Replaces. Data Protection Directive. Current legislation. The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU.
Your information, privacy and the Law. How we, Dr Drew & Partners, use your medical records
The use and sharing of personal information forms an essential part of the provision of health and care, benefiting individual patients, often necessary for the effective functioning of health and social services and sometimes necessary in the public interest. Nevertheless your doctor has a strong legal and ethical duty to protect patient information and all information you share with your doctor is kept confidential.
- This practice is committed to observing the laws on data protection and confidentiality concerning your medical record and all uses and sharing of your information.
- We share information about you with health professionals who are involved in providing you with care and treatment. This is on a need to know basis and, normally, event by event.
- Some of your health information (including your name, address, allergies and medications) is automatically copied to the Northern Ireland Electronic Care Record.
- Some information about you is shared with national screening campaigns such as Flu and Diabetes eye screening.
- Information about you in non-identifiable form is used to manage the NHS and make payments.
- Information about you in non-identifiable form is used to check the quality of care provided by the NHS.
- Information about you in non-identifiable form may be used for medical research. Where identifiable information may be required we will first seek you consent.
- We will share information when the law requires us to do, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable people.
* “Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as 'judge-made' or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent.
The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider's consent.
In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.
Three circumstances making disclosure of confidential information lawful are:
where the individual to whom the information relates has consented;
where disclosure is in the public interest; and
where there is a legal duty to do so, for example a court order.
Subject Access Request Form