We use cookies to make this site work. We'd also like to set optional cookies so we can understand how the site is used and improve it. We will not set optional cookies unless you accept them. You can change your choice at any time from the Cookie settings link in the footer.
Strictly necessary cookies
These cookies are required for the site to work. They store your cookie preferences and keep your session secure. They are exempt from consent under PECR Regulation 6(4) because they are essential to deliver the service you have requested.
Optional cookies
Optional cookies help us understand how the site is used and provide additional features such as analytics, accessibility tools and translation. We will only set them if you accept.
Elmham Surgery's use of Personal data.
This notice explains how we collect, use and look after your personal information when you are a patient at our practice.
It tells you what information we hold about you, why we use it, and how we keep it safe. It also explains your rights and how you can get in touch if you have any questions or concerns.
Our practice uses your personal data for the purposes shown below.
The main lawful basis for our processing is because it is necessary for a public task and medical purposes.
We may also process data for our legitimate interests or in the public interest
Some of your personal information is transferred outside of the UK to EU Member States. This is permitted under GDPR under Article 49 (1) (d), because the transfer is necessary for the performance of your employment contract. We ensure that we have the necessary safeguards in place to protect your personal data when transferred.
How Elmham Surgery shares your information
Your information will be shared with other healthcare organisations involved in your care.
This includes Primary Care Network, hospitals and community providers, community services (such as social prescribing), and external providers supporting services like local authorities, continence supplies, medical reports, or diabetic eye screening.
Only the minimum necessary information is shared, and appropriate safeguards are always in place.
Systems like the Summary Care Record and GP Connect allow your doctors and nurses to securely access key medical details (such as medications, allergies, and history) wherever you receive treatment, particularly in urgent situations.
Who Elmham Surgery shares your information with
We share your information with trusted organisations where necessary to provide your care and manage our services.
These include:
- NHS organisations (such as hospitals and NHS England)
- Clinical system and IT providers
- Organisations that provide secure storage of records
- Specialist services that support patient care
All organisations are carefully checked and have contracts in place to protect your information.
We only share the minimum information necessary for each purpose.
A full list of organisations we work with is available on request.
Our legal basis for using and sharing your information
We share your personal information to provide your care and manage our services.
This is usually under a legal basis such as providing healthcare (public task), legal obligation, or vital interests in emergencies.
This means we do not rely on patient consent to use your information for your care.
However, we will always respect your rights and choices where these apply.
Sometimes we are required by law to share your information and may not always be able to discuss this with you in advance.
This may be for reasons such as NHS England extractions, safeguarding, preventing or detecting crime, or where required by law.
Your Data Protection Rights
You have rights over how your personal information is used.
You can ask us to:
- tell you how we use your information;
- give you a copy of information we hold about you
- correct information you think is wrong or incomplete;
- delete information, in some circumstances;
- restrict how we use your information, in some circumstances;
- consider an objection to how we use your information;
- transfer information you gave us, in some limited circumstances;
- explain any automated decisions made about you.
Some rights do not apply in every situation. For example, we may need to keep information to provide your care, keep an accurate medical record, or meet legal requirements.
To use any of your rights, please contact the practice.
If you are unhappy with how we use your information, you can complain to us. You can also complain to the Information Commissioner’s Office via their website(opens in a new tab).
Planning and research
Your health information is used to care for you.
It can also help the NHS plan services and support research.
You can choose not to have your confidential patient information used for planning and research. This will not affect your care.
There are two main choices:
Type 1 opt-out
This tells your GP practice not to share your identifiable GP record information outside the practice, except when it is needed for your care.
Contact your GP practice to set a Type 1 opt-out.
National Data Opt-out
This tells health and care organisations in England not to use your confidential patient information for planning and research, where the opt-out applies.
Set or change your National Data Opt-out. opens in a new tab)You can change your choice at any time.
Online access to your records
You can view parts of your GP health record online using the NHS App or a web portal.
This may include test results, medications and consultation notes, but it may not show everything we hold about you.
Please keep your login details secure and do not share them. If you have shared access, you should review this regularly.
If you would like a copy of your full record, you can make a Subject Access Request to the practice.
If you would like to exercise any of your rights, please contact the practice's data protection officer
How long Elmham Surgery keeps your records for
We keep your personal information for as long as it is needed to support your care and meet our responsibilities.
Your GP medical record is usually kept for the lifetime of the patient and then for a period after death in a national record system.
Some types of information, such as administrative records, complaints or correspondence, may be kept for shorter or different periods depending on their purpose.
We follow the NHS Records Management Code of Practice, which sets out how long different types of records should be kept.
More information about the NHS Records Management Code of Practice(opens in a new tab)
How Elmham Surgery keeps your records safe
We take the security of your personal information seriously and have robust measures in place to protect it. Your records are stored on secure systems with strict access controls, meaning only authorised staff involved in your care can view them. All staff are trained in confidentiality and data protection, and we regularly review our systems to ensure information is handled safely and appropriately. We use a combination of technical and organisational safeguards, including secure networks, encryption, and audit logs to monitor access to records. We also follow NHS and legal standards for information security, ensuring your data is protected against unauthorised access, loss, or misuse at all times.
We use AI note takers
We use technology, including AI, to help create notes during or after your consultation.
This helps ensure accurate records and allows clinicians to focus on you. All notes are reviewed and approved by a healthcare professional. You can choose not to have it in your consultation.
We use AI document management
We use technology, including AI, to help process documents such as hospital letters and test results.
This helps ensure information is added to your record accurately and promptly. Any decisions about your care are always reviewed and made by a healthcare professional.
We use an AI receptionist
We use technology, including AI, to help manage enquiries, such as booking appointments or answering common questions. It uses information you provide to direct your request, but it does not replace clinical judgement. You can still contact the practice directly.
We use Case Finding technology
We may use your information to identify if you could benefit from additional support or care.
This involves using technology to review patterns in your record. Any decisions about your care are always made by a healthcare professional.
We record incoming and outgoing calls
We record incoming and outgoing calls to help improve our services, support training, and ensure patient and staff safety. Recordings are only accessed where necessary, kept for a limited time, and securely deleted.
We send texts messages
Where you have provided a mobile number, we send texts to either support your healthcare (appointments, test results) or to manage wider healthcare communications (practice closures, events).
Further information regarding Artificial Intelligence (AI) and Your Healthcare Provider