Castle Medical Group has a legal duty to explain how we use any personal information we collect about you, as a registered patient, at the practice. Staff at this practice maintain records about your health and the treatment you receive in electronic and paper format.   

 

What information do we collect about you?

We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.

 

How we will use your information

Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.

In order to comply with its legal obligations, this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Additionally, this practice contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure.

Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the GDPR. 

 

Maintaining confidentiality and accessing your records

We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.

You may experience delays in your response in relation to accessing your records. As a key public sector body with very specific health responsibilities we are diverting our resources to help with challenges associated with the current public health emergency. Where possible we would like to encourage you to submit your request by e-mail rather than by post or in person.

 

How the NHS and care services use your information

Castle Medical Group is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy “

 

Mobile SMS service

Staff from the practice are able to send you a SMS message regarding your blood test, sample results, remind you to book for a specific test or review and inform you if we need to cancel or move your appointment. You can also cancel your appointment by clicking on the email link included in text messages.

In order for you to take advantage of this system, please provide the practice will an up to date mobile telephone number. If you no longer want to participate in getting any SMS messages from us, please contact our Patient Services team.

 

AI Scribes

Castle Medical Group is committed to delivering the best possible care to our patients. To enhance the quality and efficiency of our consultations, clinicians (your GP or a member of the multidisciplinary team within the practice) may use Heidi Health AI Scribe during your appointment. This section provides information about what Heidi Health AI Scribe is and how your consent is managed.

What is Heidi Health AI Scribe?

Heidi Health AI Scribe is an advanced, secure digital assistant designed to support clinicians during consultations. It uses artificial intelligence to document medical note, ensuring your clinician can focus on actively listening to your concerns and delivering personalised care, rather than spending time manually recording the notes. Clinicians review and approve the notes that have been captured prior to adding to the patient record.

• Improved Interaction: Allows clinicians to focus solely on the patient during the consultation.
• Accurate Documentation: Helps create precise, clear, and detailed medical notes for the patient record.
• Time Efficiency: Streamlines administrative tasks, giving clinicians more time to spend with their patients.

Patient Consent

Your privacy and comfort are our top priorities. Heidi Health AI Scribe only processes information discussed during your appointment and operates within strict privacy and data protection regulations. Before using Heidi Health AI Scribe, your clinician will explain its role and seek your verbal consent. You have the right to decline its use at any time.

• Data Security: Heidi Health AI Scribe complies with UK data protection laws, including GDPR, ensuring that your information is handled securely and confidentially.
• Your Control: If you prefer not to have Heidi Health AI Scribe involved, please do let your clinician know. This will not affect the quality of care you receive.

 

Freedom of information policy

Click this link to view the Freedom of Information Policy 

 

Risk stratification

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including Castle Medical Group; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.

 

Invoice validation

Your information may be shared if you have received treatment to determine which Integrated Care Board (ICB) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.

 

Data Opt-outs

The national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security and Consent and Opt-outs. 

Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by calling 0300 3035678. Please note this cannot be actioned by your GP practice.

 

Retention periods

In accordance with the NHS Codes of Practice for Records Management, your healthcare records will be retained for 10 years after death, or if a patient emigrates, for 10 years after the date of emigration.

 

What to do if you have any questions

Should you have any questions about our privacy policy or the information we hold about you, you can:

1. Contact the practice’s data controller via email: castlemedicalgroup.noreply@nhs.net. GP practices are data controllers for the data they hold about their patients
2. Write to the data controller at: Castle Medical Group, Ascebi House, 118 Burton Road, Ashby De La Zouch, Leicestershire, LE65 2LP
3. Ask to speak to the Business Partner, or Operations Manager

 

Our Data Protection Officer

The Practice has appointed Umar Sabat as its Data Protection Officer.

He can be contacted on the following e-mail address: umar.sabat@ig-health.co.uk

If you have any concerns about how your data is shared, or if you would like to know more about your rights in respect of the personal data we hold about you, then please contact the Practice Data Protection Officer.

 

Complaints

In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’.

 

Changes to our privacy policy

It is important to point out that we may amend this Privacy Notice from time to time. Any updates will be published on our website to reflect the changes. 

BMA GPs as data controllers under the GDPR

CLICK HERE TO SEE THE FULL PRIVACY NOTICE

 

How to contact the appropriate authorities

If you have any concerns about how your information is managed at your GP Practice, please contact the GP Practice Manager or the Data Protection Officer in the first instance.
If you are still unhappy following a review by the GP Practice, you have a right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at the following address:
Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 01625 545745
Email: https://ico.org.uk/