How we use cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work more efficiently, and sometimes provide useful information to the owners of the site.

There are some cookies necessary to this site functioning, such as interacting with our accessibility toolbar. These cookies will usually remove themselves when you close your browsing session. More information can be found in the ‘Necessary cookies’ section.

We use some additional cookies, such as Google Analytics, to help us gather information and improve the website. You have the option to deny use of these cookies; more information can be found in the ‘Additional cookies’ section.

In order to help us to improve the content, format and structure of this website we record and analyse how visitors use the using Google Analytics.

You can read Google’s extensive information on data practices in Google Analytics.

You can opt-out of Google Analytics on our website by denying additional cookies or by using the Google Analytics Opt-out Browser Add-on.

Cookie Purpose Expiry
_ga Distinguishes user for Google Analytics. 2 years
_gid Distinguishes user for Google Analytics. 1 day
_gat Throttles request rate for Google Analytics. 1 minute
_ga_{ID} Persists session state for newer versions of Google Analytics. 2 years
_gat_gtag_UA_{ID} Persists session state for older versions of Google Analytics. 1 minute
__utma Distinguishes user and session for Google Analytics. 2 years
__utmb Determines new session or visit for Google Analytics 30 minutes
__utmc Determines new session or visit for Google Analytics. End of browsing session
__utmz Stores traffic source for Google Analytics. 6 months

The following necessary cookies allow the functions within our accessibility toolbar to work optimally.

Cookie Purpose Expiry
accessibility-controls Records option regarding additional cookies. End of browsing session
saveFontSize Allows the website (CMS) to record if the user’s font size selection. End of browsing session
contrast-mode Allows the website (CMS) to record the user’s contrast mode selection. End of browsing session
googtrans Allows the language of page content to be changed and records the language selected. End of browsing session

Cookie Purpose Expiry
cookieconsent_status Persistently records your option regarding additional cookies. 1 year

Boston PCN have a Zero Tolerance Policy to abusive or aggressive behaviour.

As an employer we have a duty of care for the health and safety of all our staff. They come to work to care for others and it is important for all members of the public and our staff to be treated with courtesy and respect.

The PCN will not tolerate aggressive or violent behaviour towards our staff or members of the public.

Anyone giving verbal abuse to members of staff or other patients will be sent a letter from the PCN Manager advising that this behaviour will not be tolerated and may result in being removed from the practice list.

Privacy Notice for General Practice Patients

How We Use Your Personal Information

This fair processing notice explains why our GP Practices collects information about you and how that information may be used.

Our health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.).

These records help us to provide you with the best possible healthcare.

  • NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.
  • Records which our GP Practices hold about you may include the following information:
  • Details about you, such as your address, contact details, date of birth, carer, legal representative, emergency contact details.
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations such as laboratory tests, x-rays etc.
  • Relevant information from other health professionals, relatives or those who care for you
  • To ensure you receive the best possible care, your records are used to facilitate the care you receive.

Information held about you may be used to help protect the health of the public in general and to help us manage the NHS. Information may be used within the GP practices for clinical audit to monitor the quality of the services provided.

We may monitor, record, store and use any telephone, email or other communication with you in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our services

Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.

_______________________________________

Covid-19 Planning and Research Data

This PCN is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital. This transparency notice supplements our main practice privacy notice.

The health and social care system is facing significant pressures due to the coronavirus (COVID-19) outbreak. Health and care information is essential to deliver care to individuals, to support health, social care and other public services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the coronavirus outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations. This PNC is supporting vital coronavirus planning and research by sharing your data with NHS Digital, the national safe haven for health and social care data in England.

For more information on how your data is being processed to support vital coronavirus (COVID-19) planning and research, please see our Practice Covid-19 Privacy Notice and the NHS Digital Website.

_______________________________________

In the Lincolnshire region a population health management programme has been introduced. The programme will combine de-identified information from GP practices, community service providers, hospitals and other health and care providers to allow a comprehensive picture of health and care needs to be identified and services planned according to need.

For more information please read the Privacy Notice.

Why LGBTQIA+?

“LGBT” is one of the most commonly used acronyms, and so shows up in far more searches. However, it’s far from comprehensive and excludes a number of identities: as such, we use “LGBTQIA+” to promote active inclusion.

For alternatives, MOGAI (Minority orientations, gender alignments and identities) is rapidly gaining recognition, and quiltbag is a popular term in the community.

Some basic terms:

Queer: an umbrella term, or an identity in its own right – it can refer to gender or sexuality or both.

NOTE: due to its use as a slur, this word should not be used to define others, unless they have explicitly stated it is okay.

Questioning/unsure/undecided: someone still questioning their gender identity and/or sexuality.

Some people may question if they are straight or not, or if they are transgender, whilst others may be certain that they are transgender and/or non-heterosexual, but may not be certain where exactly under the LGBTQIA+ umbrella their identity lies. Many young people may question their gender or sexuality, and it is important that their identities – fixed or not – are treated as valid and not as ‘just a phase’.

Gay: someone solely attracted to people of the same gender as themselves.

Whilst typically applied to men, the term can be used by/about anyone who is solely attracted to people of the same gender as themselves.

Lesbian: a woman who is solely attracted to other women.

In addition to homophobia, many lesbians find themselves the targets of what has been termed ‘lesbophobia’: an intersection of misogyny, sexism and homophobia. This includes resentment and harassment over being unavailable to men, sexual objectification and being seen as titillation, and in some cases even ‘corrective’ rape.

Bisexual: someone attracted to people of more than one gender.

Pansexual: someone attracted to people of all genders.

There is some overlap between bi and pan and many people identify as both.

There is a common fallacy that bisexual means ‘attracted to men and women’ – as a whole, this is not the case, though it may apply to an individual’s attraction. Robyn Och’s definition is widely accepted: “same and other genders”. Whilst ‘bi’ CAN mean a person is only attracted to two genders, it is important to note that this does not automatically mean the two binary genders.

Non-monosexual (people attracted to people of more than one gender) people can struggle to find a space in LGB communities, as bi/panphobia can lead to discrimination on both sides.

Asexual: someone not sexually attracted to others.

Aromantic: someone not romantically attracted to others.

Some asexuals may identify as homoromantic, heteroromantic, biromantic or panromantic, indicating their romantic attractions. Others may identify as aromantic; conversely, someone may identify as [x]sexual whilst being aromantic: having no romantic attraction to others. Others may experience grey-asexuality, where they rarely experience sexual attraction to other people; some may experience demisexuality, where sexual attraction is only felt if there is an existing emotional bond.

Asexuality does not necessarily mean celibate: it is a descriptor of a sexual orientation, not of behaviours.

Intersex: someone born with characteristics which are considered both typically male and typically female.

Gender is assigned at birth typically based on what genitalia a person has. However, what doctors consider typically male or female has a number of other characteristics, including karotype (containing genetic coding; considered the ‘sex chromosomes’ and typically – though not always – being XX or XY); genital and reproductive systems arrangement, including gametes (whether someone produces sperm or ova); natural hormone levels, which control many secondarysex characteristics such as weight distribution, breast tissue growth, body and facial hair, and muscle mass.

Someone who is intersex has a mix of characteristics which don’t fit the typical definitions of male and female. These characteristics may be evident at birth or become so later in life, at puberty or when trying to conceive. For some, the characteristics may not be evident at all.

Transgender: someone who does not identify as the gender they were assigned at birth.

Transsexual as a term is now usually considered outdated and should be avoided.

Trans = across from

Cis = on the same side

So transgender = does not identify as the same gender as was assigned at birth

Cisgender = identifies as the same gender as was assigned at birth

Can be binary (male or female) or non-binary (neither male nor female, or both).

Non-binary: a person who does not identify as (solely) male or female. It can be an umbrella term, or an identity in its own right.

Some common non-binary terms (this is by no means an exhaustive list):

  • Androgyne – An androgynous gender, which may be neutral, mixed or something else.
  • Agender – Being genderless, or without gender; lacking in gendered traits.
  • Genderqueer – A non-binary gender, which expresses sitting outside societal gender norms.
  • Demiboy/ demigirl – Feeling partially of one binary gender (male or female) and partially of some other sort of gender.
  • Bigender – Experiencing two different gender identities, either at the same time, or moving between the two.
  • Neutrois – A neutral gender identity, often lacking in gendered traits.
  • Genderfluid – Moving between two or more different gender identities.
  • Pangender – Identifying as all genders.

Some non-binary people may use “he” or “she” pronouns. Others may use “they”, “xe”, “ze”, “co” – or many more. Simply ask, and use accordingly.

A privacy notice is a statement that discloses some or all of the ways in which the practice gathers, uses, discloses and manages a patient’s data. It fulfills a legal requirement to protect a patient’s privacy.

Why do we need one?

To ensure compliance with the UK General Data Protection Regulation (GDPR), The PCN must ensure that information is provided to patients about how their personal data is processed in a manner which is:

Concise, transparent, intelligible and easily accessible;

Written in clear and plain language, particularly if addressed to a child; and

Free of charge

What is the UKGDPR?

The UK GDPR is the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (EU GDPR) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419).

It is defined in section 3(10) of the Data Protection Act 2018 (DPA 2018), supplemented by section 205(4).

It includes the provisions of what was previously the applied GDPR, unless the context otherwise requires.

With effect from 1 January 2021, organisations need to bear in mind that there are two legal texts to consider, where relevant: the UK GDPR as well as the DPA 2018.

For further information, see Practice notes, Brexit: implications for data protection and Brexit post-transition period: data protection (UK).

How do we communicate our privacy notice?

Network practice privacy notices are displayed on their individual websites, through signage in the waiting room and in writing during patient registration.

Allow patients to opt out of sharing their data, should they so wish

What information do we collect about you?

We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.

How do we use your information?

Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.

Maintaining Confidentiality

We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the UK General Data Protection Regulation (UKGDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO).

Risk Stratification

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.

Invoice Validation

Your information may be shared if you have received treatment, to determine which Integrated Care Board (ICB) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.

Opt-Outs

You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering a Type 1 opt-out, preventing your information from being shared outside this practice.

Accessing Your Records

You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception at your GP Surgery for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.

What to Do if You Have Any Questions

Should you have any questions about our privacy policy or the information we hold about you, you can:

Contact the PCN Manager on licb.bostonpcnadministration@nhs.net 

Complaints

In the event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit Information Commissioner's Office (ICO) and select ‘Raising a concern’.

We regularly review our privacy policy and any updates will be published on our website.

Boston PCN Privacy Notice

The objective of primary care networks (PCNs) is for groups of practices together to create more collaborative workforces which ease the pressure of GP’s, leaving them better able to focus on patient care.

Primary Care Networks form a key building block of the NHS long-term plan. Bringing general practices together to work at scale has been a policy priority for some years for a range of reasons, including improving the ability of practices to recruit and retain staff; to manage financial and estates pressures; to provide a wider range of services to patients and to more easily integrate with the wider health and care system.

All GP practices are expected to come together in geographical networks covering populations of approximately 30 to 50,000 patients by June 2019 if they are to take advantage of additional funding attached to the GP contract. This size is consistent with the size of the primary care homes, which exist in many places in the country, but much smaller than most GP Federations.

This means that your Practice may share your information with other practices within the PCN to provide you with your care and treatment.

This privacy notice lets you know what happens to any personal data that you give to us, or any information that we may collect from you or about you from other organisations.

This privacy notice applies to personal information processed by or on behalf of the Practices.

This Notice explains

  • Who we are and how we use your information
  • Information about our Data Protection Officer
  • What kinds of personal information about you we hold and use (process)
  • The legal grounds for our processing of your personal information (including when we share it with others)
  • What should you do if your personal information changes?
  • For how long your personal information is retained / stored by us?
  • What are your rights under Data Protection laws

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018) became law on 25th May 2018. The GDPR is a single EU-wide regulation on the protection of confidential and sensitive (special) information, the DPA 2018 deals with elements of UK law that differ from the European Regulation, both came into force in the UK on the 25th May 2018, repealing the previous Data Protection Act (1998).

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), and the Data Protection Act 2018 the practice responsible for your personal data is [Practice Name].

This Notice describes how we collect, use and process your personal data, and how in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

How we use your information and the law

Your Practice, (either Swineshead Medical Group, Kirton Medical Centre, Liquorpond Surgery, Greyfriars Surgery, Parkside Medical Centre, The Sidings Medical Practice) will be what’s known as the ‘Controller’ of your personal data.

They collect basic personal data about you and location-based information. This does include name, address and contact details such as email and mobile number etc.

They will also collect sensitive confidential data known as “special category personal data”, in the form of health information, religious belief (if required in a healthcare setting) ethnicity and sex life information that are linked to your healthcare, we may also receive this information about you from other health providers or third parties.

Why do we need your information?

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously. These records help to provide you with the best possible healthcare and treatment.

NHS health records may be electronic, paper-based or a mixture of both. We use a combination of working practices and technology to ensure that your information is kept confidential and secure.

Records about you may include the following information;

  • Details about you, such as your address, your Carer or legal representative and emergency contact details.
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments.
  • Notes and reports about your health.
  • Details about your treatment and care.
  • Results of investigations such as laboratory tests, x-rays etc.
  • Relevant information from other health professionals, relatives or those who care for you.
  • Contact details (including email address, mobile telephone number and home telephone number)

To ensure you receive the best possible care, your records are used to facilitate the care you receive, including contacting you. Information held about you may be used to help protect the health of the public and to help us manage the NHS and the services we provide. Limited information may be used within the GP practice for clinical Audit to monitor the quality of the service we provided.

How do we lawfully use your data?

We need your personal, sensitive and confidential data in order to provide you with healthcare services as a General Practice, under the General Data Protection Regulation we will be lawfully using your information in accordance with: -

Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”

Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems

This Privacy Notice applies to the personal data of our patients and the data you have given us about your carers/family members.

We use your personal and healthcare information in the following ways:

  • when we need to speak to, or contact other doctors, consultants, nurses or any other medical/healthcare professional or organisation during the course of your diagnosis or treatment or on going healthcare;
  • when we are required by law to hand over your information to any other organisation, such as the police, by court order, solicitors, or immigration enforcement.

We will never pass on your personal information to anyone else who does not need it, or has no right to it, unless you give us consent to do so.

Legal justification for collecting and using your information

The law says we need a legal basis to handle your personal and healthcare information.

Contract: We have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public.

Consent: Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs.

Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us.

Necessary care: Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent.

Law: Sometimes the law obliges us to provide your information to an organisation (see above).

Special categories

The law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows:

Public Interest: Where we may need to handle your personal information when it is considered to be in the public interest. For example, when there is an outbreak of a specific disease and we need to contact you for treatment, or we need to pass your information to relevant organisations to ensure you receive advice and/or treatment

Consent: When you have given us consent

Vital Interest: If you are incapable of giving consent, and we have to use your information to protect your vital interests (eg if you have had an Accident and you need emergency treatment)

Defending a claim: If we need your information to defend a legal claim against us by you, or by another party

Providing you with medical care: Where we need your information to provide you with medical and healthcare services

Risk Stratification

Risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from several sources including NHS Trusts and from this GP Practice. The identifying parts of your data are removed, analysis of your data is undertaken, and a risk score is then determined. This is then provided back to your GP as data controller in an identifiable form. Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary, your GP may be able to offer you additional services. Please note that you have the right to opt out of your data being used in this way in most circumstances, please contact the practice for further information about opt out.

Individual Risk Management at a GP practice level however is deemed to be part of your individual healthcare and is covered by our legal powers above.

Medicines Management

The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost-effective treatments. The reviews are carried out by the CCGs Medicines Management Team under a Data Processing contract with the Practice.

Anonymised information

Sometimes we may provide information about you in an anonymised form. Such information is used analyse population- level heath issues and helps the NHS to plan better services. If we share information for these purposes, then none of the information will identify you as an individual and cannot be traced back to you.

GP Connect Service

The GP Connect service allows authorised clinical staff at NHS 111 to seamlessly access the Practices clinical system and book directly on behalf of a patient. This means that should you call NHS 111 and the Clinician believes you need an appointment with your GP Practice, the Clinician will access available appointment slots only (through GP Connect) and book you in. This will save you time as you will not need to contact the Practice direct for an appointment.

The Practice will not be sharing any of your data and the practice will only allow NHS 111 to see available appointment slots. They will not even have access to your record. However, NHS 111 will share any relevant data with us, but you will be made aware of this. This will help your GP in knowing what treatment / service / help you may require.

Please note if you no longer require the appointment or need to change the date and time for any reason you will need to speak to one of our reception staff and not NHS 111.

Patient Communication

Because we are obliged to protect any confidential information, we hold about you and we take this very seriously, it is imperative that you let us know immediately if you change any of your contact details.

We may contact you using SMS texting to your mobile phone in the event that we need to notify you about appointments and other services that we provide to you involving your direct care, therefore you must ensure that we have your up to date details. This is to ensure we are sure we are actually contacting you and not another person. As this is operated on an ‘opt out’ basis we will assume that you give us permission to contact you via SMS if you have provided us with your mobile telephone number. Please let us know if you wish to opt out of this SMS service. We may also contact you using the email address you have provided to us. Please ensure that we have your up to date details.

There may be occasions where authorised research facilities would like you to take part in research. Your contact details may be used to invite you to receive further information about such research opportunities.

Safeguarding

The PCN is dedicated to ensuring that the principles and duties of safeguarding adults and children are holistically, consistently and conscientiously applied with the wellbeing of all, at the heart of what we do.

Our legal basis for processing For the General Data Protection Regulation (GDPR) purposes is:

Article 6(1)(e) ‘…exercise of official authority…’

For the processing of special categories data, the basis is:

Article 9(2)(b) – ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law…’

Research

Clinical Practice Research Datalink (CPRD) collects de-identified patient data from a network of GP practices across the UK. Primary care data are linked to a range of other health related data to provide a longitudinal, representative UK population health dataset. You can opt out of your information being used for research purposes at any time (see below), full details can be found here: -

cprd.com/transparency-information

The legal bases for processing this information

CPRD do not hold or process personal data on patients; however, NHS Digital (formally the Health and Social Care Centre) may process ‘personal data’ for us as an accredited ‘safe haven’ or ‘trusted third-party’ within the NHS when linking GP data with data from other sources. The legal bases for processing this data are:

  • Medicines and medical device monitoring: Article 6(e) and Article 9(2)(i) - public interest in the area of public health
  • Medical research and statistics: Article 6(e) and Article 9(2)(j) - public interest and scientific research purposes

Any data CPRD hold or pass on to bona fide researchers, except for clinical research studies, will have been anonymised in accordance with the Information Commissioner’s Office Anonymisation Code of Practice. We will hold data indefinitely for the benefit of future research, but studies will normally only hold the data we release to them for twelve months.

Categories of personal data

The data collected by Practice staff in the event of a safeguarding situation will be as much personal information as is possible that is necessary to obtain in order to handle the situation. In addition to some basic demographic and contact details, we will also process details of what the safeguarding concern is. This is likely to be special category information (such as health information).

Sources of the data

The Practice will either receive or collect information when someone contacts the organisation with safeguarding concerns, or we believe there may be safeguarding concerns and make enquiries to relevant providers.

Recipients of personal data

The information is used by the Practice when handling a safeguarding incident or concern. We may share information accordingly to ensure duty of care and investigation as required with other partners such as local authorities, the police or healthcare professionals (i.e. their GP or mental health team).

Third party processors

In order to deliver the best possible service, the practice will share data (where required) with other NHS bodies such as other GP practices and hospitals. In addition, the practice will use carefully selected third party service providers. When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by third parties include:

  • Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services etc.
  • Delivery services (for example if we were to arrange for delivery of any medicines to you).
  • Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

Further details regarding specific third-party processors can be supplied on request to the Data Protection Officer as below.

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • Data Protection Act 2018
  • The General Data Protection Regulations 2016
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Health and Social Care Act 2012
  • NHS Codes of Confidentiality, Information Security and Records Management
  • Information: To Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles.

Our practice policy is to respect the privacy of our patients, their families and our staff and to maintain compliance with the General Data Protection Regulation (GDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data related to our patients will be protected.

All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. The practice will, if required, sign a separate confidentiality agreement if the client deems it necessary. If a sub-contractor acts as a data processor for [Practice Name] an appropriate contract (art 24-28) will be established for the processing of your information.

In certain circumstances you may have the right to withdraw your consent to the processing of data. Please contact the Data Protection Officer in writing if you wish to withdraw your consent. In some circumstances we may need to store your data after your consent has been withdrawn to comply with a legislative requirement.

Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose in an identifiable format. In some circumstances you can Opt-out of the surgery sharing any of your information for research purposes.

With your consent we would also like to use your information

There are times that we may want to use your information to contact you or offer you services, not directly about your healthcare, in these instances we will always gain your consent to contact you. We would however like to use your name, contact details and email address to inform you of other services that may benefit you. We will only do this with your consent. There may be occasions where authorised research facilities would like you to take part on innovations, research, improving services or identifying trends, you will be asked to opt into such programmes if you are happy to do so.

At any stage where we would like to use your data for anything other than the specified purposes and where there is no lawful requirement for us to share or process your data, we will ensure that you have the ability to consent and opt out prior to any data processing taking place.

This information is not shared with third parties or used for any marketing and you can unsubscribe at any time via phone, email or by informing the practice DPO as below.

National Opt-Out Facility

You can choose whether your confidential patient information is used for research and planning.

Who can use your confidential patient information for research and planning?

It is used by the NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments.

Making your data opt-out choice

You can choose to opt out of sharing your confidential patient information for research and planning. There may still be times when your confidential patient information is used: for example, during an epidemic where there might be a risk to you or to other people’s health. You can also still consent to take part in a specific research project.

Will choosing this opt-out affect your care and treatment?

No, your confidential patient information will still be used for your individual care. Choosing to opt out will not affect your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.

What should you do next?

You do not need to do anything if you are happy about how your confidential patient information is used.

If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service.

You can change your choice at any time. To find out more or to make your choice visit nhs.uk/your-nhs-data-matters or call 0300 303 5678

Where do we store your information electronically?

All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.

No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place such as a Data Processor as above). We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;

  • NHS Trusts / Foundation Trusts
  • GP’s
  • Primary Care Network
  • NHS Commissioning Support Units
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private Sector Providers
  • Voluntary Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Social Care Services
  • NHS England (NHSE) and NHS Digital (NHSD)
  • Multi Agency Safeguarding Hub (MASH)
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police & Judicial Services
  • Voluntary Sector Providers
  • Private Sector Providers
  • Other ‘data processors’ which you will be informed of

You will be informed who your data will be shared with and in some cases asked for consent for this to happen when this is required.

Computer System

This practice operates a Clinical Computer System on which NHS Staff record information securely. This information can then be shared with other clinicians so that everyone caring for you is fully informed about your medical history, including allergies and medication.

To provide around the clock safe care, unless you have asked us not to, we will make information available to our Partner Organisation (above). Wherever possible, their staff will ask your consent before your information is viewed.

Shared Care Records

To support your care and improve the sharing of relevant information to our partner organisations (as above) when they are involved in looking after you, we will share information to other systems. You can opt out of this sharing of your records with our partners at anytime if this sharing is based on your consent.

We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure. All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. If a sub-contractor acts as a data processor for a network practice an appropriate contract (art 24-28) will be established for the processing of your information.

Sharing your information without consent

We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:

  • where there is a serious risk of harm or abuse to you or other people;
  • Safeguarding matters and investigations
  • where a serious crime, such as assault, is being investigated or where it could be prevented;
  • notification of new births;
  • where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS);
  • where a formal court order has been issued;
  • where there is a legal requirement, for example if you had committed a Road Traffic Offence.

How long will we store your information?

We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records management code of practice for health and social care and national archives requirements.

More information on records retention can be found online at (https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016).

How can you access, amend move the personal data that you have given to us?

Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to object: If we are using your data and you do not agree, you have the right to object. We will respond to your request within one month (although we may be allowed to extend this period in certain cases). This is NOT an absolute right sometimes we will need to process your data even if you object.

Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example for a research project, or consent to send you information about us or matters you may be interested in), you may withdraw your consent at any time.

Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within one month (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will need to keep a note of your name/ other basic details on our register of individuals who would prefer not to be contacted. This enables us to avoid contacting you in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this with a GP to GP data transfer and transfer of your hard copy notes.

Access to your personal information

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

  • Your request should be made to the Practice. (For information from a hospital or other Trust/ NHS organisation you should write direct to them.
  • There is no charge to have a copy of the information held about you
  • We are required to provide you with information within one month
  • You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified, and your records located information we hold about you at any time.

What should you do if your personal information changes?

You should tell us so that we can update our records please contact the relevant Practice Manager as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number), the practice will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.

Online Access

You may ask us if you wish to have online access to your medical record. However, there will be certain protocols that we have to follow in order to give you online access, including written consent and production of documents that prove your identity.

Please note that when we give you online access, the responsibility is yours to make sure that you keep your information safe and secure if you do not wish any third party to gain access.

Third parties mentioned on your medical record

Sometimes we record information about third parties mentioned by you to us during any consultation, or contained in letters we receive from other organisations. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including yourself.

Our website

The only website this Privacy Notice applies to is the PCN website. If you use a link to any other website from the PCN website then you will need to read their respective Privacy Notice. We take no responsibility (legal or otherwise) for the content of other websites.

Objections / Complaints

Should you have any concerns about how your information is managed at the GP, please contact the GP Practice Manager or the Data Protection Officer. If you are still unhappy following a review by the GP practice, you have a right to lodge a complaint with the Information Commissioners Office

www.ico.org.uk

If you are happy for your data to be used for the purposes described in this privacy notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact the Practice Data Protection Officer.

If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer as below.

Data Protection Officer:

The Practice Data Protection Officer is Paul Couldrey of PCIG Consulting Limited. Any queries regarding Data Protection issues should be addressed to him at:

Email: Couldrey@me.com

Postal:

PCIG Consulting Limited
7 Westacre Drive
Quarry Bank
Dudley
West Midlands
DY5 2EE

Changes:

It is important to point out that we may amend this Privacy Notice from time to time. If you are dissatisfied with any aspect of our Privacy Notice, please contact the Practice Data Protection Officer.

Accessibility Statement for www.bostonpcn.co.uk

This accessibility statement applies to the website and/or domain associated with Boston Primary Care Network. Our website is hosted by Frank Design Ltd and we work in conjunction with our host to enable as many people as possible to use our website. This means that users should be able to:

  • Change colours, contrast levels and fonts
  • Zoom in, by up to 300%, without the text splitting off the screen
  • Navigate most of the website using only the keyboard
  • Navigate most of the website using speech-recognition software
  • Listen to most of the website using a screen reader (including but not limited to JAWS, NVDA and VoiceOver)

In addition, we have made our website text as simple as possible to understand. If you need any further advice on making your device easier to use, particularly if you have a disability, click on the following link: AbilityNet

 

The accessibility of our website

We are aware that some parts of our website are not fully accessible and unfortunately this cannot be rectified. The issues in some areas are:

  • Users are unable to modify the line height or the spacing of text
  • Older versions of PDF documents are not fully accessible to screen-reader software
  • Live video streams do not have captions
  • The main content page cannot be skipped when using a screen reader
  • There are magnification limitations on the map (on the ‘contact us’ page)

 

Feedback and how to contact us

If you need information that is shown on our website in a different format, such as large print, easy read, audio recording, Braille or as a PDF, you can contact us by:

Once we receive your request, we will respond to you as quickly as possible. Please note that if you are unable to view the map on the ‘contact us’ page, you are requested to call or email us using the details shown above for directions.

 

Reporting accessibility problems with this website

We are constantly looking to improve the accessibility of our website. Should you find any problems not listed on this page, or think we are not meeting the accessibility requirements, please contact Digital and Transformation Lead on b.sandall@nhs.net.

 

Enforcement procedure

The Equality and Human Rights Commission (EHRC) is responsible for enforcing The Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 (the ‘accessibility regulations’). If you are not happy with the way in which we respond to any complaint, contact the Equality Advisory and Support Service (EASS).

 

Contacting us by phone or visiting us in person

Find out how to contact us on the ‘contact us’ page via this link ‘Contact Us’.  

 

Technical information about this website’s accessibility

Boston Primary Care Network Ltd is committed to making its website accessible, in accordance with The Public Sector Bodies (Websites and Mobile Applications) (No.2) Accessibility Regulations 2018.

 

Compliance status

We are committed to making our website accessible, in accordance with The Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018.

This website is partially compliant with the Web Content Accessibility Guidelines version 2.1 AA standard, due to [insert one of the following: ‘the non-compliances’, ‘the exemptions’ or ‘the non-compliances and exemptions’] listed below.

Some images do not have a text alternative, so people using a screen reader cannot access the information. This fails WCAG 2.1 success criterion 1.1.1 (non-text content). We plan to add alternative text for all images.

 

Disproportionate burden

Interactive tools and transactions

Some of our interactive forms are difficult to navigate using a keyboard – e.g., because some form controls are missing a ‘label’ tag.

Live video

We do not plan to add captions to live video streams because live video is exempt from meeting the accessibility regulations.

 

Preparation of this accessibility statement

This statement was prepared on 26th February 2024. It was last reviewed on 26th February 2024.

This website was last tested on 26th February. The test was carried out by Ben Sandall via www.accessible.com.

We used this approach to as the software can comprehensively scan the entire website and provided feedback on the following areas Clickables, Titles, Orientation, Menus, Graphics, Forms, Document, Readability, Carousels, Tables and General.