Practice Privacy Notice
Access to Records
In accordance with the Data Protection Act 1998, Access to Health Records Act and current GDPR legislation, patients may request to see their medical records. This is known as a Subject Access Request. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so. We are legally obliged to provide this information within one calendar month unless there are mitigating circumstances. There may be charges for access requests from third parties, such as insurance companies or solicitors.
Mill Road SAR Policy
Subject Access Request Form
Subject Access Request on behalf of an individual
General Practice Data and Planning for Research (GDPR)
NHS Digital's daily collection of GP data will support vital health and care planning and research.
Why NHS Digital collects general practice data
NHS Digital is the national custodian for health and care data in England and has responsibility for standardising, collecting, analysing, publishing and sharing data and information from across the health and social care system, including general practice.
NHS Digital collected patient data from general practices using a service called the General Practice Extraction Service (GPES), which has operated for over 10 years and now needs to be replaced.
NHS Digital has engaged with doctors, patients, data and governance experts to design a new approach to collect data from general practice that:
- reduces burden on GP practices
- explains clearly how data is used
- supports processes that manage and enable lawful access to patient data to improve health and social care
What the data will be used for
Patient data collected from general practice is needed to support a wide variety of research and analysis to help run and improve health and care services. Whilst the data collected in other care settings such as hospitals is valuable in understanding and improving specific services, it is the patient data in general practice that helps us to understand whether the health and care system as a whole is working for patients.
In addition to replacing what GPES already does, the General Practice Data for Planning and Research service will also help to support the planning and commissioning of health and care services, the development of health and care policy, public health monitoring and interventions (including coronavirus (COVID-19) and enable many different areas of research, for example:
2. Analyse healthcare inequalities
For example, to understand how people of different ethnicities access healthcare and how the outcomes of particular groups compare to the rest of the population. This will help the NHS to assess healthcare inequalities and make any necessary changes to its services.
3. Research and develop cures for serious illnesses
- data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health
- data on sex, ethnicity and sexual orientation
- data about staff who have treated patients
- name and address (except for postcode, protected in a unique coded form)
- written notes (free text), such as the details of conversations with doctors and nurses
- images, letters and documents
- coded data that is not needed due to its age - for example medication, referral and appointment data that is over 10 years old
- coded data that GPs are not permitted to share by law - for example certain codes about IVF treatment, and certain information about gender re-assignment
What is structured and coded data?
Structured patient data is information that is recorded and stored within medical record systems by organising it into different kinds of data, for example appointments or dates. This often restricts the data to a particular format or value from a list. Examples include:
- appointment date - which must be a date
- the type of healthcare professional that you saw - picked from a list of possible healthcare professionals such as ‘Practice Nurse’ or ‘Counsellor’
Coded patient data is information that is recorded and stored within medical record systems by using codes from a special list, that contains clinical vocabulary used by GPs. Examples include codes for weight, blood pressure, a prescribed medication or a specific diagnosis.
If you don’t want your identifiable patient data to be shared for purposes except for your own care, you can opt-out by registering a Type 1 Opt-out or a National Data Opt-out, or both. These opt-outs are different and they are explained in more detail below. Your individual care will not be affected if you opt-out using either option.
Type 1 Opt-out (opting out of NHS Digital collecting your data)
We will not collect data from GP practices about patients who have registered a Type 1 Opt-out with their practice. More information about Type 1 Opt-outs is in our GP Data for Planning and Research Transparency Notice, including a form that you can complete and send to your GP practice.
This collection will start on 1 September 2021 so if you do not want your data to be shared with NHS Digital please register your Type 1 Opt-out with your GP practice.
If you register a Type 1 Opt-out after this collection has started, no more of your data will be shared with us. We will however still hold the patient data which was shared with us before you registered the Type 1 Opt-out.
If you do not want NHS Digital to share your identifiable patient data with anyone else for purposes beyond your own care, then you can also register a National Data Opt-out.
National Data Opt-out (opting out of NHS Digital sharing your data)
We will collect data from GP medical records about patients who have registered a National Data Opt-out. The National Data Opt-out applies to identifiable patient data about your health, which is called confidential patient information.
NHS Digital won’t share any confidential patient information about you - this includes GP data, or other data we hold, such as hospital data - with other organisations, unless there is an exemption to this.
To find out more information and how to register a National Data Opt-Out, please read our GP Data for Planning and Research Transparency Notice.
How we make data available
NHS Digital collects, analyses, publishes and shares health and care data safely, securely and appropriately as part of our statutory functions.
Data which is shared by NHS Digital is subject to robust rules relating to privacy, security and confidentiality. Organisations using this data must have a clear legal basis to do so for health and care purposes and only the minimum amount of data needed to meet the specific purpose will be made available.
Data will only be made available in response to appropriate requests from organisations which are approved following independent scrutiny by our Independent Group Advising on the Release of Data.
More information about how and why NHS Digital will share data from GP practices is available in our General Practice Data for Planning and Research Transparency Notice. We also publish information about the data that we share in our data release register.
Additional information for patients and the public