Annex A – Practice privacy notice 

Introduction

At Sorrel Bank Medical Practice we have a legal duty to explain how we use any personal information we collect about you at the organisation. 
This is in both electronic and paper format.   

Why do we have to provide this privacy notice?

We are required to provide you with this privacy notice by law. It provides information about how we use the personal and healthcare 
information we collect, store and hold about you. If you have any questions about this privacy notice or are unclear about how we process or 
use your personal information or have any other issue regarding your personal and healthcare information, then please contact our Data 
Protection Officer nhsgm.gmgpdpo@nhs.net 

The main things the law says we must tell you about what we do with your personal data are:

● We must let you know why we collect personal and healthcare information about you 
● We must let you know how we use any personal and/or healthcare information we hold about you 
● We need to inform you in respect of what we do with it 
● We need to tell you about who we share it with or pass it on to and why 
● We need to let you know how long we can keep it for 

The General Data Protection Regulation (GDPR) became law on 24 May 2016. This was a single EU-wide regulation on the protection of 
confidential and sensitive information. It entered into force in the UK on the 25 May 2018, repealing the Data Protection Act (1998). Following 
Brexit, the GDPR became incorporated into the Data Protection Act 2018 (DPA18) at Part 2, Chapter 2 titled The UK GDPR. 

For the purpose of applicable data protection legislation (including but not limited to the Data Protection Act 2018 (DPA2018) and Part 2 the UK 
GDPR). 

Using your information

We will use your information so that we can check and review the quality of care we provide. This helps us improve our services to you.

• We will share relevant information from your medical record with other health or social care staff or organisations when they provide 
you with care. For example, your GP will share information when they refer you to a specialist in a hospital or your GP will send 
details about your prescription to your chosen pharmacy.  

• Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff 
who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record 
For more information see NHS E Summary Care Record or alternatively speak to this organisation.  

You have the right to object to information being shared for your own care. Please speak to this organisation if you wish to object. You also 
have the right to have any mistakes or errors corrected. 

Registering for NHS care

• All patients who receive NHS care are registered on a national database (NHS Spine). The Spine is held and maintained by NHS 
England, a national organisation which has legal responsibilities to collect NHS data.

• More information can be found at NHS England - Spine  

Identifying patients who might be at risk of certain diseases

• Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from 
certain diseases such as heart disease or unplanned admissions to hospital. This means we can offer patients additional care or 
support as early as possible.  

• This process will involve linking information from your GP record with information from other health or social care services you have 
used. Information which identifies you will only be seen by this organisation. 

Safeguarding

• Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, 
are protected from risk of harm. These circumstances are rare, and we do not need your consent or agreement to do this.  

Medical research

• This organisation shares information from medical records to support medical research when the law allows us to do so, for example to 
learn more about why people get ill and what treatments might work best. We will also use your medical records to carry out research 
within the organisation.

• The use of information from GP medical records is very useful in developing new treatments and medicines; medical researchers use 
information from these records to help to answer important questions about illnesses and disease so that improvements can be made to 
the care and treatment patients receive.

• We share information with the following medical research organisations with your explicit consent or when the law allows

• You have the right to object to your identifiable information being used or shared for medical research purposes. Please speak to the 
organisation if you wish to object.  

Checking the quality of care – national clinical audits

• This organisation contributes to national clinical audits so that healthcare can be checked and reviewed. Information from medical 
records can help doctors and other healthcare workers to measure and check the quality of care that is provided to you.

• The results of the checks or audits can show where organisations are doing well and where they need to improve. These results are 
also used to recommend improvements to patient care.  

• Data is sent to NHS England, a national body with legal responsibilities to collect data.

• The data will include information about you, such as your NHS Number and date of birth, and information about your health which is 
recorded in coded form – for example the code for diabetes or high blood pressure.  

• We will only share your information for national clinical audits or checking purposes when the law allows.

• You have the right to object to your identifiable information being shared for national clinical audits. Please contact the organisation if 
you wish to object.