Patient Privacy Notice

How We Use Your Information

Queen Mary Practice is committed to protecting your personal information and ensuring that it is handled in a safe, secure, and lawful way. This notice explains how we collect, use, and share your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Queen Mary Practice is the data controller for the personal information that we hold about our patients. This means we are responsible for how your personal data is collected, stored, and used.

Data Protection Officer: NHS NEL Integrated Care Board, 4th Floor, Unex Tower, 5 Station Road, London, E15 1DA,  itservicedesk.nelicb@nhs.net 08009178607

To provide you with safe and effective healthcare, we hold information about you in your medical record. This may include:

  • Personal details (such as name, address, date of birth, NHS number, and contact details)
  • Medical history and details of consultations
  • Test results, diagnoses, and treatments
  • Information about medications and allergies
  • Correspondence from hospitals or other healthcare providers
  • Information from other organisations involved in your care

This information helps healthcare professionals make informed decisions about your treatment and care.

How We Use Your Information

We use your personal information to:

  • Provide direct care and treatment
  • Manage and administer healthcare services
  • Communicate with you about your care
  • Ensure patient safety and quality of services
  • Support staff training and service improvements
  • Meet legal and regulatory requirements

Sharing Your Information

Your information may be shared with organisations and professionals involved in your care, including:

  • Hospitals and specialists
  • Community healthcare services
  • NHS organisations
  • Pharmacies
  • Social care services where appropriate

Information is shared only when it is necessary, lawful, and proportionate, and always in accordance with confidentiality and data protection laws.

How We Protect Your Information

We take the security of your personal information seriously. Your data is stored securely and is only accessible to authorised staff who require it to carry out their duties. We use a range of technical and organisational measures to protect your information from unauthorised access, loss, or misuse.

Your Rights

Under data protection law, you have several rights regarding your personal information:

  • Right of Access – You can request a copy of your medical records.
  • Right to Rectification – You can request that incorrect or incomplete information is corrected.
  • Right to Object – You can object to your data being used or shared in certain circumstances.
  • Right to Restrict Processing – You can ask us to limit how your information is used.
  • Right to Complain – If you are unhappy with how your information has been handled, you can raise a complaint.

Data Processors

We may use external organisations to help deliver our services. These organisations process personal data on our behalf and must comply with strict confidentiality and data protection requirements.

Legal Requirements For Data Sharing

How your information is shared so that this practice can meet legal requirements

The law requires Queen Mary Practice to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:

  • plan and manage services;
  • check that the care being provided is safe;
  • prevent infectious diseases from spreading.

We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information.

NHS Digital

NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.

  • It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
  • This practice must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
  • More information about NHS Digital and how it uses information can be found on their website

Care Quality Commission (CQC)

Public Health

We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data.

Data Controller contact detailsQueen Mary Practice
Data Protection Officer contact detailsNHS NEL Integrated Care Board, 4th Floor, Unex Tower, 5 Station Road, London, E15 1DA,  itservicedesk.nelicb@nhs.net 08009178607
Purpose of the processingCompliance with legal obligations or court order.
Lawful basis for processingThe following sections of the GDPR mean that we can share information when the law tells us to. Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’ Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’
Recipient or categories of recipients of the processed dataThe data will be shared with NHS Digital.The data will be shared with the Care Quality Commission.The data will be shared with our local health protection team or Public Health England.The data will be shared with the court if ordered.
Rights to object and the national data opt-outIn certain circumstances, you have the right to object to how your personal information is used. However, there are limited situations where information must be shared because the law requires it.National Data Opt-OutYou have the right to opt out of your confidential patient information being used for purposes beyond your individual care, such as health service planning and research.This is known as the National Data Opt-Out. If you choose to opt out, your confidential patient information will not be used for these purposes unless there is a legal requirement or an overriding public interest.You can manage your choice or find out more by visiting the NHS Digital website. National Data Opt-Out – NHS England DigitalWhen You Cannot ObjectThere are circumstances where the practice is legally required to share information, and in these cases you cannot object. These include:Public Health: Information may be shared under public health legislation to help prevent or control infectious diseases and protect the health of the public.Regulatory Requirements: Information may be shared with the Care Quality Commission when required for their regulatory and inspection duties.Legal Obligations: Information must be disclosed if it is required by law or ordered by a court.In all cases where information is shared, it will be done in accordance with UK data protection law, and only the minimum necessary information will be provided.
Right to access and correctYou have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staffWe are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention periodGP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found by clicking here or speak to the practice.

National Screening Programme

The NHS provides national screening programmes so that certain diseases can be detected at an early stage.

  • These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service.
  • The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme.
  • More information can be found on the Government’s website or speak to the practice

We are required by law to provide you with the following information about how we handle your information in relation to our legal obligations to share data.

Data Controller contact detailsQueen Mary Practice
Data Protection Officer contact detailsNHS NEL Integrated Care Board, 4th Floor, Unex Tower, 5 Station Road, London, E15 1DA,  itservicedesk.nelicb@nhs.net 08009178607
Purpose of the processingThe NHS provides several national health screening programmes to detect diseases or conditions early such as cervical and breast cancer, aortic aneurysm and diabetesThe information is shared so that the correct people are invited for screening. This means those who are most at risk can be offered treatment.
Lawful basis for processingThe following sections of the GDPR allow us to contact patients for screening. Article 6(1)(e) – ‘processing is necessary…in the exercise of official authority vested in the controller…’’ Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’
Recipient or categories of recipients of the processed dataThe data will be shared with:NHS Bowel Screening ProgrammeNHS Breast Screening ProgrammeDiabetic Eye ScreeningCytology Screening
Rights to objectFor national screening programmes: you can opt so that you no longer receive an invitation to a screening programme. See the government’s website or speak to your practice.
Right to access and correctYou have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staffWe are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view
Retention periodGP medical records will be kept in line with the law and national guidance. Information on how long records can be kept can be found on the NHS Digital Website or speak to the practice.
Data we get from other organisationsWe receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.

Call Recording Notice

At Queen Mary Practice, we are committed to providing safe, high-quality care to our patients. As part of our service delivery, telephone calls made to and from the practice may be recorded for training, monitoring, and quality assurance purposes.

Call recordings help us ensure our staff maintain high standards of professionalism, accuracy, and patient care. They also allow us to review interactions, support staff training, and identify opportunities to improve our services.

Our telephone system is provided by X-on, which processes call recordings and related data on our behalf as our telephony service provider. Information about how X-on handles personal data can be found in their privacy notice:
https://www.x-on.co.uk/privacy-notice/

Recordings are stored securely and are only accessible to authorised personnel when necessary. Any personal information shared during calls is handled in accordance with UK data protection legislationincluding the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

All recorded data is treated with the same level of confidentiality and security as other patient information held by the practice.

Accurx Scribe

Use of AI scribe in patient consultations

Our practices are committed to delivering the best possible care to our patients. To enhance the quality and efficiency of our consultations, clinicians (your GP or a member of the multidisciplinary team within your practice) may use an artificial intelligence (AI) enabled scribe software during your appointment. The AI scribe is specifically designed to be used in a clinical setting and will convert your conversation with your clinician into text to generate a comprehensive note from your consultation.

We are currently using Accurx Scribe powered by Tandem.

What is Accurx Scribe?

Accurx Scribe transcribes audio from a patient contact or free-dictation and uses AI to summarise them into structured form for medical notes, including any relevant coding. Clinicians can instantly modify notes and generate other documents, save these notes to the patient record, and share documents with patients and other services. More information about the software can be found on the Accurx website at: Accurx for patients.

Informing patients when we use an AI scribe

Whilst the use of an AI scribe is designed to improve patient care, your privacy is important to us. Accurx Scribe only processes information discussed during your appointment and operates within strict data protection and security controls. Before using Accurx Scribe, your clinician will inform you that they are planning to use this tool. You have the option to decline its use at any time during your appointment, you just need to let your clinician know.

Complaints

If you remain dissatisfied with the practice handling of any complaint, you can contact the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: https://ico.org.uk