Under the Data Protection Act 1998, you have a right to know who holds personal information about you. This person or organisation is called the data controller. In the NHS, the data controller is usually your local NHS board and your GP surgery. The NHS must keep your personal health information confidential. It is your right.
What if I am under 16 ?
It explains that anyone who looks after your health has to keep information about you private. This may be doctors, nurses, pharmacists or other health workers.
The information tells you only about how things work in the health service, not other organisations such as your school or social services.
When you are young, your parents are usually involved in your health care. They may make decisions for you, and speak to health workers on your behalf. But as you get older you have more rights. You can decide if you want your parents to be involved or not.
- In Scotland if you are 12 or over, the law assumes you can make your own decisions about your health care information unless there is evidence to suggest you can’t.
- If you are under 12, you may still be able to make decisions about your health care information but the doctor must believe that you understand enough to do this.
- When we talk about parents, we also mean anyone who is your legal guardian.
- If you want to talk about your health in private, and you need an interpreter, ask our reception staff to arrange this for you.
- If you are over 12 years of age Practice staff are unable to provide confidential information to your parent or guardian unless you have given us written permission to do so.
Your Data Protection Rights
West End Medical Practice has a Data Protection Officer who is responsible for ensuring the practice and its employee’s handles data that meets data protection law. For all data protection confidentiality queries please contact the West End Medical Practice Data Protection Officer: Mr Craig Cuthbert, Data Protection Officer, West End Medical Practice, 36 Manor Place, Edinburgh, EH3 7EB
Legal Basis for Holding Information
The West End Medical Practice Data Protection Officer is required to have a legal basis when using personal information. The main legal basis for which NHS Scotland uses personal information is to provide health and social care.
In some situations we may rely on a different legal basis for example, when we are using personal information to pay a supplier, our legal basis is that it is needed for a contract. Another example would be to comply with a legal obligation the NHS has, for example notifying Health Protection Scotland when someone contracts a specific disease.
When we are using more sensitive types of personal information, including health information, our legal basis is usually that the information is necessary:
- for the provision or management of health and social care services (this includes when we are treating you ourselves, or if we are referring you to other services for help)
- for reasons of public interest in the area of public health
- for reasons of substantial public interest for aims that are proportionate and respect people’s rights, for example research
- in order to protect the vital interests of an individual
- for the establishment, exercise or defence of legal claims or in the case of a court order
- to carry out our obligations and exercise our rights in respect of employment, social security and social protection
- for archiving purposes, historical or scientific research or statistical purposes that are proportionate and respect people’s rights
Only in certain circumstances will NHS Scotland, its partners or subcontractors want to use your personal information for other reasons. If this happens we will:
- ask you for your explicit consent
- explain what it means to you
- tell you about your rights (including how to exercise your right to withdraw consent)
As a large employer, we sometimes process staff health data for the purpose of:
- preventative medicine
- occupational medicine
- the assessment of the working capacity of the employee
How your personal information is collected
As well as receiving information directly from you we may also receive it from someone making a call on your behalf such as:
- family members
- individuals and organisations involved in providing health and social care services in Scotland
- other NHS Boards and primary care contractors such as GPs
- other public bodies such as local authorities and suppliers of goods and services
Healthcare professionals providing services for the NHS can view information that comes from different parts of the NHS, such as your Emergency Care Summary (ECS) and your Key Information Summary (KIS), which are copied from your GP’s records.
Equally, GPs have access to health information about you from other areas of the NHS such as hospitals or laboratories. GPs need this information to provide you with effective healthcare.
Pharmacies may have also access to some of your health information, such as prescriptions and allergies.
For further information concerning Confidentiality and your rights please visit the Health Rights Information Scotland
Information kindly provided by Health Rights Information Scotland