As of 1 April 2023, nine GP Practices are now part of the Royal Wolverhampton NHS Trust (RWT), making the trust directly responsible for the delivery of care. These Practices are; Alfred Squire Road Health Centre, Coalway Road Surgery, Lea Road Medical Practice, Oxley Surgery, Penn Manor Medical Centre, Tettenhall Road Medical Practice, Thornley Street Surgery, Warstones Health Centre and West Park Surgery.
This means that as a single organisation, the issues of scope of responsibility, funding, differing objectives and drivers will be removed allowing clinicians to design effective, high quality clinical pathways to improve appropriate access and positively impact patient outcomes. Over time, we aim to increase the number of services and locations from which you will be able to access GP services.
The model is called Vertical Integration (VI) which is a care model where primary care physicians and their teams work together with providers of secondary and community care as part of one single organisation, offering a unique opportunity to redesign services from initial patient contact through on-going management and end of life care.
Within the practices, trained staff members use electronic and paper records to create and maintain an in-depth history of your NHS medical care within the practice and elsewhere (eg. Hospital visits), to help ensure that you receive the best possible healthcare. Anyone who accesses your data within the practice can only do so using an authorised login that identifies them and provides an audit trail of the records accessed.
What information do we collect about you?
At the Royal Wolverhampton Trust, the Primary Care Services team aim to provide you with safe and effective care to the highest standards. To do this your doctor and the team of health professionals caring for you will keep records about your health and any care you receive from the Trust. This is called your Health Records and may be stored in a paper form or on computer systems. This may include:- Basic details as your name, address, date of birth, NHS number, gender, next of kin, and ethnicity
- Details of your appointments at the Practice or home visits
- Details of your hospital appointments/visits
- Notes and reports about your health, treatment and care
- Results of x-rays, scans and laboratory tests
- Relevant information from people who care for you and know you well, such as health professionals and relatives
- Allergies and sensitivities
- Current and historical medication
- Family history
How do we use this and what is the legal basis?
Primary Care Services use the above data in the following ways. For each purpose we process your personal data, the legal bases allowing us to do so is listed within the table
| Purpose of using personal data in GP Practices | Legal basis of processing personal data |
|---|---|
|
Provision of direct care and related administrative purposes For example: appointment booking, referrals to hospital or patient communication via text |
GDPR Article 6(1)(e) – the performance of a task carried out in the public interest GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems |
|
For commissioning and healthcare planning purposes For example: collection of mental health data set via NHS Digital . |
GDPR Article 6(1)(c) – compliance with a legal obligation GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems Special category 9(2)(i) – public interest in the area of public health |
|
For planning, general running purposes and system improvements For example: Care Quality Commission powers to require information and records |
GDPR Article 6(1)(c) – compliance with a legal obligation (the GP practice) Regulation 6(1)(e) – the performance of a task carried out in the public interest (CQC) GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems. Special category 9(2)(i) – public interest in the area of public health |
|
For planning and running of the NHS nationally For example: National clinical audits |
GDPR Article 6(1)(e) – the performance of a task carried out in the public interest GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems. Special category 9(2)(i) – public interest in the area of public health |
|
For research purposes For example: Investigating the effectiveness of health campaigns such as stop-smoking |
GDPR Article 6(1)(f) – legitimate interests…except where such interests are overridden by the interest or fundamental rights and freedoms of the data subject GDPR Article 6(1)(e) – the performance of a task carried out in the public interest GDPR Article 6(1)(a) – explicit consent GDPR Article 9(2)(j) – scientific or historical research purposes or statistical purposes |
| For safeguarding and other legal duties |
GDPR Article 6(1)(e) – the performance of a task carried out in the public interest Regulation 6(1)(c) – compliance with a legal obligation GDPR Article 9(2)(b) – purposes of carrying out the obligations of ..social protection law |
|
When you request us to share you information For example: Subject access requests |
GDPR Article 6(1)(a) – explicit consent GDPR Article 9(1)(a) – explicit consent |
|
If there is CCTV and Call recording in the practice: (this is only applicable to some VI practices; contact your practice for more information) |
GDPR Article 6(1)(f) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject
which require protection of personal data, in particular where the data subject is a child. GDPR Article 9(2)(f) - processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity |
| The sharing of VI patient data with Commissioning Support Unit to establish trends within frail, elderly patients |
GDPR Article 6(1)(e) – the performance of a task carried out in the public interest
|
| Extended access medical service - provision of weekday and/or weekend access to pre-bookable and same day appointments to general practice services, provided by Unity GP practices. | Under Article 6 of GDPR, the following condition can be met:
|
Who do we share your information with?
We may share information about you with the following agencies in order to support the delivery of your care:- Department of Health and other NHS bodies
- Wolverhampton Clinical Commissioning Group (CCG)
- Wolverhampton City Council (Social Care Services)
- Wolverhampton Voluntary Sector Council (Social Prescribing Service)
- New Cross Hospital (RWT)
- General Practitioners (GP’s) who are part of the group of Practices vertically integrated with the Trust, should you choose to book into one of the extended access clinics at another location other than your usual Practice
- Ambulance Service
- Mental health services
- Social services
- Other national providers of health care who you choose to be referred to, in consultation with your healthcare professional
- An automated appointment reminder system for the provision of appointment and other relevant information via text message
- The Strategy Unit (Midlands and Lancashire CSU)
- GP practices part of the Unity Group limited (for the purposes of proving consultations out of normal working hours (under a contract with the Trust)
Who and where do we obtain your information from?
The Practice will collect data about you in a numbers of ways. The main method of collection is from you directly via:
Face to face:
Most of the information we hold about you will be collected from you at the time you engage with the service. Any data provided will be used for the reasons listed in this notice and will only relevant data will be requested and recorded.
Telephone calls:
The information you disclose over a telephone call may be recorded by the Trust either to support your care or as a record of the conversation. Ordinarily we will inform you if we record or monitor any telephone calls you make to the Trust. This is to
increase your security, for our record keeping of the phone call and for training and quality purposes.
Emails:
If you email us we may keep a record of your contact and your email address for our record keeping.
From another Practice:
Electronic and paper transfer of medical records from previous Practice when newly registering. Medical records from out of hours provider.
Other organisation:
We may receive information from other organisations that are also required by law to share information with us about you, to help us have a full picture of your needs and provide you with care.
Referrals - We may receive referrals or a transfer of your notes to specific specialties as a result of your care being transferred to our organisation. This can be from another Trust, your GP or any health or social care provider initiating a referral.
Direct access - The Trust and its staff may, on a need to know basis have access to specific clinical systems from other organisation such as the summary care record, other Trust clinical systems in order to access information about you that is relevant to your care delivery. All systems are auditable and access is on a need to know basis
From our appointment text messaging service - The practice may send you text messages which can be responded to. The information collected in these text responses is used to update your patient information on our clinical system. We may ask you for information to investigate the effectiveness of health campaigns eg After using our stop smoking service, have you since quit?
What rights do I have in relation to my information?
Below is a list of the rights you have in relation to your data and when they apply. To make an application for any of the below rights please contact the Health Records Access Team rwh-tr.healthrecordsaccess@nhs.net in the first instance. All rights should be considered within 30 calendar days from date of receipt, but may be extended if complex.
The Right of Access
You have the right to request a copy of any information held by the Trust as well as any supplementary information. See How do I request my information? for details on how to request your information.
Right to Rectification
If you believe your information may be inaccurate or incomplete you can make a request to have your information reviewed.
The Right to Erasure
The right to erasure is also known as the ‘right to be forgotten’ introduces a right for you to have personal data erased. Generally this right is not available with health care data. Where this right is available for specific processing you will be notified.
The right to restriction allows you to request the restriction or suppression your personal data. This right is closely linked with the right to rectify and the right to object and will only apply if:
- you contest the accuracy of your personal data and the accuracy is being verified by the trust;
- the data has been unlawfully processed (ie in breach of the lawfulness requirement of the first principle of the GDPR) and you oppose erasure and requests restriction instead;
- the personal data is no longer needed but we need to keep it in order to establish, exercise or defend a legal claim.
The right to data portability allows you to obtain and reuse your personal data across different services. The process should allow for moving, copying or transfer of personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The right to data portability is not an absolute right and generally will not apply to your health care record unless:
- The processing is based on your consent or in the performance of a contract;
- When processing is carried out by automated meanss
The Right to Object
The right to object to processing means that data should cease to be processed. This right applies only where data is obtained with your consent. In most cases we rely on our legal basis to process your data and not consent and therefore for care purposes this right may not apply. If your data is used for any other reason this right may apply, but would have to be assessed on an individual basis.
Use of profiling
Profiling is automated processing of personal data to evaluate certain things about an individual. The Trust may use profiling techniques for health care planning purposes. An example of this type of processing is the process of risk stratification of patients based on frequency of attendance.
National Data Opt Out: How we use your information for purposes in addition to your individual care
RWT is working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care. This is called the National Data Opt Out.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters
On this web page you will:- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.
Our organisation is currently compliant with the national data opt-out policy.
How do I request my information?
You have a right to see or have copies of any information held by the Trust that relates to you free of charge. We have the right to charge an administration fee in situations where repeated requests are received for the same information or the request is excessive. You will be required to prove your identity when making requests.
Subject Access Requests under GDPR rules (post 25 May 18) will be processed within 30 days. However, once our teams have established the volume of records requested there may be a requirement to extended this up to a further 2 months. We will contact you within 30 days should this be the case.
To request access to health records please complete a Subject Access Request form, link provided below, and forward on to:
Health Records Access Team
Health Records Library
Location B19
New Cross Hospital
Wednesfield Road
Wolverhampton
WV10 0QP
Email: rwh-tr.healthrecordsaccess@nhs.net
Telephone: 01902 307999 Extension 85544/85545/88093
Subject Access Request form (PDF, 171Kb)
Subject Access Request form (Word, 54Kb)
The Health Records Access Team also deal with the Health Records of deceased persons.
Access to the health records of a deceased person is governed by the Access to Health Records Act (1990). Under this legislation when a patient has died, only their personal representative, executor or administrator of their will, or anyone having a claim resulting from the death (this could be a relative or another person), has the right to apply for access to the deceased’s health records.
Access to Health Records Request form (PDF, 111Kb)
Access to Health Records Request form (Word, 53Kb)
How long is my information kept for?
All our records are destroyed in accordance with the NHS Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained. We do not keep your records for longer than necessary.
All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required.
GP Patient Records are retained for 10 years after patient death. For more information please see the Record Management Code for Practice for Health and Social Care 2016, retention schedules
How to make a complaint
If you have any questions about your care or a complaint, please speak to the health professional with your care in the first instance.If this is not resolved to your satisfaction you can contact the Patient Advice and Liaison Service (PALS).
Data Protection Officer (DPO): Raz Edwards
Email:
rwh-tr.IG-Enquiries@nhs.net
Address: New Cross Hospital, Wolverhampton Road, Heath Town, Wolverhampton WV10 0QP
The Data Protection Officer is a point of contact for advice and guidance in relation to your rights. The DPO is responsible for monitoring the Trusts compliance with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) 2016 as any policies the Trust has in relation to the protection of personal data. The DPO shall perform their duties in an independent manner with due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
If you have any concerns about how your information is being processed or any of the rights as detailed above, please contact the Trust in the first instance through:
Health Records Access Team
Health Records Library
Location B19
New Cross Hospital
Wednesfield Road
Wolverhampton
WV10 0QP
Email: rwh-tr.healthrecordsaccess@nhs.net
Telephone: 01902 307999 Extension 85544/85545/88093
You also have a right to complain directly to the Information Commissioner’s Office if you feel the Trust has not responded effectively to any of the above.
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk
