Policies and Procedures

With effect from 25th May 2018, the General Data Protection Regulations (GDPR) replaces the Data Protection Act (1995).  This affects how we manage the information we hold about you, and your access to it.  This notice is to make you aware of specific facts in this regard:

The Information that we hold:

Name, address, date of birth and National Insurance Number, telephone contact numbers.

Details of all consultations with Doctors and Nurses at this practice, together with any other practices you may have been registered with (permanently or temporarily) throughout your life.

Prescribed medicines – whether regular repeat medication or acute medications throughout your life.

Administration contacts when these relate directly to your health.

All hospital letters regarding outpatient and inpatient contacts, and Accident and Emergency attendances at all hospitals – throughout your life

Out of Hours contacts – and details of all such consultations.

Correspondence with third party agencies, eg Department of Work and Pensions; Insurance Companies; Employers.

If you utilise “My Health on Line” or “Ask my GP” we will have an email address for you.

Any other forms you have completed eg in relation to travel vaccination.

Copies of decisions you may have made in respect of (eg) Power of Attorney; Do Not Attempt CPR (Resus) – providing we have been made aware of such decisions.

If you have made a complaint against the practice – this information will be held securely and will NOT form part of your medical record, unless there is any aspect of the complaint that directly affects future care.

If you have behaved inappropriately or with aggression or violence towards any member of NHS staff this will be held on your medical record.

How/Where your information is held:

Your original paper record which has followed you throughout your life from GP to GP is summarised to ensure your computer record holds essential details on your past health.  Your paper record is rarely used and is retained for reference purposes should there be any detailed enquiry (eg Insurance companies) about your past health.

Your computerised record will hold scanned images of all hospital letters we receive, together with electronically received results, letters, notifications from A&E or the Out of Hours Service, and third party agencies etc. Copies of letters sent to hospitals, or third party agencies (on your request).

Limited information held securely within administration files for the purpose of providing information within the terms of the GP contract to secure NHS income to the practice for the continuation of primary care services.  This information is not identifiable to anyone outside of the NHS.

How we use this information:

ONLY in relation to the direct management of your health.

To respond to queries from third party agencies (eg Insurance companies, Solicitors – at your request).

Within the requirements of our contracted status in the NHS to provide information to secure appropriate levels of funding to continue providing health services within primary care.

Sharing of this information:

As necessary with other health providers (NHS and/or private) in relation to referrals for additional care.

With pharmacies via prescriptions issued.

Anonymised data is shared with Public Health Wales to support health analysis and improvements to the NHS.

A&E, Out of Hours and other hospital departments have electronic access to restricted areas of your records to check significant medical history, medications, recorded allergies, recent pathology results – as necessary for your immediate or ongoing care.

Social Services and Police Departments when this is in the interests of public safety, or in the case of protection of a vulnerable adult or safeguarding of children.

Information Technology: the providers and maintenance of our clinical system will occasionally involve dial in access – all of these engineers have been appropriately CRB checked and will have limited access to any individual medical records.

Carers – when these have formally completed the appropriate carer forms and we have a record of your request – carers are not entitled to your full lifelong records, they are only empowered to act on your behalf for issues that you are unable to deal with personally; and can only access records applicable to the period of time after they have signed as your carer.

Advocates or other family members/friends: ONLY as directed by you and with your signed authority. (Please note that in an emergency a healthcare professional may need to deal with someone representing you without obtaining your consent).

Access Requests & Your Rights:

Your information will not be provided to any third party (other than as outlined above) without your express consent. This includes Solicitors and Insurance Companies.  It is your responsibility to check the level of consent you are granting.

We will verify third party requests and provide the agreed level of information within one calendar month of the date of your response confirming that this is your wish. 

You have the right to request access to your medical records and to validate the information we hold.

If the information is proven to be inaccurate, or incorrect you have the right for any errors to be rectified or erased.

We will respond to your requests within one calendar month (in line with GDPR).

If the information requested is excessive we may ask that this be extended to 2 months.

In the case of excessive or repeated requests by you we have the right to charge a fee.

Any complaint in relation to data protection or confidentiality should be made in writing and addressed to the Practice Manager.  Your complaint will be acknowledged within 2 working days and you will receive a full response/explanation/apology as appropriate within 30 working days.


Your medical records are lifelong documents which will follow you from practice to practice for life, containing all of the information outlined above.

When you leave the practice your paper records will be forwarded to your new GP together with a printed copy of your computerised record. Your actual computer records will be archived, and will remain archived as we may need to access them in the future if there are any queries in respect of the care you had whilst registered.  However, your archived records will NOT be accessed without need or without your consent and you are able to ask us to see your archived records at any time.  If you have any concerns about access please contact the Practice Manager.

Designated Responsibilities

The Senior Partner – Dr Emma Evans is responsible for the level of confidentiality within the practice.

The Practice Manager – Kerry Matthews is responsible for the level of Information Governance and ensuring that all staff adhere to the rules and principles of patient confidentiality.

All Doctors and Staff at the surgery are tasked with ensuring patient confidentiality at all times – please remember that this will also apply to members of your own family making enquiries about you.  If you are a carer, or you rely on a carer it is important that we have appropriately signed consent to allow appropriate sharing of information. 

All practice employees – at every level – have signed confidentiality agreements integral to their contract of employment.  Proven breaches of confidentiality will be taken very seriously.  If you suspect a breach of confidentiality in relation to the practice or any member of staff this should be brought to our attention immediately.

National Opt-Out Facility

You can choose whether your confidential patient information is used for research and planning.

Who can use your confidential patient information for research and planning?
It is used by the NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments.

Making your data opt-out choice
You can choose to opt out of sharing your confidential patient information for research and planning. There may still be times when your confidential patient information is used: for example, during an epidemic where there might be a risk to you or to other people’s health. You can also still consent to take part in a specific research project.

Will choosing this opt-out affect your care and treatment?
No, your confidential patient information will still be used for your individual care. Choosing to opt out will not affect your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.

What should you do next?
You do not need to do anything if you are happy about how your confidential patient information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service.

You can change your choice at any time.

To find out more or to make your choice, call 0300 303 5678 or https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/

Freedom of Information Act from the ICO
Please click the following link for more information https://ico.org.uk/media/for-organisations/documents/1153/model-publication-scheme.pdf