Each health and care organisation in Greater Manchester collects information about you and keeps records about the care and services they have provided. The GM Care record pulls together the information from these different health and social care records and displays it in one combined record.
How is your personal information kept safe and secure in the GM Care Record?
We ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only and protect personal and confidential information.
Appropriate technical and security measures in place to protect the GM Care Record include:
- complying with Data Protection Legislation;
- encrypting Personal Data transmitted between partners;
- implementing and maintaining business continuity, disaster recovery and other relevant policies and procedures
- a requirement for organisations to complete the Data Security and Protection (DSP) Toolkit introduced in the National Data Guardian review of data security, consent and objections, and adhere to robust information governance management and accountability arrangements;
- use of ‘user access authentication’ mechanisms to ensure that all instances of access to any Personal Data under the GM Care Record are auditable against an individual accessing the GM Care Record;
- ensuring that all employees and contractors who are involved in the processing of Personal Data are suitably trained in maintaining the privacy and security of the Personal Data and are under contractual or statutory obligations of confidentiality concerning the Personal Data.
The NHS Digital Code of Practice on Confidential Information applies to all NHS and care staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All staff with access to Personal Data are trained to ensure information is kept confidential.
Whilst you are automatically enrolled into the GM Care Record as a GM citizen, you have the option to object to your information being shared for individual care and
Access to personal information
You have a right under the Data Protection Act 2018 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:
- Your request must be made in writing to the GP – for information from the hospital you should write direct to them • There may be a charge to have a printed copy of the information held about you • We are required to respond to you within 1 month• You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located
Objections / Complaints
Should you have any concerns about how your information is managed at the GP Practice, please contact the Practice Manager. If you are still unhappy following a review by the GP Practice, you can then complain to the Information Commissioners Office (ICO) via their website (www.ico.gov.uk).
If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything. If you have any concerns about how your data is shared then please contact the practice.
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
Notification
The Data Protection Act 2018 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
This information is publicly available on the Information Commissioners Office website www.ico.org.uk
The practice is registered with the Information Commissioners Office (ICO). Data Controller Registration Number is Z5232023
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure and confidential is:
Cornerstone Family Practice
Complaints
Should you have any concerns about how your information is managed by the Practice please contact the Practice Manager at the following address:
Cornerstone Family Practice
Cornerstone Centre
2 Graham Street
Beswick
Manchester M11 3AA
If you are still unhappy following a review by the Practice you can then complain to the Information Commissioners Office (ICO). www.ico.org.uk, casework@ico.org.uk, telephone: 0303 123 1113 (local rate) or 01625 545 745