How we use your data


< Back to policies & procedures

How the NHS and care services use your information

St James Medical Practice is one of many organisations working in the health and care system to improve health care for patients.

Whenever you use a health or care service, such as attending Surgery for a consultation, Accident and emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your care, for instance, to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt-out please see NHS Your NHS Data Matters

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently’ compliant with the national data opt-out policy.

How We Keep Your Personal Information Safe

We take appropriate measures to secure your personal information and protect it against unauthorised or unlawful processing, as well as against its accidental loss, destruction or damage.

This includes ensuring both technical and organisation security measures are in place.

Technical Security measures include:

  • Using secure servers to store personal information
  • Using technologies to encrypt data in transit and at rest
  • Access permissions to restrict access only to staff that need it
  • Providing access to the minimum personal data necessary, using appropriate restrictions
  • Making the data anonymous, pseudonymised or unidentifiable whenever possible
  • Ensuring changes are authorised
  • Regular security testing and assurance

Our organisational security measures include:

  • Having organisational policies and procedures in place to protect your information
  • Ensure staff handling personal information receive relevant training
  • Ensuring formal agreements such as contracts or data sharing agreements are in place with other organisations that work with us and handle personal data
  • Making sure we check suppliers have good security before working with them

Where your data is located:

  • Your data remains within the European Economic Area (EEA), or within the UK
  • Your Lloyds George notes remain in our secure premises offsite with adequate safeguards in place to ensure its protection