Menu Close

Privacy Policy

Privacy Policy

What is a privacy policy?

A Privacy policy is a statement by the Practice to patients, service users, visitors, carers, the public, and staff describing how we collect, use, retain and disclose patient’s personal information. It is sometimes also referred to as a Privacy Statement, Fair Processing Statement, or Privacy Notice. This privacy policy is part of our assurance to you that we process your personal information/data fairly and lawfully.

Why issue a privacy notice?

Lancashire GP Private Medical Practice acknowledges the importance of protecting personal and confidential information and does all it can to meet its legal and regulatory duties. In this policy, we hope to demonstrate our commitment to our values and remain transparent and open.

This policy also explains what rights you have to control how we use your information.

What are we governed by?

The key pieces of legislation/guidance we are governed by are:

Data Protection Act 1998

Human Rights Act 1998 (Article 8)

Access to Health Records Act 1990

Freedom of Information Act 2000

Health and Social Care Act 2012, 2015

Public Records Act 1958

Copyright Design and Patents Act 1988

The Re-Use of Public Sector Information Regulations 2015

The Environmental Information Regulations 2004

Computer Misuse Act 1990

The Common Law Duty of Confidentiality

The Care Record Guarantee for England

The Social Care Record Guarantee for England

International Organisation for Standardisation (ISO) – Information Security Management

Standards (ISMS)

Information Security Management – NHS Code of Practice

Records Management – Code of Practice for Health and Social Care 2016

Accessible Information Standards (AIS)

General Data Protection Regulations (GDPR) – post 25th May 2018

Who are we governed by?

Department of Health –

Information Commissioner’s Office –

Care Quality Commission –

Our, doctors, nurses, healthcare professionals, and registered support staff are also regulated and governed by professional bodies.

Why and how we collect information

We may ask for or hold personal confidential information about you which enables us to deliver appropriate, high-quality care and treatment. 

Records we may keep are:

  • Basic details, such as name, address, date of birth, next of kin.
  • Contact we have had, such as appointments and home visits.
  • Details and records of treatment and care, including notes and reports about your health
  • Results of x-rays, blood tests, etc.
  • Information from people who care for you and know you well, such as health professionals and relatives.

It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies, or health conditions.

Why do we need this information?

In order for us to deliver appropriate treatment and care plans, it is important for us to have a complete picture. This information assists staff involved in your care to deliver the very best treatment and service.

How we use information
  • To ensure that your treatment is safe and effective.
  • To ensure that we make the best-informed decisions about your care.
  • To support the health of the general public.
  • To be able to work in line with other organisations who may also be handling your care.
  • To be able to reflect on our care and treatment of patients and allow us to inform our care going forwards
  • For research and audit
  • To inform our staff training.
  • To provide statistics and evidence on our performance.
  • To monitor how we spend public money.
It helps you because;
  • By ensuring we have the most up to date and accurate information, we are best able to help our patients and meet their care needs.
  • By recording this information, we are able to inform other organisations or the NHS in your ongoing treatment.
  • Where possible, we use anonymous information when informing our future planning or training.
Safe storage of your information.

Information is kept in secure electronic and paper records and access is restricted.

In order to protect patient confidentiality, we keep all information securely.

The Data Protection Act 1998 / GDPR rules regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. Lancashire GP Private Medical Practice is the data controller and is registered with the Information Commissioners Office (ICO)

We hold your information in strict confidence. Technology allows us to limit access and maintain security.

How do we keep the information confidential?

Everyone working for the Practice is subject to the Common Law Duty of Confidentiality and the Data Protection Act 1998 / GDPR. Information provided in confidence will only be used for the purposes to which you consent to unless there are other circumstances covered by the law.

Under the NHS Confidentiality Code of Conduct, all staff are required to protect the information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.

All Practice staff are required to undertake annual training in data protection, confidentiality, IT/awareness, with additional training for specialists, such as healthcare records, data protection officers, and IT staff.

Who will the information be shared with?

On occasions, it might be necessary to share your information with other organisations, in order to provide you with the best care. We may share your information with a range of Health and Social Care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.

Third-party websites

This website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites. Ensure you review their privacy policy before sending them any personal data.

Sharing with non-NHS organisations

On occasion, we may also need to share information from your records with non-NHS organisations, from which you are also receiving care. These organisations may include such bodies as social services or private healthcare organisations.

We do not disclose any health information to third parties without your consent. The only occasions where this might be necessary without your consent is in cases of a risk to the health and safety of others, or where the law requires us to disclose it.

Where patient information is shared with other non-NHS organisations, an information-sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.

Sometimes, we may also be asked to share basic information about you, such as your name and parts of your address. Such information does not include sensitive information from your health records. Generally, we would only do this to assist them to carry out their statutory duties (such as usages of healthcare services, public health, or national audits). In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Privacy Policy, under the Data Protection Act.

Non-NHS organisations may include, but are not restricted to social services, education services, local authorities, the police, voluntary sector providers, and private sector providers.

You’re right to withdraw consent for us to share your personal information

You have the right to refuse/withdraw consent to information sharing at any time. Should you request this, we will fully explain the possible consequences to you, which could include delays or disruption in you receiving care.

Contacting us about your information

Each organisation has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Caldicott Guardian.

If you have any questions or concerns related to the information we hold on you, please contact the Practice Manager, Mrs. G. Powers.

You can contact Lancashire GP Private Medical Practice’s Caldicott Guardian via the Practice Manager or using the Contact Us section of the practice website, or by calling us Tel: 01995 238081

Can I access my information?

Under the Data Protection Act 1998 (GDPR) a person may request access to information (with some exemptions) that is held about them by an organisation

Receipt of such information will be subject to:

  • Photographic evidence of your identity and letter stating your current address.

Contacting us if you have a complaint or concern

We endeavour to always handle your private information with the utmost security and privacy. In order to maintain a high level of care and service, we ask patients to refer any concerns to us.

You can submit a complaint through our Practices Complaints Procedure here, or you can write to:

The Practice Manager

14 High Street




Tel: 01995 238081