that information may be used.


The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.


NHS health records may be electronic, on paper or a mixture of both, and we use a combination of paper records and computerised data to ensure that your information is kept confidential and secure.


Records which we hold about you may include the following information;

  • Details about you, such as your address, carer, legal representative, emergency contact details
  • any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments,
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations such as laboratory tests, x-rays etc
  • Relevant information from other health professionals, relatives or those who care for you

To ensure you receive the best possible care, your records are used to facilitate the care you receive.


Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing any personal data for this purpose.


The surgery may also use your clinical information to conduct internal clinical audits to monitor the quality of the service we provide. All information is collated anonymously and is not shared with outside agencies.

  Risk Stratification

Risk stratification tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned admission or identifying a need for intervention.


Information about you is collected from a number of sources including Kingswood Health Centre. A risk score is then arrived at through an analysis of your information using software managed by EMIS Health, and is only provided back to your GP as data controller in an identifiable form. Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services.


Medicines Management

The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost effective treatments.


How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • General Data Protection Regulations (GDPR)
  • Data Protection Act 1998
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Health and Social Care Act 2012
  • NHS Codes of Confidentiality, Information Security and Records Management


Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.


We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the new General Data Protection Regulations (GDPR)


Who are our partner organisations that we share data with for Direct Care purposes?


We hold your Patient data under a duty of confidence. We generally operate on the basis of implied consent to use patient data for the purposes of direct care. This does not change under the new GDPR Regulations.


We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations; 

  • NHS Trusts / Foundation Trusts
  • Other GP Surgeries
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private and Voluntary Sector Providers
  • Child Health Information Service (SW CHIS)
  • Ambulance Trusts
  • Social Care Services
  • Health and Social Care Information Centre (HSCIC)
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police & Judicial Services


In most instances you will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen when this is required.


We may also use external companies to process personal information, such as for sending text messages and completing dictation of referral letters. These companies are bound by contractual agreements to ensure information is kept confidential and secure and Kingswood Health Centre has sought clarification that these companies are adhering to the principles of the GDPR regulations.

These companies are listed below:-

  • EMIS Health (suppliers of the GP clinical system that stores your medical record)
  • EMIS Patient Access (suppliers of the online system that controls prescription requests and online booking of appointments)
  • PCTI Docman (suppliers of the scanning software that holds all paper/letter documentation)
  • Mjog (suppliers of the texting service that allows us to communicate with patients via your mobile phone)
  • Accuro (dictation Software Company that may be used to dictate letters to other Healthcare providers)
  • Electronic Referral System (EMIS integrated software that allows us to process referrals and generate choose and book letters for patients)


Access to personal information

You have a right under the Data Protection Act 1998 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate.


In order to request this, you need to do the following:

  • Your request must be made in writing to the GP – for information from the hospital you should write direct to them
  • We are required to respond to you within 30 days
  • In extreme circumstances, it may be appropriate to refer some areas of your medical record to your registered GP initially before providing the information to you. In this circumstance the named GP responsible for the care of you will discuss with you the reasons why this is
  • You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records


Retention Periods

Kingswood Health Centre has a separate policy that details the retention periods for all documents concerning your health, which is available on request. Your medical record both computerised and paper remains with the health centre until your death. Should you leave the surgery, your paper record is transferred to your new GP surgery and a copy of your electronic record is also sent. Your data collected during your time registered at Kingswood Health Centre remains accessible from our surgery, however, this is an audited and monitored action and only ever accesses with expressed consent from the patient.


Right to withdraw consent for us to share your personal information

You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving care.



The Data Protection Act 1998 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office website


Kingswood Health Centre is registered with the Information Commissioners Office (ICO).


Objections / Complaints

Should you have any concerns about how your information is managed at the GP Surgery, please contact

  • Andrew Smith, GDPR Lead
  • Dr Alex Hickson, Caldicott Guardian
  • Kate Radziminska, Data Protection Officer for our surgery


If you are still unhappy following a review by us, you can then complain directly to the Information Commissioners Office (ICO) via their website (


If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything. If you have any concerns about how your data is shared then please contact the practice.


Should you require this document in larger font or translated into a different language please enquire at Reception.



Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website