Confidentiality, Management of Records & CCTV Policy
The practice complies with data protection and access to medical records legislation.
Identifiable information about you will only be shared with others in the following circumstances:
- To provide further medical treatment for you, e.g. from district nurses and hospital services.
- To help you get other services, e.g. from social services. This requires your consent.
- When we have a duty to others, e.g. in child protection cases.
- Anonymised patient information may also be used at local and national level to help the Health Board and Government plan services, e.g. for diabetic care. This information would be unidentifiable information.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Welsh GP Record
What is in my Welsh GP Record? It is a summary of important information from your full GP medical record, which is available to selected Health Professionals in Out of Hours and certain Secondary Care providers:
- Your name, address and contact details
- Current medication and medication you have been prescribed in the last two years
- Allergies or any adverse reactions
- Current problems or diagnosis
- Results of any recent tests you have had in the previous year, for example, blood tests and x-rays
- It does not include any private discussions you may have had with your GP.
More information is available here.
Management of Records
Records and Information Management are key elements within the Information Governance Agenda, which steer the design and maintenance of appropriate policies and procedures. Records management will help ensure that we have the right information at the right time to make the right decisions. Organisations are required to create and manage records appropriately as set out in the requirements of the UK General Data Protection Regulation, the Data Protection Act 2018 and the Freedom of Information Act 2000.
Various standards and legislation govern the use of records within an organisation. These can include, but are not limited to administrative records, paper and electronic documents, emails, audio and video recordings, X-rays and CCTV footage.
- How we use your information
- Privacy Notice (Patients & Carers)
- Privacy Information for Children and Young People
- Individual Rights Request Form
- Records Management Policy
- Model publication scheme
- Freedom of Information Practice Publication
- Accurx Data Processing Agreement
- Penderi Community Counselling Services Privacy Notice
- All Wales Diabetes Prevention Programme: Privacy Notice
- Your Privacy Your Rights
- Barnardo’s Wellbeing Service Privacy Notice
CCTV Policy
There is CCTV in operation at Brynhyfryd Medical Centre. Please read the following information:
- Images will not be retained longer than is considered necessary, and will be then be deleted.
- All images will be held securely, and all access requests and access to images will be documented.
- Images may record individuals and / or record incidents. Not all recordings are designed to identify persons.
- Other than in accordance with statutory rights, the release or availability of Images will be at the discretion of the Caldicott Guardian or Information Governance Lead to the Practice, for the purposes of the Data Protection Act.
- Images are held to improve the personal security of patients and staff whilst on the premises, and for the prevention and detection of crime, and images may be provided to police or other bodies.
- Where access is granted in response to an application received, the image may be edited to exclude images of third parties who may be also included within the requested image. This may be necessary to protect the identity of the third parties. In these circumstances, the image released as part of the application may record / identify the “data subject” only.
- Images will be located by the Data Controller or authorised person.
- When assessing the content of the image released, the decision will be taken by the Data Controllers having due regard to the requirements of the Data Protection Act and Code of Conduct.