We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
GP Planning & Research Privacy Notice
Commissioning, Planning, Risk Stratification and Research Privacy Notice
We are required by law to provide you with the following information about how we handle your information.
The Westerham Practice uses data insightfully for Research, auditing and healthcare planning (population health management).
We are required by law to provide you with the following information about how we handle your information
Data Controller contact details
- The Westerham Practice, Russell House, Market Square, Westerham, Kent, TN16 1RB
Purpose of the processing
If data from many patients are linked up or pooled, Researchers and Doctors can look for patterns in the data, helping them to develop new ways of predicting illness, and identify ways to improve clinical care.
This information can be used to help:
- Understand more about disease risk and causes
- Improve diagnosis
- Develop new treatments and prevent diseases
- Plan NHS and GP Services
- Improve patient safety
- Evaluate Government and NHS Policy
Information we collect and use
Pseudonymised data
- Information about individuals but with identifying details (such as name or NHS number) replaced with a unique code
Anonymised data
- Information about individuals but with identifying details removed
Aggregated data
- Anonymised information is grouped together so that it does not identify individuals
In certain circumstances, where we have a lawful basis it may be necessary to use:
- Demographics: name, address, date of birth, postcode, and NHS number
- Medical history
Lawful basis for processing
These purposes are supported under the following sections of the UK General Data Protection Regulations:
- Article 6(1)(c) … ‘necessary for compliance with a legal obligation to which the controller is subject
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
- Article 9(2)(g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;’
- Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of domestic law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy’
- Article (9)(2)(j) ‘processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) (as supplemented by section 19 of the 2018 Act) based on domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
- Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018
- Schedule 1, Part1(3) Public Health, Data Protection Act 2018
- Schedule 1, Part 1(4) Research etc, Data Protection Act 2018
- Schedule 1 Part 2(6) Statutory etc and government purposes, Data Protection Act 2018
The Practice recognises your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” to keep information about you confidential. Even though consent is not the legal basis for processing personal data for secondary purposes such as service evaluations and audit, the common law duty of confidentiality is not changing, therefore consent is still needed for people outside the care team to access and use confidential patient information for clinical audit, unless you have support under the Health Service (Control of Patient Information Regulations) 2002 (‘section 251 support’) applying via the Confidentiality Advisory Group in England and Wales or similar arrangements elsewhere in the UK.
Strategic Health and Care Board (SHcAB)
Your information will be passed, with all identifiers removed, to a collaborative programme called the Kent & Medway Shared Health and Care Analytics Board. It will be used for population health management purposes beyond your individual care, including, for example, planning services, managing finances, early treatment of illnesses (known as risk stratification), coordinating and improving patient and service user’s movement through the health and care system, research, and public health enhancement.
Kent and Medway Care Record (KMCR)
The Westerham Practice is one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data.
Further information about the Kent and Medway Care Record and the ways in which your data is used for this system.
General Practice Extract Service (GPES)
NHS Digital, collects data from Practices to support vital health and care planning and research. This information is used insightfully to better understand what causes ill health and, importantly, what we can do to prevent or treat it and provide better care.
Health Service (Control of Patient Information) Regulations 2002 (COPI)
The Secretary of State for Health and Social Care has issued Notices under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI) which required organisations to share confidential patient information with organisations entitled to process this under COPI for COVID-19 purposes (COPI Notices).
Further guidance on processing personal data, when the COPI Notice expires
Population Health Management
Your information is passed, with all identifiers removed to NHS Kent and Medway for public health management.
This enables the Practice to identify the appropriate level of care and services for distinct groups of patients. It is the process of assigning a risk status to patients, then using this information to direct care and improve overall health outcomes.
National Data Opt-Out
The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning.
The National Data opt-out can be applied here
It is worth noting that in a small number of exceptional circumstances, where senior health care professionals can decide to share information based on public interest, and in these cases the National Data Opt-out does not apply.
The Confidentiality Advisory Group (CAG) considers applications for the use of patient data without consent under the following regulations of Control of Patient Information Regulations 2002 , Section 251 of the NHS Act 2006:
- Regulation 2 – for diagnosis and treatment of cancer
- Regulation 5 – for general medical and research purpose
Specific exemptions to the national data opt-out policy have been made for disclosure of data for:
- Public Health England National Disease Registers
- Assuring Transformation
- National patient experience surveys
There are also specific policy considerations for NHS Digital, as the national safe haven of health and care data with specific powers under the Health and Social Care Act 2012. National data opt-outs do not apply where NHS Digital indicate data should be provided to them under s259 of the Health and Social Care Act 2012.
Rights to object
The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning.
For further details on your rights and how to complain please see the main privacy notice