In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.

How Your Data is Used

Your health and care information is used to improve your individual care. It is also used to help us research new treatments, decide where to put GP clinics and plan for the number of doctors and nurses in your local hospital. Wherever possible we try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.

What is Confidential Patient Information?

Confidential patient information identifies you and says something about your health, care or treatment. You would expect this information to be kept private. Information that only identifies you, like your name and address, is not considered confidential patient information and may still be used: for example, to contact you if your GP practice is merging with another.

Who can use Your Confidential Patient

It is used by the NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments.

Making Your Data opt-out Choice

You can choose to opt out of sharing your confidential patient information for research and planning. There may still be times when your confidential patient information is used: for example, during an epidemic where there might be a risk to you or to other people’s health. You can also still consent to take part in a specific research project.

Will Choosing this opt-out Affect Your Care and Treatment?

No, your confidential patient information will still be used for your individual care.

Choosing to opt out will not affect your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.

What Should you do Next?

You do not need to do anything if you are happy about how your confidential patient information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your choice at any time by clicking here.

All GP practices are required to declare the mean earnings for GPs working to deliver NHS services to patients at each practice.

The average pay for GPs working in St Paul’s Medical Centre in the last financial year (2023/2024) was £91,637  before tax and national insurance. This is for 3 full time GPs and 5 part time GPs who worked in the practice for more than six months.

Disclaimer

NHS England require that the net earnings of doctors engaged in the practice is published, and the required disclosure is shown above. However it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice, and should not be used to form any judgement about GP earnings, nor to make any comparison with any other practice.

What is a Primary Care Network?

The definition of a Primary Care Network is to enable the provision of proactive, accessible, coordinated and more integrated primary and community care improving outcomes for patients.

They are formed around natural communities based on GP registered lists, serving populations of around 30,000 to 50,000.

The Central West Primary Care Network

The Central West Primary Care Network are a collaboration of 3 GP Practices, St Paul’s Medical Centre, Adelaide Street Surgery and South King Street Medial Centre. We serve a population of registered patients on our list equating to approximately 34,000 patients.

Networks need to be small enough to provide the personal care valued by both patients and GPs, but large enough to have impact through deeper collaboration between practices and others in the local health (community and primary care) and social care system. We are looking to provide a platform for providers of care to be sustainable into the longer term.

Introduction

Patients’ medical records should accurately reflect the medical conditions, care and treatment they have experienced over time. This is necessary for good continuing patient care and for medico-legal reasons. The records should therefore be correct, complete and, where possible, contemporaneous.

This policy applies to all GP principals, employed locums and assistants, practice-employed staff, and others working within the practice.

The Practice’s legal bases for collecting, storing, processing and destroying personal and medical information about patients under GDPR are:

Article 6(1)(e) – Public task

Article 9(2)(h) – For the purpose of preventative and occupational medicine

The highest standards of governance must be applied in recording, storing and disposing of patient information, in line with Caldicott principles, the Data Protection Act, General Data Protection Regulations and other legislation and regulations in force.

This policy should be read in conjunction with the following:

• Confidentiality and consent to the disclosure of confidential information
• Summarising policy
• IM&T policy
• Home visits protocol

Recording contacts with patients

1. All patient consultations and other encounters/contacts with/about patients must be recorded in the computer record, whether they have been undertaken at the surgery, as a home visit, by telephone, text, email or letter. The encounter must reflect the place/type of consultation.

• Entries should be linked to the relevant problem title in the patient’s summary where appropriate. The problem will generally be a diagnosis rather than a symptom or procedure.  New problems should be added using the correct read/Snomed code. Long-term conditions and single episode problems must be added as a problem once only.

• Active problems should include long-term conditions and chronic diseases, conditions currently under treatment by medication or under hospital care and those currently symptomatic.
• Other problems should be classified as Past Significant if likely to recur or have a future impact on the patient’s health and wellbeing, or otherwise Past Minor.

• Consultations should include details of the presenting problem, examinations undertaken, differential diagnoses, medication prescribed and care plan (investigations, medication changes, action to take for red flags, referrals, follow-up arrangements, etc).

• Unconfirmed or differential diagnoses should be entered as free text under the symptom code, or the Uncertain Diagnosis code (R2).

• Visit requests should be recorded on the EMIS Web Home Visit page. This record should then be annotated by the practitioner as appropriate when taking ownership of the visit and then updating the patient’s notes afterwards e.g. by adding in clinical findings and advice/treatment following the visit or consultation by telephone.

• Templates should be used to input clinical data (where available).

• Telephone, email and online consultations must be recorded in the same way as a face-to-face consultation, under the correct place of encounter.

1. Where a patient is accompanied, details should be recorded. In the case of children aged under 16 years it must also be recorded if the patient is unaccompanied.

Medications

1. Acute and repeat prescriptions must be recorded on the computer, even if hand-written, for example at the patient’s home and whether the items have been prescribed by a GP principal, locum, or nurse.

1. All prescriptions must be linked to the associated problem title.

1. Drug allergies must be coded into the appropriate section of the medical record, using the add allergy function in EMIS Web.

Path Lab Links

1. Laboratory test results are received daily and are transferred into the patient’s medical record.

1. The links team must allocate path links information to the correct practitioner and ensure that it is correctly re-directed if the practitioner is absent (e.g. on annual leave).

1. Practitioners must go through their links information on a regular basis at least daily, and annotate as appropriate. Actions must be recorded from the picking list and full details provided in tasks sent.

1. The links team must ensure that patients are notified of test results if advised by the GP and that follow-up is acted upon, e.g. contact the patient to inform them to collect a prescription or to make an appointment in line with the confidentiality policy.

Hospital/unscheduled care and scanned documents

1. Hospital clinic letters must be processed as quickly as possible, especially those requiring follow-up action such as a prescription, using the workflow protocol.

Clinical Summaries

1. Most patient records now arrive by GP2GP and contain a summary. For records received without GP2GP a brief summary must be requested and summary details coded. Lloyd George records must be summarised for these patients as soon as possible after receipt by the practice in line with the Network summarising protocol.

• Summaries must be kept up to date by ensuring that new diagnoses, investigations, operations and procedures etc are coded on using agreed codes and location within the record (active/past problem, health admin, significant/minor).

Other Patient Information

• Relevant personal information should be recorded appropriately to alert practitioners to their special needs. Examples include:

• On child at risk register
• History of violent/aggressive behaviour
• Terminally ill
• Is a carer or has a carer
• Housebound
• Disabilities (blind, deaf, wheelchair-bound, etc)
• Special communication needs (large print, braille, easy read, etc)

• Complaints made by the patient should not be entered onto the medical record. This information should be held separately.

• GMS1 forms should not be scanned on. These should be retained for three years then confidentially destroyed.

• New patient health check forms can be shredded once the information has been inputted.

• Requests for medical information, such as copies of records, PMA reports etc, should be recorded under Medical Report Requested in Health Administration, so that progress can be tracked as necessary.

Changes in Circumstances

• Change of name, address or telephone number must be processed as quickly as possible using the current protocol. The practice will, from time to time, send Data Quality forms to patients, in order to update personal information.

• Health visitors should be informed of detail changes for patients aged under five years.

• Details of patients who have died must be processed using the Deaths protocol.

Destruction of medical records

• Letters and reports that are scanned onto the computer must be placed in the secure shredding bins for confidential disposal.

• DNACPR forms should not be shredded, but should be filed in the patient’s Lloyd George record.

• Duplicate expired and irrelevant data must be removed from Lloyd George records and confidentially destroyed in line with the Summarising protocol and in line with current NHS guidelines on the retention and destruction of medical records.

• Data should not usually be deleted from the computer medical record unless it is duplicated data.

NB – Patient-identifiable data should not be recorded in staff members’ personal diaries and notebooks, which might be taken home with the risk of accidental breach of confidentiality.

St Pauls Medical Centre
Dickson Road
Blackpool
FY1 2HH

Telephone: 01253 623896
Email: st.pauls.medicalcentre@nhs.net

This is a Statement of Purpose for St Pauls Medical Centre which sets out the following information:

• The full name of the service provider and of any registered manager together with their business address, telephone number, and where available electronic mail addresses.
• The legal status of the service provider.
• Details of the locations at which the services provided for the purposes of the regulated activity carried on
• Our aims and objectives in carrying on the regulated activity.
• The kinds of services provided for the purpose of carrying on of the regulated activity.
• The range of service users’ needs, which those services are intended to meet.

Registered Manager:
Dr Colin Scott MB ChB, MRCGP

Partners:

Dr Leanne Rudnick MB ChB, MRCGP

Dr Robert Straker Bennett MB ChB, MRCGP

DR Lalitha Ganti MB BS

Dr Lubna Momin MB BS, MRCGP

Dr Sarah Cunliffe MBChB, MRCGP, DRCOG, PG Cert

Dr Shahzad Gul MB BS, MRCGP

St Pauls Medical Centre is a General Practice Partnership open to all patients living within our Practice boundary in Blackpool and the surrounding areas. We work in partnership with our patients and our Patient Participation Group to provide medical care for our patients. We are a General Medical Services (GMS) Practice offering Primary care services for the diagnosis and prevention of disease. We help patients to manage their health and prevent illness. Our GPs assess, diagnose, treat and manage illness. They carry out screening for some diseases and promote general health and wellbeing. Our GPs act as a patient’s advocate, supporting and representing a patient’s best interests to ensure they receive the best and most appropriate health and/or social care. Our GPs also provide the link to further health services and work closely with other healthcare colleagues. They may also arrange hospital admissions and referrals to other services and specialists and they link with secondary and community services about patient care, taking advice and sharing information where needed. They also collect and record important information from other healthcare professionals involved in the treatment of our patients.

Our GPs are also involved in the education and training of doctors, practice staff and other healthcare professionals.

Our Mission Statement:
‘We care for you we care about you’

Vision:
To work in partnership with our patients and staff to provide the best Primary Care services possible working within local and national governance, guidance and regulations.

Our Aims and Objectives:

• To provide high quality, safe, professional Primary Health Care General Practice services to our patients.
• To focus on prevention of disease by promoting health and wellbeing and offering care and advice to our patients.
• To work in partnership with our patients, their families and carers towards a positive experience and understanding, involving them in decision making about their treatment and care.
• To be a learning organisation that continually improves what we are able to offer patients.
• To treat patients as individuals and with the same respect we would want for ourselves or a member of our families, listening and supporting people to express their needs and wants and enabling people to maintain the maximum possible level of independence, choice and control
• To work in partnership with other agencies to tackle the causes of, as well as provide the treatment for ill health and where appropriate involve other professionals in the care of our patients.
• To encourage our patients to communicate with us by joining our Patient Participation Group, talking to us, participating in surveys, and feeding back and on the services that we offer
• To ensure all staff have the competency and motivation to deliver the required standards of care ensuring that all members of the team have the right skills and training to carry out their duties competently
• To take care of our staff offering them support to do their jobs and to protect them against abuse
• Have a zero tolerance of all forms of abuse.
• To provide our patients and staff with an environment which is safe and friendly
• To operate on a financially sound basis.

Our Services:

The GMS services provided by our GPs are defined under the Standard Personal Medical Services Contract. These services are mainly split into three groups:

• Essential
• Additional
• Enhanced

Essential services
We provide essential services for people who have health conditions from which they are expected to recover, chronic disease management and general management of terminally ill patients.

Our core services include:

• GP consultations
• Nurse Practitioner Consultations
• Paramedic consultations
• Asthma Clinics
• Chronic obstructive airways disease clinics
• Coronary heart disease clinics
• Diabetes clinics
• NHS Healthcheck clinics

Additional services

Our additional services include:

• Cervical cytology screening
• Child health surveillance
• Contraceptive services
• Maternity services
• Certain minor surgery procedures
• Vaccinations and immunisations
• INR Monitoring

Enhanced services

Our enhanced services include:

• Childhood vaccinations and immunisations
• Contraceptive coil fitting (IUD) and contraceptive implant fitting
• Diabetes Management
• Prostate Cancer Injection Therapy
• Extended minor surgery
• Flu immunisation

Other services

Our Practice also offers services including:

• Child health and development
• Dressing clinics
• ECGs (electrical heart trace)
• End of life care
• Epilepsy
• Lung testing (spirometry)
• Medication review
• Mental health
• Pregnancy testing and contraceptive advice
• Stop smoking support
• Travel advice
• Men’s and Women’s health
• LARC

Non-NHS Services
Our Practice also provides services which are non-NHS and are paid for by the patient. These services include:

• Insurance claims forms
• Non-NHS vaccinations
• Prescription for taking medication abroad
• Private sick notes
• Pre-employment and HGV medicals
• Vaccination certificates

Subject Access Requests- Following Implementation of GDPR (from 25 May 2018)

On 25 May 2018 the current UK Data Protection Act 1998 (DPA 1998) will be fully replaced by the General Data Protection Regulation (2016/679).

As with the DPA 1998, these new regulations give living individuals the right to request access to personal data held on them by the Trust. This is known as a Subject Access Request (SAR), the person who will hold data about is known as the Data Subject, in many cases this will be the patient, but could be a staff member, a contractor or contact.

Requests must be in writing, this includes, letter, e-mail or in person. The requester will be asked to complete a Subject Access Request form and provide appropriate identification both on submission of the form and the collection of the personal data.

Requesters must be either, the data subject OR have the written permission of the data subject OR have legal responsibility for managing the subject’s affairs in order to access personal information about that person. It is the requester’s responsibility to satisfy the Trust of their legal authority to act on behalf of the data subject.

We also must be satisfied of the identity of the requester before we can provide any personal information.

New Requirements for Subject Access

From 25 May 2018 some new requirements were introduced affecting the handling of subject access requests. These are listed below:

What do we need to provide to a requester?

As well as providing confirmation that their personal is being processed and providing a copy of this personal data that the data subject has asked for; (subject to any exemptions). Individuals will have the right to be provided with additional information which largely corresponds to the information to be provided in a privacy notice:

• Source of the data.
• Recipient, including details international transfers.
• Retention period for the data.
• How to amend inaccurate data.
• How to complain to the Information Commissioner’s Office (internal review will usually need to be satisfied first

Scope

This policy provides a process for the management of subject access requests (SARs) for personal information (for living individuals) under the Data Protection Act (DPA), the General Data Protection Regulations (GDPR) and (for deceased individuals) the Access to Health Records Act 1990.  It defines a process for achieving legislative requirements and ensuring effective and consistent management of such requests.

This policy does not cover requests for medical reports or for copies of medical records requested under the Access to Medical Reports Act 1998 (AMRAs) usually for insurance and claims purposes.

Under the DPA, subject to certain conditions, an individual is entitled to be:

• Told whether any personal data is being processed;
• Given a description of the personal data, the reasons it is being processed and whether it will be given to any other organisations or people; and
• Given a copy of the information comprising the data; and given details of the source of the data (where this is available)

Personal data held by the practice may be:

• Personnel/staff records relating to a member of staff present, past or prospective
• Health records consisting of information about the physical or mental health of an identifiable individual made by or on behalf of a health professional in connection with the care of that individual.

Access encompasses the following rights:

• To obtain a copy of the record in permanent form
• To have information provided in an intelligible format (and explained where necessary)

The DPA also gives subjects who now reside outside the UK the right to apply for access to their former UK health and employment records:

• Employees are legally entitled to request their personal records and may take them outside of the UK at their own discretion
• Original health records must not be given to people to take outside the UK.  A GP or community health professional may be prepared to provide the patient with a summary of treatment; alternatively the patient may make a request for access in the usual way.

Individuals’ rights regarding the sharing of their personal information are supported by the Care Record Guarantees, which set out high-level commitments for protecting and safeguarding service user information, particularly in regard to rights of access to their own information, how information will be shared (both within and outside the practice) and how decisions on sharing information will be made.

Who can make an Access Request?

This policy applies to any request by a patient or member of staff for access to their personal information held by the practice as a Subject Access Request.

This non-contractual policy applies to all staff employed by the partners at St Paul’s Medical Centre.  Failure to adhere to the standards outlined herein could lead to disciplinary action.

An application for access to personal data may be made by any of the following:

• An individual
• A person authorised by the individual in writing to make the application on their behalf e.g. solicitor, family member or carer
• A person appointed by a court to manage the affairs of an individual who is deemed incompetent
• Individuals who hold a health and welfare Lasting Power of Attorney

Where the individual has died, the patient’s personal representative (the executor of the deceased’s will; someone who has been appointed as an administrator of the estate by the courts; someone who has the written consent of the either of the above to be given access) and any person who may have a claim arising out of the patient’s death can make a subject access request to the practice.  Moreover where the deceased made a Subject Access Request prior to their death, this should continue to be actioned under GDPR.

Requests for copies of paper medical records of deceased patients that have been returned to PCSE and are no longer available to the practice can be made by a personal representative by contacting Primary Care Support England – 03330 142884.

Where a request is made by someone with no legal rights to access, they should be advised to contact a solicitor.

Police do not have an automatic right to access to patient’s medical or personal information unless they have a Court Order.  The information can be disclosed to support the prevention and detection of a serious crime, but this decision must be made by a GP partner or manager.

Serious crime includes murder, manslaughter, rape, treason, kidnapping, child abuse, other serious harm to an individual, security of the state or to public order, and crimes that involve substantial financial gain or loss.  Theft, fraud and damage to property are NOT usually sufficient cause to disclose confidential information.  Serious harm includes child abuse, neglect, assault, road traffic accident and spread of potentially life-threatening infectious disease.

This clause also relates to copies of CCTV footage from cameras within the building, which must not be supplied to the police except under the circumstances outlined above.  Footage from public areas such as the car park can be supplied to the police.

Parental responsibility for a child is defined in the Children’s Act 1989 as ‘all the rights, duties, powers, responsibilities and authority, which by law a parent of a child has in relation to a child and his property’.  Responsibilities would include safeguarding and promoting a child’s health, development and welfare, including if relevant their employment records.  Included in the parental rights which would fulfil the parental responsibilities above are:

• Having the child live with the person with responsibility or having a say in where the child lives
• If the child is not living with him/her, have a personal relationship and regular contact with the child
• Controlling, guiding and directing the child’s upbringing

Foster parents are not ordinarily awarded parental responsibility for a child.  It is more likely that this rests with the child’s social worker and appropriate evidence of identity should be sought in the usual way.

The law regards young people aged 16 or 17 to be adults for the purposes of consent to employment or treatment and the right to confidentiality.  Therefore if a 16-year-old wishes their information to be kept confidential, this wish must be respected.

Children aged under 16 who have the capacity and understanding to take decisions about their own treatment are also entitled to decide whether personal information may be passed on and generally to have their confidence respected.  Where a child is considered capable of making decisions about medical treatment, their consent must be sought before a person with parental responsibility may be given access.  Consent will usually be required from any child aged 13+ before information can be disclosed to a parent, guardian or third party.

Where in the view of the appropriate professional the child is not capable of understanding the nature of the application, the holder of the record is entitled to deny access if it is not felt to be in the patient’s best interests.

The identity and consent of the applicant must always be established.

The applicant does not have to give a reason for applying for access.

The practice is a Data Controller and can only provide information held by the organisation.  Other data controllers must be applied to directly; the practice will not transfer requests from one organisation to another.

Application

Patients wishing to exercise their right of access should inform a member of staff personally, by telephone, by email, by post, or (preferably) by completing the Access to Health Records Request form.

Where the Access to Health Records Request form has not been used, the information required on the form will need to be elicited from the patient and filled in by the member of staff.

Current, past or prospective employees should inform Julie Holford, Practice Manager using the relevant Subject Access Request form.

The practice as ‘data controller’ is responsible for ascertaining the purpose of the request and the manner in which the information is supplied.

A simple request by a patient for either vaccination history or a list of current medications can be processed by any member of the team.  Full details of the request and the stages of processing need to be completed on the request form and the information checked by a second person before being handed to the patient.  The usual ID and eligibility checks must be made.  If the patient is not collecting there and then, place the request form with the prepared information in the concertina file and make sure the collection details are noted on the form when the patient collects.  The form can then be put in the hospital letters tray.

All other patient requests must be passed to Sheila Kirkham (put in her tray).  Requests from current or former staff must be passed to Julie Holford.

Fees and response time

The practice must provide information free of charge unless it is manifestly unfounded, excessive, can easily be obtained through Patient Access or is repetitive (i.e. has been provided before).

The fee must be based on the administrative cost of providing the information only.

The request must be complied with without delay and within 28 days of receipt of the request.  We can extend the period for a further 2 months where requests are complex or numerous, however we must inform the individual of any delay within 28 days, along with an explanation.

The release stages

Consent/eligibility for the request must be checked before preparing the information.  Particular care must be taken when the request is from a third party or in respect of a child.  Informed consent must be sought for any patient aged 13 or more unless the patient lacks capacity under the Mental Health Act or is not deemed to be competent to make the decision if aged under 16, in which case a ‘best interests’ decision will need to be made.

A reason for denying or restricting access does not need to be given but the applicant should be directed through the appropriate complaint channels.

Further guidance must be sought if the request is vague, to avoid disclosing information that is not relevant or not required by the requester.

The record must be collated, redacted where applicable and signed off by a GP partner or manager before being prepared for release.  On no account may the original record be released.

Where possible iGPR will be used to produce and collate the information available on EMIS and Docman.  Lloyd George records must be pruned of expired information in line with defined retention periods (see Summarising Policy) before being photocopied.

Where information is not readily intelligible an explanation e.g. of abbreviations or terminology must be given

The format of the released information must comply with the requester’s wishes wherever possible. If no specific format is requested, we can provide the information in the same manner as the original request e.g. by email (preferred format).

Information can be emailed using the st.pauls.medicalcentre.nhs.uk email address provided it is encrypted.  First email instructions on how to open encrypted information to the requester, then send the relevant documents by secure email by putting [secure] as the title.

Where the information is provided in paper form, this must be collected from the surgery by the individual or his/her representative provided we have been notified by the requester in advance of who the representative is.  In either case proof of identity will need to be shown before the records can released.

Ensure that the date the information is emailed or collected has been completed on the request form before sending this for scanning.

If it is agreed that the subject or their representative may directly inspect the record, a health professional must supervise the access (manager for employee requests).  The supervisor must not comment or advise on the content of a medical record if they are not a healthcare professional.

Exemptions

Access may be denied or restricted where:

• The record contains information which relates to or identifies a third party that is not a care professional and has not consented to the disclosure.
• Access to all or part of the record will prejudice the carrying out of social work because serious harm to the physical or mental well-being of the individual or any other person is likely.
• Access to all or part of the record will seriously harm the physical or mental well-being of the individual or any other person
• If an assessment identifies that to comply with a Subject Access Request would involve disproportionate effort under section 8(2)(a) of the Data Protection Act

Where possible the individual should be provided with that part of the record that does not form one of the above restrictions.

There is no requirement to disclose to the applicant the fact that certain information may have been withheld.

Where the information is to be withheld on the basis of disproportionate effort, the practice will engage with the applicant, having an open conversation about the information they require.  It may be appropriate to have the applicant view the records in practice and select the elements that they require a copy of.

Complaints and appeals

The applicant has the right to appeal against a practice decision to refuse access to their information.  This appeal should be made to Tracey Swift, Patient Services Lead (patients) or Anne Bagot-Moore (staff).

If an applicant is unhappy with the outcome of their access request, the usual complaints (patients) or grievance (staff) procedure should be applied.

Monitoring and review

The Caldicott Lead (Dr C W Scott) has executive responsibility for Subject Access Requests.

All staff will receive training on how to recognise and manage a Subject Access Request.

The Practice Business Manager monitors all Subject Access Requests to ensure the correct process has been followed and monitors and appeals/complaints relating to Subject Access Requests.

Equality impact

In applying this policy the practice will have due regard for the need to eliminate unlawful discrimination, promote equality of opportunity and provide for good relations between people of diverse groups, in particular on the grounds of the characteristics protected by the Equality Act 2010 (see Equal Opportunities Policy) in addition to offending background, trade union membership or any other personal characteristic.

Record-keeping

Where an Access to Health Records Request has been completed in respect of a patient, the completed request form must be placed in the hospital letters drawer for scanning/attaching to the medical record as a problem heading under Health Administration using one of the following read codes:

• 8MA (SNOMED 647551000000110) – Patient requests copy of medical record (free text in if patient representative)
• 9ER8 (SNOMED 2159182015) – Patient record requested by solicitor
• 9l8 (SNOMED 2129781000000118) – Copy of clinical record requested by insurance company

The date the information has been supplied must also be recorded using the appropriate code:

• 9lA (SNOMED 2129861000000118) – Copy of clinical record given to patient (if collected from surgery)
• 9lB (SNOMED 2129901000000113) – Copy of clinical record sent to patient (if emailed)
• 9lC (SNOMED 2129941000000111) – Copy of clinical record sent to solicitor
• 9l9 (SNOMED 2129821000000114) – Copy of clinical record sent to insurance company

The scanned form must then be returned to a member of the Administration Team for filing in the SARS folder.

Details of requests from staff and dates of information supplied will be recorded securely in the employment record for current and previous staff and in the recruitment folder for prospective employees and will therefore be held until those records are destroyed.

How we use your medical records

• This practice handles medical records according to the laws on data protection and confidentiality.

• We share medical records with health professionals who are involved in providing you with care and treatment. This is on a need to know basis and event by event.

• Some of your data is automatically copied to the Shared Care Summary Record.

• We share some of your data with local out of hours, urgent care and emergency care services

• Data about you is used to manage national screening campaigns such as Flu, Cervical Cytology and Diabetes prevention.

• Data about you, usually de-identified, is used to manage the NHS and make payments.

• We share information when the law requires us to do, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable people.

• Your data is used to check the quality of care provided by the NHS.

• We may also share medical records for medical research

For more information ask at reception for copies of individual Service Privacy Notices.

Click here to view our latest Terms & Conditions