Access to patient records by General Practice Solutions (GPS) on behalf of Rowcroft Medical Centre.
Your privacy is of utmost importance to us. As your primary care organisation, we are committed to protecting your personal data and ensuring it is handled securely and transparently.
To enhance our ability to deliver high-quality healthcare services, we have engaged General Practice Solutions (GPS), a trusted specialist provider, to assist with the management, summarisation, and coding of patient records and clinical correspondence. This notice outlines how GPS, acting on our behalf, will process your personal data, the purposes for which this is necessary, and your rights under UK data protection law.
Who we are
Rowcroft Medical Centre is responsible for providing your primary healthcare services. To support us in delivering the best possible care, we have authorised GPS to access, review, and accurately code patient records and correspondence. GPS acts as a data processor on our behalf, while we remain the data controller for all patient information, accountable for its protection and appropriate use.
What information GPS will access
To fulfil their role in supporting our organisation, GPS may access and process the following types of personal data.
Medical records
Details of your medical history, including past and current diagnoses, treatments, medications, allergies, immunisations, test results, and any relevant health conditions.
Clinical correspondence
Communications such as referral letters, discharge summaries, specialist reports, and other documentation related to your care.
Demographic information
Your name, date of birth, NHS number, address, contact details, next of kin, ethnicity, first language, sexual orientation, gender identity, and other relevant demographic data.
Preventive health information
Data related to preventive screenings, recall dates, and vaccination history to ensure proactive patient management.
Lifestyle information
Relevant details about your lifestyle that may impact your health, such as smoking status, alcohol use, and occupation.
Why GPS needs access to your information.
GPS has been contracted to process your personal data for the following essential purposes.
Accurate summarisation and coding
To ensure your medical records are accurately summarised and coded, reflecting comprehensive and up-to-date information. This supports effective clinical decision-making, improves care continuity, and ensures data consistency within your records.
Revie and update of records
To review and clarify existing medical records, particularly where they are incomplete or unclear (e.g., handwritten notes). This includes verifying any missing or illegible data by cross-referencing other sources, ensuring the accuracy and completeness of your health information.
Coding of clinical correspondence
To accurately code all incoming and outgoing clinical correspondence, such as referral letters, specialist notes, and discharge summaries, ensuring that this information is correctly recorded in your medical records and accessible to healthcare providers involved in your care.
Maintenance of preventive screening and vaccination data.
To maintain up-to-date records of preventive screening recall dates and vaccination history, which helps in proactive management and timely patient reminders
Administrative and clinical support
To support the administrative and clinical functions of our practice, ensuring compliance with regulatory requirements such as the Quality and Outcomes Framework (QOF) and other NHS standards.
How your information is protected
We take your privacy very seriously and have established strict measures to protect your personal data. GPS is contractually required to adhere to our data protection policies and the following security standards.
Access control
Only authorised personnel at GPS who need access to your data for the performance of their duties will be granted access. Access is tightly controlled and monitored.
Data security
All personal data is stored securely, whether electronically or in hard copy, using industry-standard security measures such as encryption, firewalls, and secure access controls to prevent unauthorised access, loss, or misuse.
Regular audits and reviews
Security protocols are regularly reviewed and updated to align with current best practices and legal requirements.
Compliance with UK data protection laws
GPS processes all personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
How long we keep your information
GPS will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Once the relevant processing is complete, your data will be securely destroyed or returned to Rowcroft Medical Centre as appropriate.
Sharing your information
GPS will not share your personal data with any third parties unless required to do so by law or where it is necessary for the provision of healthcare services on our behalf. Any data sharing will be conducted in accordance with the instructions and policies set by Rowcroft Medical Centre.
Your rights
As a patient, you have several rights under UK data protection law, including:
Right of access
You have the right to request access to the personal data we hold about you.
Right to rectification
You have the right to request correction of any inaccurate or incomplete data.
Right to erasure
You have the right to request the deletion of your personal data in certain circumstances (the ‘right to be forgotten’).
Right to restrict processing
You have the right to request that we restrict the processing of your personal data in certain situations.
Right to data portability
You have the right to request that your personal data be transferred to another data controller in a structured, commonly used, and machine-readable format.
Right to object
You have the right to object to certain types of processing, such as direct marketing or processing based on legitimate interests.
To exercise any of these rights, please contact us using the details provided below. We will respond to your request in accordance with the statutory timeframes set out under UK data protection law.
Contact information
If you have any questions or concerns about how your personal data is handled, or if you wish to exercise any of your rights, please contact:
Ceri Gardener Practice Manager
Email: rowcroft.correspondence@nhs.net
Phone: 01453 764471
Alternatively, you may contact GPS directly:
General Practice Solutions (GPS)
Email: dataprotection@generalpracticesolutions.net
Address: 71-75 Shelton Street, London, WC2H 9JQ
If you are not satisfied with how we handle your data or our response to your concerns, you have the right to complain to the Information Commissioner’s Office (ICO), the UK’s independent authority for upholding information rights.
Information Commissioner’s Office (ICO).
Website: www.ico.org.uk
Phone: 0303 123 1113
Changes to this privacy notice
We may update this privacy notice from time to time to reflect changes in our practices, legal requirements, or other factors. Any updates will be posted on our website, and we encourage you to review this notice periodically to stay informed about how we protect your privacy.
