Privacy Notice

< Back to policies & procedures

Our policy

We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way. We review our procedures regularly.

Please read this privacy notice (‘Privacy Notice’) carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.

 

Why are we providing this privacy notice

We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store and hold about you. If you are unclear about how we process or use your personal and healthcare information, or you have any questions about this Privacy Notice or any other issue regarding your personal and healthcare information, then please do contact our Data Protection Officer (details below).

The Law says:

  1. We must let you know why we collect personal and healthcare information about you;
  2. We must let you know how we use any personal and/or healthcare information we hold on you;
  3. We need to inform you in respect of what we do with it;
  4. We need to tell you about who we share it with or pass it on to and why; and
  5. We need to let you know how long we can keep it for.
 

If you have any questions about our privacy policy or how we manage information

  • If you have any questions about how your information is being held;
  • If you require access to your information or if you wish to make a change to your information;
  • If you wish to make a complaint about anything to do with the personal and healthcare information we hold about you;
  • If you wish to make a Subject Access Request;
  • Or any other query relating to this Policy and your rights as a patient.…

Please contact us

 

About us

We are Southampton Sea City Partnership and are responsible for the delivery of primary care services from St Marys Surgery, Victor Street Surgery, Mulberry Surgery and Telephone House surgery. We also deliver healthcare services to people in their own homes.

We are the Data Controller of your information. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient.
There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.

The following people at Southampton Sea City Partnership have important roles in ensuring information about you is used appropriately and kept safe, and that we ensure that we comply with relevant legal standards: 

Dr Dan Tongue is our Caldicott Guardian

Dan is a GP partner at the practice. As Caldicott Guardian, Dan has a senior role within Southampton Sea City Partnership, responsible for overseeing the use and sharing of personal data. He ensures that data is used legally, ethically, and appropriately, while maintaining confidentiality. The role involves applying the eight Caldicott Principles (see the government's website for more information) and acting as the "conscience of the organization" to uphold trust and impartiality in data handling.

Phil Aubrey-Harris is our Senior Information Risk Owner (SIRO)

Phil is the managing partner at Southampton Sea City Partnership. As SIRO, Phil is responsible for overseeing the management of information risks within the our services. This involves taking day-to-day oversight of the systems and processes associated with the management of information.

Caroline Sims is our Data Protection Officer

Caroline is an expert on information management, good practice and relevant legislation and advises us on all matters concerning how we manage data carefully and ensure we comply with relevant data protection laws. 

 

Confidentiality

All members of the practice team are bound by a code of practice which includes keeping confidential any information about patients held within the practice or known by any member of the team.

It is a breach of contract for any member of staff to divulge any personal information about any other member of staff or patient. Any suggestion of this would lead to a disciplinary hearing and if proven, to a termination of employment.

Patient information is generally held under legal and ethical obligations of confidentiality. Information provided in confidence should not be used or disclosed in a form that might identify the patient without their consent.

Some information about patients is recorded on the practice computer system. This information may be discussed with other health care professionals or with local primary care organisation officers, as it is useful in confirming the standard of care offered to certain groups of patients. However, this information is anonymised and patients cannot be identified from it.

 

Information we collect from you

The information we collect from you will include:

  • Your contact details (such as your name and email address, including place of work and work contact details);
  • Details and contact numbers of your next of kin;
  • Your age range, gender, ethnicity, language, disability status, information we need to allow us to provide information in a more accessible format to you;
  • Details in relation to your medical history;
  • The reason for your accessing any of our services (e.g. a GP appointment);
  • Medical notes and details of diagnosis and consultations with our GPs and other health professionals involved in your direct healthcare.
 

Information about you from others

We also collect personal information about you when it is sent to us from the following:

  • a hospital, a consultant or any other medical or healthcare professional, or any other person involved with your general healthcare.
  • Insurance company –in respect of requests for medical information, with your prior approval
  • Police service – for example, if you are applying for a firearms license
  • Social Services
  • Solicitors – correspondence from them about you
  • Benefit Agency
  • Driving Vehicle Licensing Authority (DVLA)
  • Or any organisation who you give permission to ask for your medical information
 

Your summary care record

Your summary care record is an electronic record of your healthcare history (and other relevant personal information) held on a national healthcare records database provided and facilitated by NHS England.

This record may be shared with other healthcare professionals and additions to this record may also be made by relevant healthcare professionals and organisations involved in your direct healthcare.

You may have the right to demand that this record is not shared with anyone who is not involved in the provision of your direct healthcare. If you wish to enquire further as to your rights in respect of not sharing information on this record then please contact the us. 

To find out more about the Summary Care Record and the wider use of your personal information and to register your choice to opt out if you do not want your data to be used in this way, please visit the NHS England Digital website.

Note if you do choose to opt out, you can still consent to your data being used for specific purposes. However, if you are happy with this use of information you do not need to do anything. You may however change your choice at any time.

 

Who we may provide your personal information to, and why

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected to help ensure you get the best possible care and treatment. This information may be passed to other approved organisations where there is a legal basis, to help with planning services, improving care, research into developing new treatments and preventing illness. All of this helps in providing better care to you and your family and future generations. However, as explained in this privacy notice, confidential information about your health and care is only used in this way where allowed by law and would never be used for any other purpose without your clear and explicit consent.

We may pass your personal information on to the following people or organisations, because these organisations may require your information to assist them in the provision of your direct healthcare needs. It, therefore, may be important for them to be able to access your information in order to ensure they may properly deliver their services to you:

  • Providers of hospital services and their employed professionals (such as doctors, consultants, nurses, etc), Locally our main hospital provider is Universities Hospitals Southampton NHS Foundation Trust.
  • Other GP surgeries and GPs and other clinicians that work for them
  • Pharmacies and pharmacists.
  • Community Healthcare and Mental health services, including their nurses and other healthcare professionals (eg District Nurses & Midwives).  Locally our main provider of these services is Hampshire and Isle of Wight Healthcare NHS Foundation Trust
  • Dentist surgeries and dentists;
  • Any other organisations, their clinicians and support staff, involved in providing healthcare services for you.   
 

Other people who we provide your information to

  • NHS Commissioners – this describes organisations within the NHS that coordinate and oversee healthcare locally and nationally. Local health services are commissioned by Hampshire and Isle of Wight Integrated Commissioning Board (ICB). Our commissioners such as the ICB at times extract information from our clinical IT systems about our patient population that will involve some information from your health records. This is to help monitor and plan the delivery of healthcare locally and to improve services for our local communities. When this happens we don’t share any of your personal identifiable information (such as your name or address). Any information about you we pass to them via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify (it is pseudo-anonymised). This therefore protects you from anyone who may have access to this information at the ICB from ever identifying you as a result of seeing the medical information and we will never give them the information that would enable them to do this.
  • Local authorities, such as Southampton City Council 
  • Hampshire’s Care and Health Information Exchange (CHIE) – formerly Hampshire Health Record.  See note below.

The CHIE is an electronic summary record for people living in Hampshire, Portsmouth and Southampton. GP Surgeries, hospitals, social care and community care teams collect information about you and store it electronically on separate computer systems. The Care and Health Information Exchange stores summary information securely from these organisations in one place so that – with your consent – professionals can view it to deliver better care to you. This record contains more information than the Summary Care Record, but is only available to organisations in Hampshire.

  • For the purposes of complying with the law e.g. Police, Solicitors, Insurance Companies;
  • Anyone you have given your consent to, to view or receive your record, or part of your record  (for example a family member). Please note, if you give another person or organisation consent to access your record we will need to contact you to verify your consent before we release that record. It is important that you are clear and understand how much and what aspects of, your record you give consent to be disclosed.
  • Neighbourhood and extended primary care services - we work with other GP practices and providers of health services to provide neighbourhood and extended access services for our patients and other patients living across a wider area.  With these services, we ensure we have formal arrangements in place with the other practices and organisations to ensure that any necessary sharing of information is done only to support patient care and with consent.  Collaboration of services like this at a neighbourhood level is shown to deliver better care outcomes for patients.  It is important in these circumstances that we can share information about patients carefully to help better deliver more “joined up” care. 
 

Anonymised information

As above, sometimes we may provide information about you in an anonymised form – for example to support the monitoring and improvement of healthcare services. If we do so, then none of the information we provide to any other party will identify you as an individual and cannot be traced back to you.

 

Your rights as a patient

The Law gives you certain rights to your personal and healthcare information that we hold, as set out below:

Access and Subject Access Requests

You have the right to see what information we hold about you and to request a copy of this information.

If you would like a copy of the information we hold about you please contact us

We will usually provide this information free of charge however, we may in some limited and exceptional circumstances have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive.

In line with relevant legal regulations, we have one month to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing and it is made clear to us what and how much information you require.

Online Access

You may ask us if you wish to have online access to your medical record. However, there will be certain protocols that we have to follow in order to give you online access, including written consent and production of documents that prove your identity.

Please note that when we give you online access, the responsibility is yours to make sure that you keep your information safe and secure if you do not wish any third party to gain access.

Correction

We want to make sure that your personal information is accurate and up to date. You may ask us to correct any information you think is inaccurate. It is very important that you make sure you tell us if your contact details including your mobile phone number has changed.

Removal

You have the right to ask for your information to be removed however, if we require this information to assist us in providing you with appropriate medical services and diagnosis for your healthcare, then removal may not be possible. 

Objection

We cannot share your information with anyone else for a purpose that is not directly related to your health, e.g. medical research, educational purposes, etc. We would ask you for your consent in order to do this however, you have the right to request that your personal and healthcare information is not shared by us in this way. Please note the Anonymised Information section in this Privacy Notice.

Transfer

You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form), to another organisation, but we will require your clear consent to be able to do this.

 

Third parties mentioned on your medical records

Sometimes we record information about third parties mentioned by you to us during any consultation. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including yourself. Third parties can include: spouses, partners, and other family members.

 

How we use the information about you

We use your personal and healthcare information in the following ways:

  • when we need to speak to, or contact other doctors, consultants, nurses or any other medical/healthcare professional or organisation during the course of your diagnosis or treatment or on going healthcare;
  • when we are required by Law to hand over your information to any other organisation, such as the police, by court order, solicitors, or immigration enforcement.

We will never pass on your personal information to anyone else who does not need it, or has no right to it, unless you give us clear consent to do so.

 

Legal justification for collecting and using your information

The Law says we need a legal basis to handle your personal and healthcare information.

  • CONTRACT: We have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public.
  • CONSENT: Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs. Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us.
  • NECESSARY CARE: Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent
  • LAW: Sometimes the Law obliges us to provide your information to an organisation (see above).
 

Special categories

The Law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows: 

  • PUBLIC INTEREST: Where we may need to handle your personal information when it is considered to be in the public interest. For example, when there is an outbreak of a specific disease and we need to contact you for treatment, or we need to pass your information to relevant organisations to ensure you receive advice and/or treatment;
  • CONSENT: When you have given us consent;
  • VITAL INTEREST: If you are incapable of giving consent, and we have to use your information to protect your vital interests (e.g. if you have had an accident and you need emergency treatment);
  • DEFENDING A CLAIM: If we need your information to defend a legal claim against us by you, or by another party;
  • PROVIDING YOU WITH MEDICAL CARE: Where we need your information to provide you with medical and healthcare services
 

How long we keep your personal information

We carefully consider any personal information that we store about you, and we will not keep your information for longer than is necessary for the purposes as set out in this Privacy Notice

 

Under 16s

There is a separate privacy notice for patients under the age of 16. Please see our Easy Read Privacy Notice

If English is not your first language

If English is not your first language you can request a translation of this Privacy Notice. Please contact us and we will arrange this for you.

 

Complaints

If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal and/or healthcare information, then please contact us.

However, you have a right to raise any concern or complaint with the UK information regulator, via the Information Commissioner’s Office website.

 

Our website

The only website this Privacy Notice applies to is this, our Southampton Sea City Partnership Website.

If you use a link to any other website from this/our website then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.

 

Cookies

Our website uses cookies. For more information on which cookies we use and how we use them, please see our Cookies Policy

 

Security 

We take the security of your information very seriously and we do everything we can to ensure that your information is always protected and secure. We regularly update our processes and systems and we also ensure that our staff are properly trained. We also carry out assessments and audits of the information that we hold about you and make sure that if we provide any other services, we carry out proper assessments and security reviews.

 

Phones 

We have an integrated digital telephone system across all of our surgery sites. Our current provider of these services is X-on and the system is called Surgery Connect and is tailored for use in GP surgeries.  Our telephone systems record all in-bound and out-bound calls and this information is stored and accessible for 6 months in line with our data retention policies. We only access recordings of calls to support patient care, sometimes when we are investigating complaints or other incidents which involve potential harm to patients or staff. We would only ever share information with other relevant other organisations in connection with the safety and security of patients and staff and will not share with any other third parties without your specific consent.  

 

CCTV

Closed Circuit TV (CCTV)  systems are in place at all of our surgery sites and cover external areas and internal waiting areas and corridors. We do not have CCTV in our consulting rooms or toilets. These systems have been installed solely for the safety and security of our patients and staff; to prevent and deter crime. Images recorded on our CCTV systems are stored on secure computer hard-drives and only those authorised at the Practice and those delivering technical support services will have access to the systems. The CCTV records images and at some of our reception desks it also records audio. There are signs outside the Practice telling you that CCTV is in place. We will only ever share information with the relevant other organisations in connection with the safety and security of patients and staff and will not share with any other third parties without your specific consent. Information stored on our CCTV system is stored for a limited period in line with our data retention policies. 

 

Text messaging, email and contacting you

Because we are obliged to protect any confidential information we hold about you and we take this very seriously, it is imperative that you let us know immediately if you change any of your contact details.
We may contact you using SMS texting to your mobile phone in the event that we need to notify you about appointments and other services that we provide to you involving your direct care, therefore you must ensure that we have your up to date details. This is to ensure we are sure we are actually contacting you and not another person.

If you do not wish to be contacted by text or email please contact us to let us know.

 

Paper based medical records 

For some years now and going forward, all records are held electronically on our clinical IT systems.  For some patients, historical paper versions of medical records exist that document their health and care from years before IT based records were available. We handle all paper based versions of people’s records careful according to relevant best practice and relevant legislation. 

We have contracted with an organisation called Restore (who manage paper records for practice across the UK) to securely store our paper medical records in off-site storage facilities. This service will include the secure transportation of required records to and from our Practice. Restore meets CQC requirements for records storage security standards.

 

GP Connect

We use a facility called GP Connect to support your direct care. GP Connect makes patient information available to all appropriate clinicians when and where they need it, to support direct patients care, leading to improvements in both care and outcomes.

The NHS 111 service (and other services determined locally e.g. GP out-of-hours providers, will be able to book appointments for patients at GP practices and other local services.

GP Connect is not used for any purpose other than direct care.

Legal basis - 6.1.e - NHS Contract authority 9.2.h - delivery of direct health care

 

OpenSAFELY

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.

Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.

Visit the OpenSAFELY website for more information.

 

Appendix A 

We have in the above statement explained how we keep your information safe and also how we share information with other organisations that we partner with to deliver our services and other organisations involved in your care. 

The following list outlines some of the main organisations we share information with. 

University Hospitals Southampton NHS Foundation Trust

  • Why we share information: Because this organisation delivers NHS hospital based services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h c) In the public interest - GDPR 6 (1)e

Further information is available on the University Hospitals Southampton website

Hampshire Hospitals NHS Foundation Trust 

  • Why we share information: Because this organisation delivers NHS hospital based services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

Further information is available on the Hampshire Hospitals website

Portsmouth Hospitals University NHS Foundation Trust 

  • Why we share information: Because this organisation delivers NHS hospital based services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h c) In the public interest - GDPR 6 (1)e

Further information is available on the Portsmouth Hospitals University website

South Central Ambulance NHS Foundation Trust 

  • Why we share information: Because this organisation delivers NHS ambulance and 111 services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

Further information is available on the South Central Ambulance website

Practice Plus Group 

  • Why we share information: Because this organisation delivers NHS commissioned urgent care and hospital based services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h c) In the public interest - GDPR 6 (1)e

Further information is available on the Practice Plus Group website

PHL Group 

  • Why we share information: Because this organisation delivers NHS commissioned urgent care and other primary care services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2). b)The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

Further information is available on the PHL Group website

Southampton Primary Care Limited 

  • Why we share information: Because this organisation delivers NHS commissioned urgent care and other primary care services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

Further information is available on the Southampton Primary Care website

Hampshire and Isle of Wight Healthcare NHS Foundation Trust 

  • Why we share information: Because this organisation delivers NHS community, mental health and other specialist care services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs.   
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Hampshire and Isle Of Wight Healthcare website

Dorset Healthcare University NHS Foundation Trust 

  • Why we share information: Because this organisation delivers NHS mental health and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs    
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Dorset Healthcare University website

Livi

  • Why we share information: Because we work in partnership with this organisation to deliver some of our remote GP consultation services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Livi website

Pure Physio

  • Why we share information: Because we work in partnership with this organisation to deliver some of our direct access physiotherapy services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Pure Physio website

Other GP practices

  • Why we share information: Because we need to transfer your records and other information to and from other practices - if for example you changed your registration.  Also sometimes we work in partnership with other local practices to deliver services and it is essential that we are able to share information with them to ensure we can work together to meet your healthcare needs.  Also we give other GP practices access to your records to support urgent and necessary care. 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

Pharmacies

  • Why we share information: We share information with pharmacies to enable the dispensing of prescriptions.  Usually this is done electronically via a nationally operated system called Electronic Prescribing Service (EPS)
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Community Pharmacy website

Local Authority (usually Southampton City Council) 

  • Why we share information: We share information with the local authority in relation to a range of services - most notably social services and safeguarding services.   We share information with social services so that we can work together with them to meet your health and care needs.  We share information with safeguarding services in order to help keep children and vulnerable adults safe from harm.  
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) Sometimes we share information with safeguarding services because of public interest (i.e. to protect the safety and welfare of children and vulnerable people) - GDPR 6(1)e

​​​​​​​Further information is available on the Southampton City Council website

NHS Digital - Summary Care Record 

  • Why we share information: The NHS in England uses a national electronic record called the Summary Care Record (SCR) to support patient care. It contains key information from your GP record. Your SCR provides authorised healthcare staff with faster, secure access to essential information about you in an emergency or when you need 
    unplanned care, where such information would otherwise be unavailable
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the NHS Digital website

NHS South Central Commissioning Support Unit - Care and Health Information Exchange (CHIE) 

  • Why we share information: CHIE provides Healthcare Professionals with complete, accurate and up to date information in the Hampshire area. This information comes from a variety of sources including GP practices, community providers, acute hospitals and social care providers. CHIE is used by GP out of hours, acute hospital doctors, ambulance service, GPs and others on caring for patients – you may opt out of having your information shared on this system
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the NHS Hampshire and Isle of Wight website

NHS South Central Commissioning Support Unit - CHIA 

  • Why we share information: CHIA is a physically separate database related to CHIE which helps support the analysis of data relating to population healthcare trends to support the planning and delivery of healthcare. Information in CHIA does not include any personal identifiable information - such as names, dates of birth or addresses. 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): CHIA is a physically separate database related to CHIE which helps support the analysis of data relating to population healthcare trends to support the planning and delivery of healthcare. Information in CHIA does not include any personal identifiable information - such as names, dates of birth or addresses.

​​​​​​​Further information is available on the SCW website

Hampshire and Isle of Wight Integrated Commissioning Board 

  • Why we share information: Hampshire and Isle of Wight ICB extract information from our clinical systems to support the analysis of data relating to population healthcare trends to support the planning and delivery of healthcare. Information shared with the ICB does not include any personal identifiable information - such as names, dates of birth or addresses. 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) Non identifiable information only is shared. b) The provision of healthcare or treatment - GDPR 9(2)h. c) The data subject has given consent - GDPR 6 (1)a and 9 (2)h In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Hampshire and Isle of Wight ICB website

Quality Monitoring, concerns and serious incidents 

  • Why we share information: We need to ensure that the health services you receive are safe, effective and of excellent quality. Sometimes concerns are raised about the care provided or an incident has happened that we need to investigate. You may not have made a complaint to us directly but the health care professional looking after you may decide that we need to know in order to help make improvements.
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): The health care professional raising the concern or reporting the incident should make every attempt to talk to you about this and gain your consent to share information about you with us. Sometimes they can do this without telling us who you are. We have a statutory duty under the Health and Social Care Act 2012, Part 1, Section 26, in securing continuous improvement in the quality of services provided.

Learning Disability Register

  • Why we share information: If your child has a learning disability, it’s important they get the right help and support so they can live their best life. Organisations like the NHS are here to help. If your child is on the Learning Disability Register, they will be able to get extra health support from your Doctor (GP) Practice. This also includes an Annual Health Check from the age of 14 onwards
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): The National Registries (such as the Learning Disabilities Register) have statutory permission under Section 251 of the NHS Act 2006, to collect and hold service user identifiable information without the need to seek informed consent from each individual service user

​​​​​​​Further information is available on the NHS England website

Care Quality Commission (CQC)

  • Why we share information: CQC are our legal regulator - ensuring that our services meet expected standards of safety, care, responsiveness, effectiveness and good leadership
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): CQC has powers under the Health and Social Care Act 2008 to access and use information where they consider it is necessary to carry out their functions as a regulator. CQC relies on its legal powers to access information rather than consent, therefore may use its powers to access records even in  cases where objections have been raised.

​​​​​​​Further information is available on the CQC website

TPP

  • Why we share information: TPP are a clinical systems software provider and provide SystmOne, which is our main clinical (IT) system.  We use SystmOne to record all of your electronic healthcare records as well as for booking appointments and recording other communications within the practice.  This information is stored securely by TPP on their secure servers.   TPP have been commissioned by the NHS nationally and are a recognised approved provider to provide services for GP practices.
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the TPP website

X-on Surgery Connect 

  • Why we share information: X-on are a specialist GP practice telephony provider and provide us with out digital telephone systems.  Your communications with us by phone are handled by X-on and call recordings are stored securely by X-on on their secure servers.  X-on have been commissioned by the NHS nationally and are a recognised approved provider to provide services for GP practices
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the X-on website

Accurx 

  • Why we share information: Accurx are a specialist healthcare communication  provider and provide us with out digital telephone systems. Your communications with us by phone are handled by Accurx and call recordings are stored securely by Accurx on their secure servers. Accurx have been commissioned by the NHS nationally and are a recognised approved provider to provide services for GP practices
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Accurx website

Anima health

  • Why we share information: Anima are a specialist healthcare communication  provider and provide us with out digital access and triage systems.  Your online requests and other internal communications about your care are handled by Anima. This information is managed and stored by Anima on their secure servers.  Accurx have been commissioned by the NHS nationally and are a recognised approved provider to provide services for GP practices.
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Anima Health website

Joy

  • Why we share information: Joy are a provider of healthcare IT services - in particular to support Social Prescribing services.  The Joy App  is a cloud-based application, to improve the efficiency of our social prescribing, an initiative designed to improve the wellbeing and mental health of patients by connecting them to non-medical interventions such as exercise groups and activities. This information is managed and stored by Joy on their secure servers. 
  • Legal basis for sharing the information - including relevant references from the General Data Protection Regulations (GDPR): a) The provision of healthcare or treatment  - GDPR 9(2)h. b) The data subject has given consent - GDPR 6 (1)a and 9 (2)h. c) In the public interest - GDPR 6 (1)e

​​​​​​​Further information is available on the Joy website

Care Quality Commission
Rating: Good

St Marys Surgery
1 Johnson Street
Southampton
SO14 1LT

Telephone: 023 8033 3778

Telephone House Surgery
70-75 High Street
Southampton
SO14 2NW

Telephone: 023 8033 3778

Mulberry Surgery
7 St Denys Road
Southampton
SO17 2GN

Telephone: 023 8055 4161

Victor Street Surgery
Victor Street Shirley
Southampton
SO15 5SY

Telephone: 02380 706919

-->