Privacy Statement

The practice wants to protect the privacy of visitors to our website. Please read the following policy to understand how we use your personal data. We may change our privacy policy at any time, so please check it each time you visit our website
If you have any questions about this statement or your personal information, please contact us at:

Yorkshire Street Medical Centre
80 Yorkshire Street
BURNLEY
BB11 3BT
Tel: 01282 731361


Information collection and use via email

To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.




Information collection and use through our website

You do not have to give us any personal information in order to use most of this website.
The practice is the sole owner of the information collected on this website. We do not sell, share, or transfer this information, except as set out in this statement. We use your information to improve our marketing, for administration and to provide legal services.
The types of information we collect through our website are described below. By using our website you consent to the collection and use of any personal information in the manner described.




Newsletters

To subscribe for our insights and news updates please register by emailing us. To unsubscribe, either update your details via the subscription form or email us at scripts@nhs.net




Cookies

A cookie is a piece of data stored on a user's hard drive containing information about the user. The information below explains the cookies we use on our website and why we use them:


• Google Analytics cookies: we use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.
• ASP.Net cookie: we use this cookie to allow visitors to view the website without logging in as a registered user. Once you close your browser, the cookie is deactivated.


You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at: www.allaboutcookies.org.



IP addresses

We use IP addresses to analyse trends, administer the website, track users' movements, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.




Links

This website contains links to other websites. Please note that we are not responsible for the privacy practices of other websites. This privacy statement applies solely to information collected by this website.




Security

We take all appropriate steps to protect your information both online and off-line. If you would like information on our security procedures please contact us.




Contact us

If you:

• would like to access the personal information we hold about you;
• believe that information we hold about you is incorrect; or
• have any questions in relation to the information concerning privacy and personal information;
then we ask that you contact us via email to scripts@nhs.net and we will take reasonable steps to resolve those concerns as soon as practicable. In some cases we may not be able to give you access to personal information we hold regarding you if making such a disclosure would breach our legal obligations to our client or if prevented by any applicable law or regulation.



In Practice How we use your information

Our Privacy Notices explains why we collect your information and how that information may be used.
As of 25 May 2018 Under the General Data Protection Regulation (GDPR) we must ensure that your personal confidential data (PCD) is handled in ways that are transparent and that you would reasonably expect. The Health and Social Care Act 2012 has altered the way that personal confidential data are processed. Consequently, you must be aware and understand these changes and that you have the opportunity to object and understand how to exercise that right.

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare.

The practice Data Protection Officer is: Practice Manager
The practice Data Controller is: Yorkshire Street Medical Centre

NHS health records may be processed electronically, on paper or a mixture of both and through established working procedures and best practice coupled with technology we ensure your personal data is kept confidential and secure. Records held by us may include the following:

• Your personal data, such as address and next of kin;
• Your history with us, such as appointments, vaccinations, clinic visits, emergency appointments, etc;
• Notes and reports about your health;
• Details about your treatment and care;
• Results of investigations and referrals such as blood tests, x-rays, etc; and
• Relevant information from other health professionals, relatives or those who care for you.

We obtain and hold data for the sole purpose of providing healthcare services to our patients and we will ensure that the information is kept confidential. We can disclose your personal information if:

(a) It is required by law;
(b) You consent – either implicitly or for the sake of your own care or explicitly for other purposes; and
(c) It is justified in the public interest

Some of this information is held centrally and used for statistical purposes. Where we hold data centrally, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the Practice will always endeavour to gain your consent before releasing the information.



Risk Stratification

Risk Stratification is a process that helps your family doctor (GP) to help you manage your health. By using selected information from your health records, a secure NHS computer system will look at any recent treatments you have had in hospital or in the surgery and any existing health conditions that you have. This will alert your doctor to the likelihood of a possible deterioration in your health. The clinical team at the surgery will use the information to help you get early care and treatment where it is needed. Midlands and Lancashire Commissioning Support Unit (MLCSU) DSCRO (the regional processing centre) supports GP Practices with this work. NHS security systems will protect your health information and patient confidentiality at all times.

Please note that you have the right to opt out of Risk Stratification.

Should you have any concerns about how your information is managed, or wish to opt out of any data collection at the Practice, please contact the practice, or your healthcare professional to discuss how the disclosure of your personal information can be limited.

Patients have the right to change their minds and reverse a previous decision. Please contact the practice, if you change your mind regarding any previous choice.



Invoice validation

We will use limited information about individual patients when validating invoices received for your healthcare, to ensure that the invoice is accurate and genuine. This will be performed in a secure environment and will be carried out by a limited number of authorised CSU staff. These activities and all identifiable information will remain with the Controlled Environment for Finance (CEfF) approved by NHS England. Where possible we will strive to use the NHS number as a quasi-identifier to preserve your confidentiality.



Our partner organisations

We may need to share your information, subject to agreement on how it will be used, with the following organisations:

• NHS Trusts
• Health & Social Care Information Centre (HSCIC)
• Specialist Trusts
• Independent Contractors such as dentists, opticians, pharmacists
• Private Sector Providers
• Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups
• Commissioning Support Units
• Social Care Services
• Local Authorities
• Education Services
• Fire and Rescue Services
• Police
• Other ‘data processors’



Access to personal information held about you

Under GDPR, you have a right to access/view information we hold about you, and to have it amended or removed should it be inaccurate. If we do hold information about you we will:

• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.

If you would like to make a ‘subject access request’, please contact the Practice Manager in writing. There may be a charge for this service.

Any changes to this notice will be published on our website and in a prominent area at the Practice.

We are registered as a data controller under the GDPR and Data Protection Act 1998. The registration can be viewed online in the public register at:
Register of data controllers | ICO




How we keep your personal information confidential

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the GDPR (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.