You have the right to expect that information about you will be held in confidence. You also have the right to have access to the medical records held about you. Please see our privacy notice, which details how and why your personal data / information is held, used and where appropriate shared.
Fairwater Health Centre aims to ensure that we provide a high standard of medical
care. To enable this, we keep records about you, your health and the care we
provide or plan to provide to you.
This statement is a requirement of the General Data Protection Regulation. The
purpose is to tell you want data we hold about you, why we hold it, how the data is
processed and in some circumstances shared. It also covers your rights as a person
we hold data about, how long your data is held for and the contact details of the
person responsible for controlling the data at the surgery.
This privacy notice is not intended to provide exhaustive details of all aspects of the
collection and use of personal data by the Health Centre. However, we are happy to
provide any additional information or explanation.
What information do we collect and use?
The Health Centre collects, holds and processes personal information about patients
and their carers / legal guardians. Personal data is defined as any information
relating to a person who can be directly or indirectly identified from the data.
The following types of information is collected from you or about you from a third
party in relation to the delivery of care:
Details about you; i.e. your address, legal representative, emergency contact details
Any contact the surgery has had with you; i.e. appointments, clinic visits,
Notes and reports about your health
Details about your treatment and care
Results of investigations such as laboratory tests, x-rays etc
Relevant information from other health professionals, relatives or those who
care for you
Your healthcare records contain information about your health and any treatment or
care you have received previously. These records maybe electronic, a paper record
or a mixture of both. We use a combination of technologies and working practices to
ensure we keep your information secure and confidential.
It is important that the personal data we hold about you is accurate and current.
Please keep us informed if your personal data changes during your relationship with
Your records will be retained in accordance with the NHS Code of Practice for
Personal data must be:
Processed fairly, lawfully and transparently
Collected for a specified, explicit and legitimate purpose
Adequate, relevant and necessary
Accurate and up to date
Only kept for as long as necessary and then securely destroyed
Why we collect and hold your information, and how we use it
The Health Centre is the data controller for this data and therefore, is responsible for
your personal data. We use and process this information for activities relating to
direct patient care. Under the GDPR, the legal basis for holding and processing this
For the necessary performance of a task carried out in the public interest or in
the exercise of official authority
For the purpose of preventative medicine, medical diagnosis, and the
prevision of health care and treatment.
We hold your personal primary care healthcare records and personal information,
relating to your health care records. The NHS (Wales) Act 2006 and the Social
Services and Well-being (Wales) Act 2014 gives GP Surgeries statutory functions to
promote and provide health services in Wales, improve quality of services, reduce
inequalities, conduct research, review performance of services and deliver education
and training. To do this we need to process your information in accordance with
current data protection legislation.
The information is used to:
Provide a basis for all health decisions made by care professionals with and
Make sure your care is safe and effective
Work effectively with others providing you with care
Send you text notifications to you about appointment reminders, flu clinics,
health promotion information, cancellation of clinics and changes in service
provision. (You can opt out of the text notification service at any time by
phoning the Health Centre on 029 2056 6291).
We may also use, or share, your information for the following purposes:
Looking after the health of the general public
Making sure that our services can meet patient needs in the future
Auditing – Using patient health information to review and improve the quality of
healthcare within the Health Centre and NHS Wales as a whole
Patient identifiable information is only used within the practice. (Patients have
the right to request that their health information is not included in audits);
Preparing statistics on NHS performance and activity (steps will be taken to
ensure you cannot be identified individually)
Investigating concerns, complaints or legal claims
Training and educating staff
We will only use your personal data for the purposes for which we collected it, unless
we reasonably consider that we need to use it for another reason and that reason is
compatible with the original purpose. If you wish to get an explanation as to how the
processing for the new purpose is compatible with the original purpose, please
If we need to use your personal data for an unrelated purpose, we will notify you and
we will explain the legal basis which allows us to do so.
Automated decision making and risk prediction
Risk prediction data tools are increasingly used in the NHS to help determine a
person’s risk of suffering a particular condition, preventing an unplanned or
(re)admission and identifying a need for preventive information. Information about
you is collected from a number of sources including the Health Centre. Risk
prediction enables your GP to focus on preventing ill health and not just the
treatment of illness. If necessary, your GP may be able to offer additional services.
My Health Online and online ordering of repeat prescriptions
This service allows you to book and cancel routine GP appointment (where the
Health Centre makes appointments available), check your repeat medication, order
repeat prescriptions and make changes to your email and mobile contact number
where appropriate. You will need to register at reception to use this service and can
de-register at any time.
Repeat prescriptions can also be ordered via the prescriptions page of our website,
which is encoded in secure htlm. The website is provided by a third party supplier,
who we have a confidentiality agreement with.
Direct patient mailing
We use a printing company to produce and send letters to our patients. Letters sent
to patients via this method will usually be were a large volume of letter needs to be
sent in one go, for instance invitations for vaccination appointments. Data for letters
is sent via an encrypted website to set up the letters and the mailing list. The
Company produces prints and despatch the letter via Royal Mail. The data is then
held for 28 days to take into account any mail turned to sender and then deleted.
For more information please go to:
The Health Centre may conduct Medicines Management Reviews of medications
prescribed to its patients. This review is to ensure patients receive the most
appropriate, up to date and cost effective treatments. This service is provided by our
clinicians, our employed Pharmacist and Pharmacists provided by Cardiff and Vale
University Local Health Board.
The Health Centre operates a clinical computer system provided by EMIS on which
Health Centre and NHS staff record information securely. This information can be
shared with other Clinicians so everyone caring for you is fully informed about your
relevant medical history.
To provide around the clock, safe care, unless you have asked us not to, we will
make information available to trusted organisations. Wherever possible, their staff
will ask your consent before information is viewed.
We consider patient consent as being the key factor in dealing with your health
How we keep your information confidential and secure
We are committed to protecting your privacy and will only use information collected
lawfully in accordance with the Data Protection Act 1998, Article 8 of the Human
Rights Act, the common law of confidentiality, GDPR and the NHS Codes of
Confidentiality and Security. Everyone working in, or for the NHS must use personal
information in a secure and confidential way.
We will only ever use or pass on your information if there is a genuine need to do so.
We will not disclose information about you to third parties without your permission
unless there are exceptional circumstances, such as when the law requires.
To protect your confidentiality, we will not normally disclose any medical information
about you over the telephone or by fax; unless we are sure that we are talking to
you. This means we will not disclose information to your family, friends, or
colleagues about any medical matters; unless we know you have given your consent
to do so.
Anyone who receives information from us is also under a legal duty to keep it
confidential and secure
All persons working in the Health Centre sign a confidentiality agreement, which
explicitly makes clear their duties in relation to personal health information and the
consequences of breaching that duty.
Please be aware that non-clinical Practice staff will access your information in order
to perform tasks enabling the functioning of the Practice. These include:
Typing referral letters to Hospital Consultants or allied Health Professionals
Opening letters from hospitals and Consultants
Scanning clinical letters, radiology reports and any other documents not
available in electronic format
Photocopying or printing documents for referral to Consultants
Handling, printing, photocopying and postage of medico legal and life
assurance reports and other associated documents
Sharing your data
Your data maybe shared with other NHS and social care organisations as part of
your treatment or were deemed in your best interest or the best interests of a person
who you are the parent, guardian or carer of.
Some of the organisations we regularly share data with are:
NHS Wales (Local Health Boards, Trusts and hospitals, Out of Hours,
Relevant GP Practices
Dentists, Opticians and Pharmacies
Private Sector Providers (private hospitals, care homes, hospices, contractors
providing services to the NHS)
Voluntary Sector Providers who are directly involved in your care
Other NHS services
Where necessary, your consent will be sort to share your data with social care
agencies or other non-NHS or social care agencies (Police, Fire, Social Care
Services, Education services). All information is shared with these above agencies
following strict sharing protocols.
We may also receive information from the above agencies, to ensure your medical
records are kept up to date and enable the GP to provide appropriate care.
Welsh GP record (Individual Health Record)
This is an electronic summary of the health records held by us as your GP, which is
shared securely with other people who provide care for you when the surgery is
closed, such as out of hours doctors. This is because these care providers do not
have direct access to our GP medical record system. This shared record allow the
doctors and other care professional to see what medical issues and medicines you
have been having recently without having to ask you to repeat the information.
The following is contained in the summary:
Name, address and contact details
Current medication and medication prescribed in the last 2 years
Allergies or reactions you suffer from
Current medical problems and diagnosis
Results of tests you have had in the last year
Only the following will have access to your information via the Welsh GP record:
Doctors and nurses directly involved in your care
Doctors and nurses working for the out of hours service directly involved in
Hospital pharmacists and pharmacy technicians directly involved in your care
The record is only available to NHS staff in Wales.
You can refuse to allow someone to look at this information and you should be asked
everyone you are seen by one of the groups above. If you don’t want your medical
information to be shared at all, let us know and we can opt you out of the scheme. If
you are the parent or guardian of a child under 16 and you don’t want your child’s
information shared in this way, please discuss this with us. For further information
Other organisations who might ask to access your information
Your medical records maybe occasionally shared with organisations such as
insurers and solicitors for the purpose of producing medical reports, processing
claims or assisting in cases you are a participant in. In these instances, we will only
share your records when we receive authorisation and consent from yourself.
Solicitors often ask for medical reports. We will require your signed consent
for us to disclose information. We will not normally release details about other
people that are contained in your records (e.g. wife, children parents etc.)
unless we also have their consent. The information requested should be
limited to the information directly relating to the issues it is requested for.
Solicitors should not be requesting your entire medical records, unless there
is a good reason to do so. These requests should be made under the rules
governed by the Access to Medical Records Act and a fee is chargeable.
Social Services – The Benefits Agency and others may require medical
reports on you from time to time. We will need your signed consent to provide
information to them.
Life assurance and insurance Companies / employers / occupational
Health Doctors frequently ask for medical reports on individuals. These must
always be accompanied by your signed consent form. These requests should
be made under the rules governed by the Access to Medical Records Act and
a fee is chargeable. The information requested should be limited to the
information directly relating to the issues it is requested for. The organisation
making the request should not be requesting your entire medical records,
unless there is a good reason to do so.
We will only disclose the relevant medical information as per your consent. You have
the right, should you request it, to see reports prepared for Insurance Companies,
employers or occupational Health doctors before they are sent.
Sharing Your Information without Consent
We will normally ask you for your consent, but there are times when we may be
required by law to share your information without your consent, for example:
Where there is a serious risk of harm or abuse to you or other people
Where a serious crime, such as assault, is being investigated by the police or
where it could be prevented
Where we encounter infectious diseases that may endanger the safety of
others, such as meningitis or measles (but not sensitive information i.e
Where a sealed court order has been issued, the court can insist we disclose
the medical records we hold about you.
Where there is a legal requirement, e.g. you had committed a Road Traffic
The Health Centre is committed to ensuring that your privacy is protected. If we ask
you to provide information by which you can be identified when using our website, be
assured that it will only be used in accordance with this privacy statement.
You have the right to access your own personal data held by the Health Centre (right
of subject access). The data can be viewed on request and copies of the data will
be provide free of charge within 1 calendar month of receiving the request unless the
data held is complex in nature. You will need to provide adequate information to
enable us to identify you before providing the information.
You also have the right to have inaccurate or incomplete data corrected, but we
cannot delete data from your health records. In addition, you have the right to object
to the way your data is being used.
You have the right to restrict the way in which and purpose for which your data is
processed. You can choose to restrict the collection or use of your personal
information in the following ways:
Information you supply using any electronic form(s) on the Health Centre
website will only be used for the purpose(s) stated on the form.
If forms provided by someone other than the Health Centre, look for the tick
box that indicate you do not want the information to be used for direct
The Health Centre will retain your data until you register with another GP surgery
when it will be send to the new GP surgery, or until your death when it will
transferred to NHS Wales Shared Services Partnership for destruction in line with
their retention rules. Some electronic data will be retained on our computerised
clinical management system, but this will only be accessed in line with the legal
reasons for processing data as stated above.
Contacts, concerns and complaints
If you wish to raise any issues or exercise your legal rights in relation to the data held
by the Health Centre about you, please contact the Practice Manger Alistair Brook:
Fairwater Health Centre
T: 029 2056 6291
E: [email protected]
Or use the feedback form on this website (www.fairwaterhealthcentre.co.uk).
The Practice uses the Wales data protection officer service provided by the NHS
Wales IT Service. Their contact details are:
You have the right to raise issues with the Information Commissioners Office about
the control and processing of your personal data. The ICO for Wales contact details
Information Commissioner’s Office – Wales
2nd Floor, Churchill House
T: 029 2067 8400
E: [email protected]
This privacy notice will be reviewed in December 2021