Fair Processing Notice
How we use your Personal Information
This fair processing notice explains why JDoc Medical Ltd. (JDoc), the practice, collects information about you and how that information may be used.
The healthcare professionals, JDoc’s GPs, who provide you with care maintain records about your health and any treatment or care you have received previously (eg. hospital, GP surgery, walk-in clinic etc.). These records help to provide you with the best care possible.
- Healthcare records maybe electronic, on paper or a mixture of both and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which JDoc Medical Limited (JDoc) holds about you may include the following information:
- Details such as your address, legal representative, emergency or next of kin contact details
- Any contact this Practice has with you, such as appointments, clinic visits, emergency appointments etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, your NHS GP, relatives or those who care about you.
Your records are retained in accordance with the GP Surgery Codes of Practice for Record Management.
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help manage this practice. Information may be used within the practice for clinical audits to monitor the quality of the service provided.
Some of the information will be held centrally and used for statistical purposes. Where this information is given, we will take strict measures to ensure that individual patients cannot be identified.
Sometimes your information will be requested to be used for research purposes – the practice may advise you of such research opportunities, but will never release any of your personal information for this purpose without obtaining your consent.
How do we maintain the confidentiality of your records?
JDoc is committed to protecting your privacy and will only use information collected lawfully and fairly in accordance with:
- Data Protection Regulation Act 2018
- Human Rights Act 1998
- Common Law Duty of confidentiality
- Health and Social Care Act 2015
- NHS Codes of Confidentiality and Information Security
- And all applicable legislation
All JDoc staff members are bound by a duty of confidentiality. Any breech of this agreement will be dealt with by means of a formal disciplinary process.
JDoc Practice sets very clear guidance for all the staff on how confidential information should be recorded, kept secure and shared.
Confidential information can be disclosed if:
- a patient gives his/her express or implied consent to the disclosure
- the disclosure is required by law or is justified in the public interest or for exceptional circumstances
For a patient who has the required mental capacity, practitioners should establish what information they want to be shared, and with whom.
Special safe guarding provisions apply to sharing information regarding:
- mentally incompetent adults
- people who have died
Who are our partner organizations?
JDoc may also have to share your information, subject to strict agreements on how it will be used, with the following organizations;
- Independent contractors such as dentists, opticians and pharmacies
- Ambulance Services
- Social care Services
- Education Services
- Fire & Rescue Services
- Police & Judicial Services
- Clinical commissioning groups
- Local authorities
- Any other data processors, of whom you will be informed of
Access to personal information
You have the right under the Data Protection Regulation Act 2018 to request access to view or to obtain copies of what information JDoc holds about you and to have it amended should it be inaccurate. In order to request this, you need to consider the following:
- Make a request in writing to the Data Protection Officer (DPO)
- There will be no charge for any printed copies, unless deemed excessive
- The Data Protection Officer (DPO) needs to respond within 30 days
- You will need to advise adequate personal details (eg. full name, address, date of birth) so that your identity can be verified.
If you do not want personal confidential information that identifies you to be shared outside of JDoc, you can register to ‘opt-out’. This prevents your personal confidential information from being used except for your direct health care needs and in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease. If you wish to do so, please let us know so we can mark your record appropriately.
Objections or Complaints
Should you have any concerns or complaints about your information is managed by JDoc, please contact the Data Protection Officer. If you are still unhappy following a review you can complain to the Information Commissioner’s Office (ICO) via their website www.ico.org.uk
Change of details
It is important that you let JDoc or the Doctor on Duty know if there are in change in your personal details or if any details are incorrect. You have a responsibility to inform us of any changes so that our records are accurate and up to date.
The General Data Protection Act 2018 requires organizations to register a notification with the Information Commissioner’s Office (ICO) to describe the purpose for which they process personal and sensitive information. This information is publically available on their website www.ico.org.uk
JDoc is registered with the ICO and our reference numbers is: #Z3323389
Who is the Data Processor?
This is the person/people or organization responsible for using and recording your information. All staff at JDoc are individual Data Processors.
Who is the Data Controller?
The Data controller, responsible for keeping your information secure and confidential is JDoc Medical Ltd.
Data Protection Officer (DPO)
Dr. Sylvia Abramov is the Data Protection Officer who has overall responsibility for GDPR within this Practice.