Direct Care Privacy Notice

The Phoenix Medical Practice uses your information to provide you with healthcare.

This practice keeps medical records confidential and complies with data protection legislation.

We hold your medical record so that we can provide you with safe care and treatment. 

We are required by law to provide you with the following information about how we handle your information. Our full list of Privacy Notices can be found here

Data Controller contact details The Phoenix Medical Practice
33 Bell Lane
Burham, Rochester
Kent
ME1 3SX
Purpose of the processing To give direct health or social care to individual patients. 
For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
A list of Practice processing activities can be obtained by obtained from the practice. Please contact us via our secure online form
Information we collect and use
  • Special data information including racial or ethnic origin; religious or philosophical beliefs; genetic data; biometric data (where used for identification purposes); data concerning health; data concerning a person’s sex life; and data concerning a person’s sexual orientation.
  • Demographics: name, address, date of birth, postcode, and NHS number
  • Medical history 
  • Adult and Children safeguarding information 
  • Third party identifying data: basic details about other individuals that may be involved in providing your care and support services, e.g. emergency contacts, relatives, mobility services providers, home care support
Lawful basis for processing

These purposes are supported under the following sections of the UK General Data Protection Regulations:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and 
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”  
Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018 
The legal obligation relies on the Health and Social Care Act 2012 s251(b) (as amended by the Health and Social Care (Safety and Quality) Act 2015 which created a statutory ‘duty to share’).  

We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” to keep information about you confidential.

Recipient or categories of recipients of the processed data

Please see our main privacy notice for a full list of organisation we share information with

The Practice may also receive information about your health from these organisations who are involved in providing you with health and social care. This means your GP medical record is kept up-to date when you receive care from other parts of the health service

NHS Summary Care Record The Summary Care Record is an electronic record of important patient information created from GP Medical Records.  They can be seen and used by authorized staff in other areas of the health and social care system involved in a patient’s direct care
National Screening Programmes The NHS provides national screening programmes so that certain diseases can be detected at an early stage. The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme. Information regarding screening programmes can be found here
Kent and Medway Care Record (KMCR

Phoenix surgery are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data. 

For further information about the Kent and Medway Care Record and the ways in which your data is used for this system please click here.

Population Health Management Your information is passed, with all identifiers removed to NHS Kent and Medway for public health management.  This enables the Practice to identify the appropriate level of care and services for distinct groups of patients.  It is the process of assigning a risk status to patients, then using this information to direct care and improve overall health outcomes.  
National Data Opt-out

The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning.

The National Data opt-out can be applied here.

It is worth noting that in a small number of exceptional circumstances, where senior health care professionals can decide to share information based on public interest, and in these cases the National Data Ot-out does not apply.

The Confidentiality Advisory Group (CAG) considers applications for the use of patient data without consent under the following regulations of Control of Patient Information Regulations 2002 , Section 251 of the NHS Act 2006:

Regulation 2 – for diagnosis and treatment of cancer

Regulation 5 – for general medical and research purpose

Specific exemptions to the national data opt-out policy have been made for disclosure of data for:

  • Public Health England National Disease Registers
  • Assuring Transformation
  • National patient experience surveys

There are also specific policy considerations for NHS Digital, as the national safe haven of health and care data with specific powers under the Health and Social Care Act 2012. National data opt-outs do not apply where NHS Digital indicate data should be provided to them under s259 of the Health and Social Care Act 2012. 

For details on your rights and who to complain please see the main privacy notice