Data & Privacy

A number of pages throughout this site may invite users to complete forms including their personal details. There is no requirement to fill in these forms in order to view general material on this site. If do you wish to complete a form with your details you should note the following:

All information collected on forms will be submitted via email. NHS Wolverhampton and this GP practice operates highly secure Electronic mail systems in line with National Health Service requirements, we are, however, unable to guarantee that your email service provider is able to offer the same level of security.

If you are sending confidential information to this practice  via email we assure you that once it reaches our network we will ensure its confidentiality and security, we cannot offer the same assurance for your email service provider. This means that any email you send is sent unsecured across the internet.

If you have any questions about your own email security please contact your service provider or if you have any questions about this service or NHS confidentiality please contact the Patient Advice and Liaison service on 01902 445378.

Information submitted to the practice  via this web site will be used solely for the purpose for which it is collected, and will not be passed on to other areas of Trusts within the NHS Wolverhampton, nor to any other organisation outside this Community, without your explicit permission. The purpose for which the information is collected will be made clear.

We have implemented security procedures and technical measures to protect any personal data which is kept by the practice from

  • Unauthorised access.
  • Improper use or disclosure.
  • Unauthorised modification.
  • Unlawful destruction or accidental loss.

Practice employees who have access to personal data are obliged to respect confidentiality, they are bound by confidentiality contract clauses and the duties of common law.

NHS Wolverhampton and this practice abides by the Data Protection Act of 1998 in the holding and processing of your personal data. The Practice Manager is happy to answer any enquiries and may be contacted by letter or phone.

If you are using a public computer and do not wish others to be able to go back to view the details you have typed into a form on the web it is advisable to clear the contents of the form and your cache (temporary internet files) before leaving the computer.

Some information is collected automatically by the web server and is used by NHS Wolverhampton, in aggregate form, for statistical analysis of visits to the site.

Further information on Data Protection issues can be found at www.ico.gov.uk

We do not use cookies for collecting user information and we will not collect any information about you except that required for system administration of our web server.

Privacy Notice for Primary Care Services

As of 1 April 2023, nine GP Practices are now part of the Royal Wolverhampton NHS Trust (RWT), making the trust directly responsible for the delivery of care.

This means that as a single organisation, the issues of scope of responsibility, funding, differing objectives and drivers will be removed allowing clinicians to design effective, high quality clinical pathways to improve appropriate access and positively impact patient outcomes.  Over time, we aim to increase the number of services and locations from which you will be able to access GP services. 

The model is called Vertical integration (VI) which is a care model where primary care physicians and their teams work together with providers of secondary and community care as part of one single organisation, offering a unique opportunity to redesign services from initial patient contact through on-going management and end of life care.

Within the practices, trained staff members use electronic and paper records to create and maintain an in-depth history of your NHS medical care within the practice and elsewhere (eg. Hospital visits), to help ensure that you receive the best possible healthcare. Anyone who accesses your data within the practice can only do so using an authorised login that identifies them and provides an audit trail of the records accessed.

At the Royal Wolverhampton Trust, the Primary Care Services team aim to provide you with safe and effective care to the highest standards. To do this your doctor and the team of health professionals caring for you will keep records about your health and any care you receive from the Trust. This is called your Health Records and may be stored in a paper form or on computer systems. This may include:

  • -Basic details as your name, address, date of birth, NHS number, gender, next of kin, and ethnicity
  • -Details of your appointments at the Practice or home visits
  • -Details of your hospital appointments/visits
  • -Notes and reports about your health, treatment and care
  • -Results of x-rays, scans and laboratory tests
  • -Relevant information from people who care for you and know you well, such as health professionals and relatives 
  • -Allergies and sensitivities
  • -Current and historical medication
  • -Family history

Primary Care Services use the above data in the following ways. For each purpose we process your personal data, the legal bases allowing us to do so is listed within the table.

Purpose of using personal data in GP PracticesLegal basis of processing personal data
Provision of direct care and related administrative purposes   For example: appointment booking, referrals to hospital or patient communication via textGDPR Article 6(1)(e) – the performance of a task carried out in the public interest   GDPR Article  9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.  
For commissioning and healthcare planning purposes   For example: collection of mental health data set via NHS Digital  GDPR Article 6(1)(c) – compliance with a legal obligation   GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.   Special category 9(2)(i) – public interest in the area of public health  
For planning, general running purposes and system improvements   For example: Care Quality Commission powers to require information and recordsGDPR Article 6(1)(c) – compliance with a legal obligation (the GP practice) Regulation 6(1)(e) – the performance of a task carried out in the public interest (CQC)   GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.   Special category 9(2)(i) – public interest in the area of public health  
For planning and running of the NHS nationally   For example: National clinical auditsGDPR Article 6(1)(e) – the performance of a task carried out in the public interest   GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.   Special category 9(2)(i) – public interest in the area of public health
For research purposes   For example: Investigating the effectiveness of health campaigns such as stop-smokingGDPR Article 6(1)(f) – legitimate interests…except where such interests are overridden by the interest or fundamental rights and freedoms of the data subject.   GDPR Article 6(1)(e) – the performance of a task carried out in the public interest   GDPR Article 6(1)(a) – explicit consent   GDPR Article 9(2)(j) – scientific or historical research purposes or statistical purposes  
For safeguarding and other legal dutiesGDPR Article 6(1)(e) – the performance of a task carried out in the public interest   Regulation 6(1)(c) – compliance with a legal obligation   GDPR Article 9(2)(b) – purposes of carrying out the obligations of ..social protection law  
When you request us to share you information   For example: Subject access requestsGDPR Article 6(1)(a) – explicit consent   GDPR Article 9(1)(a) – explicit consent  
If there is CCTV and Call recording in the practice:   (this is only applicable to some VI practices; contact your practice for more information)    GDPR Article 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.   GDPR Article 9(2)(f) – processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity    
The sharing of VI patient data with Commissioning Support Unit to establish trends within frail, elderly patients.GDPR Article 6(1)(e) – the performance of a task carried out in the public interest

We may share information about you with the following agencies in order to support the delivery of your care:

  • -Department of Health and other NHS bodies
  • -Black Country Integrated Care Board (ICB)
  • -Wolverhampton City Council (Social Care Services)
  • -Wolverhampton Voluntary Sector Council (Social Prescribing Service)
  • -New Cross Hospital (RWT)
  • -General Practitioners (GPs) who are part of the group of practices vertically integrated with the Trust, should you choose to book into one of the extended access clinics at another location other than your usual practice.
  • -Ambulance Service
  • -Mental health services
  • -Social services
  • -Other national providers of health care who you choose to be referred to, in consultation with your healthcare professional.
  • -An automated appointment reminder system for the provision of appointment and other relevant information via text message
  • -The Strategy Unit (Midlands and Lancashire CSU)

The practice will collect data about you in a numbers of ways. The main method of collection is from you directly.

Face to face:

Most of the information we hold about you will be collected from you at the time you engage with the service. Any data provided will be used for the reasons listed in this notice and will only relevant data will be requested and recorded.

Telephone calls:

The information you disclose over a telephone call may be recorded by the Trust either to support your care or as a record of the conversation. Ordinarily we will inform you if we record or monitor any telephone calls you make to the Trust. This is to increase your security, for our record keeping of the phone call and for training and quality purposes.

Emails:

If you email us we may keep a record of your contact and your email address for our record keeping

From another practice:

Electronic and paper transfer of medical records from previous Practice when newly registering.

Medical records from out of hours provider.

Other organisation:

We may receive information from other organisations that are also required by law to share information with us about you, to help us have a full picture of your needs and provide you with care.

Referrals – We may receive referrals or a transfer of your notes to specific specialties as a result of your care being transferred to our organisation. This can be from another Trust, or any health or social care provider initiating a referral.

Direct access – The practice and its staff may, on a need to know basis have access to specific clinical systems from other organisation such as the summary care record, other Trust clinical systems in order to access information about you that is relevant to your care delivery. All systems are auditable and access is on a need to know basis.

From our appointment text messaging service – The practice may send you text messages which can be responded to. The information collected in these text responses is used to update your patient information on our clinical system. We may ask you for information to investigate the effectiveness of health campaigns eg After using our stop smoking service, have you since quit?

Below is a list of the rights you have in relation to your data and when they apply. To make an application for any of the below rights please contact the Data Protection team [email protected] in the first instance. All rights should be considered within 30 calendar days from date of receipt, but may be extended if complex. 

The Right of Access

You have the right to request a copy of any information held by the Trust as well as any supplementary information.  See How do I request my information? for details on how to request your information.

Right to Rectification

If you believe your information may be inaccurate or incomplete you can make a request to have your information reviewed.

The Right to Erasure

The right to erasure is also known as the ‘right to be forgotten’ introduces a right for you to have personal data erased.  Generally this right is not available with health care data. Where this right is available for specific processing you will be notified.

The Right to Restrict Processing

The right to restriction allows you to request the restriction or suppression your personal data. This right is closely linked with the right to rectify and the right to object and will only apply if:

  • -you contests the accuracy of your personal data and the accuracy is being verified by the trust;
  • -the data has been unlawfully processed (ie in breach of the lawfulness requirement of the first principle of the GDPR) and you oppose erasure and requests restriction instead;
  • -the personal data is no longer needed but we need to keep it in order to establish, exercise or defend a legal claim.

The Right to Data Portability

The right to data portability allows you to obtain and reuse your personal data across different services. The process should allow for moving, copying or transfer of personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The right to data portability is not an absolute right and generally will not apply to your health care record unless:

  • -the processing is based on the your consent or it in the performance of a contract;
  • -when processing is carried out by automated means.

The Right to Object

The right to object to processing means that data should cease to be processed. This right applies only where data is obtained with your consent. In most cases we rely on our legal basis to process your data and not consent and therefore for care purposes this right may not apply. If your data is used for any other reason this right may apply, but would have to be assessed on an individual basis.

Use of profiling 

Profiling is automated processing of personal data to evaluate certain things about an individual.  The Trust may use profiling techniques for health care planning purposes.  An example of this type of processing is the process of risk stratification of patients based on frequency of attendance.

You have a right to see or have copies of any information held by the Trust that relates to you free of charge. We have the right to charge an administration fee in situations where repeated requests are received for the same information or the request is excessive. You will be required to prove your identity when making requests. 

Subject Access Requests under GDPR rules (post 25th May18) will be processed within 30days. However, once our teams have established the volume of records requested there may be a requirement to extend this up to a further 2 months. We will contact you within 30days should this be the case.

To request access to health records please complete a Subject Access Request form – just ask your GP practice.

All our records are destroyed in accordance with the NHS Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained. We do not keep your records for longer than necessary. 

All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required.

GP Patient Records are retained for 10 years after patient death.  For more information please see the Record Management Code for Practice for Health and Social Care 2016, retention schedules

If you want your data to be opted out:

If a patient chooses to change their data opt-out if they do not want their confidential patient information to be used for purposes beyond their individual care and treatment – for research and planning.

Choosing to opt-out will not affect their care and treatment. They will still be invited for screening services, such as screenings for bowel cancer.

Their opt-out is recorded against their NHS number on the Spine. It will remain unless they change their mind.

Any person registered on the Personal Demographic Services (PDS) and who consequently has an NHS number allocated to them is able to set a national data opt-out. The opt-out is stored in a central repository against their NHS number on the Spine.

When the opt-out is applied, the entire record (or records) associated with that individual must be fully removed from the data being disclosed

The patient can choose to opt-out securely online https://digital.nhs.uk/services/national-data-opt-out or through a telephone service: 0300 3035678

NHS stock of Printed Your Data Matters available in all patient areas to direct patients who may want to change their opt out status.

If you have any questions about your care or a complaint, please speak to the health professional involved with your care in the first instance.

If this is not resolved to your satisfaction you can contact the Patient Advice and Liaison Service (PALS).

If you have any concerns about how your information is being processed or any of the rights as detailed above, please contact the Trust in the first instance through:

Data Protection Team
Health Records Library
Location B19
New Cross Hospital
Wednesfield Road
Wolverhampton
WV10 0QP

Email: [email protected]

Telephone: 01902 307999 Extension 5544

If you would like to contact the Data Protection Officer (DPO), Raz Edwards, she can be contacted on:

Email: [email protected] Telephone: 01902 307999 Extension 8124  

You also have a right to complain directly to the Information Commissioner’s Office if you feel the Trust has not responded effectively to any of the above.

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF  Telephone: 0303 123 1113  

Link Policy

All links from this website are selected using our links policy. Links are provided for information and convenience only. We cannot accept responsibility for the sites linked to, or the information found there. A link does not imply an endorsement of a site; likewise, not linking to a particular site does not imply lack of endorsement.

You do not have to ask permission to link directly to pages hosted on this site. However, we do not permit our pages to be loaded into frames on your site. The pages must load into the users entire window. You must not use the NHS logo to link to our site without prior permission.

Accuracy

This website is committed to the highest standards of information quality. Every effort is taken to ensure that the information contained in this website is both accurate and complete. However, NHS Wolverhampton and the practice gives no warranty, either expressed or implied, as to the accuracy of the information on this website and accepts no liability for any loss or inconvenience caused as a result of reliance on such information.

In no way should any of the information found here be a substitute for professional medical care by a qualified doctor or other health care professional.

Availability

We cannot guarantee uninterrupted access to this website, or the sites to which it links. We accept no responsibility for any damages arising from the loss of use of this information.

Intellectual Property

The names, images and logos identifying the practice are the proprietary marks of the NHS. Copying our logos and any other third party logos accessed via this website is not permitted without the prior approval of the relevant copyright owner.

Virus Protection

We make every effort to check and test material at all stages of production. It is always wise for you to run an anti-virus programme on all material downloaded from the internet. We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system that may occur while using material derived from this website.

Privacy Notice – Horizon Call Recording Telephony system

This privacy notice explains about our PCN Telephony System, Horizon and partner Gamma who are responsible for the call recording. The core network integration between the Platform and Horizon provides a reliable way to record all incoming, outgoing and internal Horizon calls. Call recordings are stored encrypted for security and can be accessed online via a call recording portal that provides a multi-level permissions-based accessInbound calls, the system will notify you that all telephone calls are recorded for auditing, training and monitoring purpose. Outbound calls will also be recorded for the same reason and this information can be found in this notice, displayed on our website and in the surgery. We lawfully do not require your consent; however, you do have the right to terminate the call if you do not wish for the call to be recorded. All calls made to the practice by a registered patient or from the practice to a registered patient, will be stored securely on Servers hosted by Gamma at their datacentre. All data originates from the caller into the practice or the practice dialing out to the recipient.

Personal data

 When a call is recorded we collect:

  • a digital recording of the telephone conversation
  • the telephone number of both parties (internal and external)
  • Personal data revealed during a telephone call will be digitally recorded for example name and contact details to deliver appropriate services.
  • Occasionally ‘special category’ personal information may be recorded where a customer voluntarily discloses health, religious, ethnicity or criminal information to support their request for advice and/or services.

We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.

1) Data Controller

Royal Wolverhampton NHS Trust

Practice Managers and Service Delivery Managers

2) Data Protection Officer

Raz Edwards, Royal Wolverhampton NHS Trust

3) Purpose of the processing Direct Health Care – To enable a safe two-way communication between patient and Surgery.

4) Lawful basis for processing.The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.

Article 9(2)(b) Carrying out of obligations under employment, social security or social protection law, or a collective agreement’

Article 9(2)(c) Vital interests of a data subject who is physically or legally incapable of giving consent.

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of

health or social care or treatment or the management of health or social care systems and services…”

*Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.

5) Recipient or categories of recipients of the processed data

Data is accessible by the Practice as the Data Controller for this information. Information may be accessed remotely by the supplier for support purposes. Making recordings available for the Practice, patients and other data subjects may request this.

6) Rights to object You have the right to object to some or all the information being

processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance

7) Right to access and correct You have the right to access the data that is being stored and have any inaccuracies corrected. There is no right to have accurate medical

records deleted except when ordered by a court of Law.

8) Retention period The recording data will be retained for 3 months on the Telephony

System hosted by Gamma, before being automatically deleted.

9) Right to Complain. You have the right to complain to the Information Commissioner’s

Office, you can use this link https://ico.org.uk/global/contact-us/

or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

* “Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as ‘judge-made’ or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent. The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent.In practice, this means that all patient information, whether held on paper,  computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.

Three circumstances making disclosure of confidential information lawful are:

  • where the individual to whom the information relates has consented;
  • where disclosure is in the public interest; and
  • where there is a legal duty to do so, for example a court order

Categories of Personal Data

  • race;
  • ethnic origin;
  • political opinions;
  • religious or philosophical beliefs;
  • trade union membership;
  • genetic data;
  • biometric data (where this is used for identification purposes);
  • health data;
  • sex life; or
  • sexual orientation.

Medical Examiners Programme – Data Sharing Statement

The medical examiner office at our trust has been commissioned by NHS England and NHS Improvement to provide medical examiners to carry out independent scrutiny of the causes of death for non-coronial deaths of patients previously registered under your care. In order to undertake this duty, we will require access to records relating to relevant patients and their next of kin. This statement describes the information governance arrangements in place to facilitate this.

What information will we require and why?

In order to undertake our duties, we will require access to:

  • Medical and clinical records associated with deceased patients, which will be independently reviewed by our medical examiner
  • Contact details for relevant patients’ next of kin, so our medical examiners and medical examiner officers can contact them to ask if they have questions about the causes of death, and about any concerns they may have regarding the care before death.
  • The medical examiner or medical examiner officer will also contact the medical practitioner completing the Medical Certificate of Cause of Death, regarding the proposed causes of death. This interaction can be completed by correspondence (eg email), a verbal discussion is not normally required.

What is our UK GDPR basis for collecting this information?

Medical records associated with deceased patients are outside scope of the UK GDPR. However, next of kin details are within the scope of the UK GDPR. Our Trust is the controller for next of kin’s contact details, which we shall process under Article 6.1(e).

Under Article 6(1)(e) of the GDPR, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority invested in the controller. The information is being processed for the purposes of the medical examiner system, as part of the NHS Patient Safety strategy and within NHS Trust and NHS foundation trust functions for activities carried out in connection with the provision of health services. It is necessary for medical purposes and is undertaken by either a health professional, or a person who, in the circumstances owes a duty of confidentiality to the patient equivalent to that of a health professional. We will be clear with relevant organisations from which the information is requested, the purpose of collecting the information. Only information which is relevant to the medical examiner system will be collected.

How will we set aside the duty of confidence in order to review medical records of deceased patients? 

Secretary of State for Health and Social Care decision

NHS England and NHS Improvement, on behalf of NHS Trusts and NHS foundation trusts, submitted an application under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (‘section 251 support’) to process confidential information without consent.

The Secretary of State for Health and Social Care, having considered the advice from the Confidentiality Advisory Group, supported the application which means that confidential patient information can be shared with medical examiners by health and care organisations for the purpose of the medical examiner programme.

Details of the approved application  (ref: 21/CAG/0032) can be found on the Health Research Authority’s website https://www.hra.nhs.uk/planning-and-improving-research/application-summaries/confidentiality-advisory-group-registers/ .

The General Medical Council’s (GMC) Confidentiality Guidance advises that doctors should disclose relevant information about a patient who has died where disclosure is authorised under section 251 of the NHS Act 2006.

Paragraph 137 of the General Medical Council (GMC) guidance https://www.gmc-uk.org/ethical-guidance/ethical-guidance-for-doctors/confidentiality/managing-and-protecting-personal-information#paragraph-137 advises:

137 – Circumstances in which you should usually disclose relevant information about a patient who has died include:

  • the disclosure is permitted or has been approved under a statutory process that sets aside the common law duty of confidentiality, unless you know the patient has objected

Paragraph 103 to 105 of the GMC guidance https://www.gmc-uk.org/ethical-guidance/ethical-guidance-for-doctors/confidentiality/using-and-disclosing-patient-information-for-secondary-purposes#paragraph-103 advises:

103 – In England, Wales and Northern Ireland, statutory arrangements are in place for considering whether disclosing personal information without consent for health and social care purposes would benefit patients or the public sufficiently to outweigh patients’ right to privacy. Examples of these purposes include medical research, and the management of health or social care services. There is no comparable statutory framework in Scotland.

104 – Section 251 of the National Health Service Act 2006 (which applies in England and Wales) and the Health and Social Care (Control of Data Processing) Act (Northern Ireland) 2016 allow the common law duty of confidentiality to be set aside for defined purposes where it is not possible to use anonymised information and where seeking consent is not practicable.

105 – You may disclose personal information without consent if the disclosure is permitted or has been approved under regulations made under section 251 of the National Health Service Act 2006 or under the Health and Social Care (Control of Data Processing) Act (Northern Ireland) 2016. If you know that a patient has objected to information being disclosed for purposes other than direct care, you should not usually disclose the information unless it is required under the regulations.

How will we secure your information?

We have provided a copy of our organisational assurance checklist with this statement, which should provide you with confidence in our ability to process your data in a secure, lawful and transparent manner.

Digitisation of Paper Medical Records – Privacy Notice

The NHS Long Term plan published in 2019 requires the digitisation of all primary care paper medical records, commonly known as ‘Lloyd George’ records or ‘A4 medical records’
Having paper based medical records restricts the use of technology to provide ‘joined up’ services and therefore the current paper records will be transferred to a digital format and then destroyed.
This will involve the current patient paper medical records being scanned and then entered directly into a patient’s electronic medical record. This work will be completed by a third-party supplier, NEC Software Solutions UK Limited (formerly known as Northgate Public Services), whose security standards have been reviewed by NHS Black Country Integrated Care Board (BC ICB).

We are required by Data Protection law to provide you with the following information about how we handle your information.

Data Controller contact details : Royal Wolverhampton Primary Care Network (Alfred Squire Road Coalway Road Surgery, Lea Road Medical Practice, Oxley Surgery, Penn Manor Medical Centre, Thornley Street Surgery, Warstones Health Centre, West Park Surgery)
Data Protection Officer contact details: Daniel Okonofua (Interim Head of Data Security and Protection DPO)
Purpose of the processing: Transferring the current paper medical records into patients’ electronic medical records.
Lawful basis for processing: The following provisions of the General Data Protection Regulation permit us to digitise existing paper medical records:
Article 6(1)(e) – ‘processing is necessary…in the exercise of official authority vested in the controller…’’
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’
Recipient or categories of recipients of the processed data: We will not be sharing your data with a third party. However we will be employing the services of NEC to carry out the scanning and digitisation of the current paper medical records on our behalf.
Right to access and correction: You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website The Royal Wolverhampton Trust Primary Care Network (RWT PCN) (rwtprimarycare.nhs.uk)
Retention period: GP medical records will be kept in line with the law and national guidance. Information on how long records can be kept can be found within the NHS Records Management Code of Practice or speak to the Practice. The paper medical records will be destroyed 60 days after they are transferred to an electronic format and written confirmation received from the practice in accordance with national standards.

The practice holds medical records to provide medical treatment and advice and patients have a relationship with a GP in order for them to be provide health and care service to you. We therefore do not require your consent to transfer these papers records to an electronic format.
If you have any questions about this project, please contact Fran Freeman, BCICB Lloyd George Digitisation Project Manager; Tel; 0121 612 4110 (Time-2-Talk).

Please note that information about your rights covered by Data Protection legislation and the complaints procedure are detailed in the Practice’s Main Privacy Notice The Royal Wolverhampton Trust Primary Care Network (RWT PCN) (rwtprimarycare.nhs.uk)

Details of Supplier:
NEC Software Solutions UK Limited (formerly known as Northgate Public Services)
Suite 101, 1st Floor iMex Centre
575-599 Maxted Road
Hemel Hempstead
HP2 7DX
Document scanning that’s secure and efficient – NEC Software Solutions (necsws.com)

General Information