Text size
Change contrast

A number of pages throughout this site may invite users to complete forms including their personal details. There is no requirement to fill in these forms in order to view general material on this site. If do you wish to complete a form with your details you should note the following:

All information collected on forms will be submitted via email. NHS Wolverhampton and this GP practice operates highly secure Electronic mail systems in line with National Health Service requirements, we are, however, unable to guarantee that your email service provider is able to offer the same level of security.

If you are sending confidential information to this practice  via email we assure you that once it reaches our network we will ensure its confidentiality and security, we cannot offer the same assurance for your email service provider. This means that any email you send is sent unsecured across the internet.

If you have any questions about your own email security please contact your service provider or if you have any questions about this service or NHS confidentiality please contact the Patient Advice and Liaison service on 01902 445378.

Information submitted to the practice  via this web site will be used solely for the purpose for which it is collected, and will not be passed on to other areas of Trusts within the NHS Wolverhampton, nor to any other organisation outside this Community, without your explicit permission. The purpose for which the information is collected will be made clear.

We have implemented security procedures and technical measures to protect any personal data which is kept by the practice from

  • Unauthorised access.
  • Improper use or disclosure.
  • Unauthorised modification.
  • Unlawful destruction or accidental loss.

Practice employees who have access to personal data are obliged to respect confidentiality, they are bound by confidentiality contract clauses and the duties of common law.

NHS Wolverhampton and this practice abides by the Data Protection Act of 1998 in the holding and processing of your personal data. The Practice Manager is happy to answer any enquiries and may be contacted by letter or phone.

If you are using a public computer and do not wish others to be able to go back to view the details you have typed into a form on the web it is advisable to clear the contents of the form and your cache (temporary internet files) before leaving the computer.

Some information is collected automatically by the web server and is used by NHS Wolverhampton, in aggregate form, for statistical analysis of visits to the site.

Further information on Data Protection issues can be found at www.ico.gov.uk

We do not use cookies for collecting user information and we will not collect any information about you except that required for system administration of our web server.

Link Policy

All links from this website are selected using our links policy. Links are provided for information and convenience only. We cannot accept responsibility for the sites linked to, or the information found there. A link does not imply an endorsement of a site; likewise, not linking to a particular site does not imply lack of endorsement.

You do not have to ask permission to link directly to pages hosted on this site. However, we do not permit our pages to be loaded into frames on your site. The pages must load into the users entire window. You must not use the NHS logo to link to our site without prior permission.

Accuracy

This website is committed to the highest standards of information quality. Every effort is taken to ensure that the information contained in this website is both accurate and complete. However, NHS Wolverhampton and the practice gives no warranty, either expressed or implied, as to the accuracy of the information on this website and accepts no liability for any loss or inconvenience caused as a result of reliance on such information.

In no way should any of the information found here be a substitute for professional medical care by a qualified doctor or other health care professional.

Availability

We cannot guarantee uninterrupted access to this website, or the sites to which it links. We accept no responsibility for any damages arising from the loss of use of this information.

Intellectual Property

The names, images and logos identifying the practice are the proprietary marks of the NHS. Copying our logos and any other third party logos accessed via this website is not permitted without the prior approval of the relevant copyright owner.

Virus Protection

We make every effort to check and test material at all stages of production. It is always wise for you to run an anti-virus programme on all material downloaded from the internet. We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system that may occur while using material derived from this website.

Patient Appointment and Consultation using the Babylon App

Please ensure that you have read the following information about how the Royal Wolverhampton NHS Trust (RWT) will use and process your data in connection with the delivery of the patient consultation and appointment booking service via the Babylon app and website. RWT is the Data Controller for information processed in connection with appointments and consultations only.

Any digital tools in the Babylon app or website,  such as Symptom Checker, Health check and Monitor are provided by Babylon Partners Limited (Babylon). Babylon is the sole data controller for any personal data collected in connection with these features.  RWT does not have access to that data. However, Babylon may share with RWT aggregated and anonymized data relating to the use of those features.

Why are we collecting your data?

People are increasingly using technology in almost every aspect of their lives. Here at The Royal Wolverhampton NHS Trust we are keen to provide a similar level of service, using technology to allow patients to access their GP remotely and to avoid any unnecessary hospital admissions or on-site appointments.

Any patient of an RWT GP practice will be encouraged to register for the service. Once registered and validated, patients will have access to book video or phone consultations via the Babylon app and website. Details of the consultation will be available to RWT staff, specifically named practice staff (i.e. GPs, Practice Nurses etc). A recording of the consultation will be held on the App, but the clinical notes relating to this will be recorded on your GP record (EMIS).

What data items will we process?

  • Your name
  • Your address
  • Your mobile phone number
  • Email address
  • IP address
  • Date of birth
  • NHS number
  • Reason for appointment
  • Consultation record

How will we use this data?

The data collected will be used to:

  • To make you aware of and invite you to register to use the appointment and consultation service
  • Allow Babylon to validate you as an RWT patient when you register for those services
  • Provide alternative access to your GP rather in attending in person
  • To support telephone or video calling

What is the legal basis for processing the data?

We are relying on the following legal basis to deliver the digital service to you, in connection with this notice:

  • 6(1)(e) ‘…for the performance of a task carried out………..in the exercise of official authority…

As an NHS organisation, we are legally required under the NHS Act 2006 to process personal data about you to support the delivery of your care. This also extends to communicating with you about ways of accessing the service and provision of services via digital means.

  • 9(2)(h) ‘….processing (special category data) is necessary for the purposes of preventive or occupational medicine…’ As a NHS organisation, we are authorised to process any health data to assist with your care and treatment.

Who will we share your data with outside of those in this programme?

The data we collect will be processed by Babylon for the purposes of facilitating video and phone consultations with your GP practice.  Babylon provide this under a contract with RWT and isacting as a data processor for RWT, in connection with those consultations.

How long will we process your data for?

All of our records are held and destroyed in accordance with the NHS Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained. We do not keep your records for longer than necessary.

All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required. For more information please see the Record Management Code for Practice for Health and Social Care 2016, retention schedules.

Any clinical information following your consultation will continue to be recorded on your GP record on EMIS, and this will not change as a result of this service. Any data relating to Babylon-provided features will be subject to the Babylon Privacy Policy.

What are your rights and how to enforce them?

You have the right to request a copy of any information held by the Trust as well as any supplementary information.   If you believe your information may be inaccurate or incomplete you can make a request to have your information reviewed and corrected in certain circumstances. Please contact rwh-tr.healthrecordsaccess@nhs.net.

If you choose to sign up for the service but change your mind and want to close the account this can be managed by contacting rwtprimarycare@nhs.net.

Where do I go if I want further information?

For further information on this processing or the uses of your data, in the first instance contact the Group Management Team on 01902 445920 or 01902 44660 who will direct you appropriately.

If you still have concerns or which to speak to someone independently about the use of your data under this initiative you can contact the Trusts Data Protection on the following address rwh-tr.IG-Enquiries@nhs.net

 

 

Privacy Notice – Horizon Call Recording Telephony system

This privacy notice explains about our PCN Telephony System, Horizon and partner Gamma who are responsible for the call recording. The core network integration between the Platform and Horizon provides a reliable way to record all incoming, outgoing and internal Horizon calls. Call recordings are stored encrypted for security and can be accessed online via a call recording portal that provides a multi-level permissions-based access. Inbound calls, the system will notify you that all telephone calls are recorded for auditing, training and monitoring purpose. Outbound calls will also be recorded for the same reason and this information can be found in this notice, displayed on our website and in the surgery. We lawfully do not require your consent; however, you do have the right to terminate the call if you do not wish for the call to be recorded. All calls made to the practice by a registered patient or from the practice to a registered patient, will be stored securely on Servers hosted by Gamma at their datacentre. All data originates from the caller into the practice or the practice dialing out to the recipient.

Personal data

 When a call is recorded we collect:

  • a digital recording of the telephone conversation
  • the telephone number of both parties (internal and external)
  • Personal data revealed during a telephone call will be digitally recorded for example name and contact details to deliver appropriate services.
  • Occasionally ‘special category’ personal information may be recorded where a customer voluntarily discloses health, religious, ethnicity or criminal information to support their request for advice and/or services.

We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.

1) Data Controller

Royal Wolverhampton NHS Trust

Practice Managers and Service Delivery Managers

2) Data Protection Officer

Raz Edwards, Royal Wolverhampton NHS Trust

3) Purpose of the processing Direct Health Care – To enable a safe two-way communication between patient and Surgery.

4) Lawful basis for processing.The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.

Article 9(2)(b) Carrying out of obligations under employment, social security or social protection law, or a collective agreement’

Article 9(2)(c) Vital interests of a data subject who is physically or legally incapable of giving consent.

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of

health or social care or treatment or the management of health or social care systems and services…”

*Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.

5) Recipient or categories of recipients of the processed data

Data is accessible by the Practice as the Data Controller for this information. Information may be accessed remotely by the supplier for support purposes. Making recordings available for the Practice, patients and other data subjects may request this.

6) Rights to object You have the right to object to some or all the information being

processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance

7) Right to access and correct You have the right to access the data that is being stored and have any inaccuracies corrected. There is no right to have accurate medical

records deleted except when ordered by a court of Law.

8) Retention period The recording data will be retained for 3 months on the Telephony

System hosted by Gamma, before being automatically deleted.

9) Right to Complain. You have the right to complain to the Information Commissioner’s

Office, you can use this link https://ico.org.uk/global/contact-us/

or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745

(national rate)

* “Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as ‘judge-made’ or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent. The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent.In practice, this means that all patient information, whether held on paper,  computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.

Three circumstances making disclosure of confidential information lawful are:

  • where the individual to whom the information relates has consented;
  • where disclosure is in the public interest; and
  • where there is a legal duty to do so, for example a court order

Categories of Personal Data

  • race;
  • ethnic origin;
  • political opinions;
  • religious or philosophical beliefs;
  • trade union membership;
  • genetic data;
  • biometric data (where this is used for identification purposes);
  • health data;
  • sex life; or
  • sexual orientation.

 

Medical Examiners Programme – Data Sharing Statement

The medical examiner office at our trust has been commissioned by NHS England and NHS Improvement to provide medical examiners to carry out independent scrutiny of the causes of death for non-coronial deaths of patients previously registered under your care. In order to undertake this duty, we will require access to records relating to relevant patients and their next of kin. This statement describes the information governance arrangements in place to facilitate this.

What information will we require and why?

In order to undertake our duties, we will require access to:

  • Medical and clinical records associated with deceased patients, which will be independently reviewed by our medical examiner
  • Contact details for relevant patients’ next of kin, so our medical examiners and medical examiner officers can contact them to ask if they have questions about the causes of death, and about any concerns they may have regarding the care before death.
  • The medical examiner or medical examiner officer will also contact the medical practitioner completing the Medical Certificate of Cause of Death, regarding the proposed causes of death. This interaction can be completed by correspondence (eg email), a verbal discussion is not normally required.

What is our UK GDPR basis for collecting this information?

Medical records associated with deceased patients are outside scope of the UK GDPR. However, next of kin details are within the scope of the UK GDPR. Our Trust is the controller for next of kin’s contact details, which we shall process under Article 6.1(e).

Under Article 6(1)(e) of the GDPR, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority invested in the controller. The information is being processed for the purposes of the medical examiner system, as part of the NHS Patient Safety strategy and within NHS Trust and NHS foundation trust functions for activities carried out in connection with the provision of health services. It is necessary for medical purposes and is undertaken by either a health professional, or a person who, in the circumstances owes a duty of confidentiality to the patient equivalent to that of a health professional. We will be clear with relevant organisations from which the information is requested, the purpose of collecting the information. Only information which is relevant to the medical examiner system will be collected.

How will we set aside the duty of confidence in order to review medical records of deceased patients? 

Secretary of State for Health and Social Care decision

NHS England and NHS Improvement, on behalf of NHS Trusts and NHS foundation trusts, submitted an application under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (‘section 251 support’) to process confidential information without consent.

The Secretary of State for Health and Social Care, having considered the advice from the Confidentiality Advisory Group, supported the application which means that confidential patient information can be shared with medical examiners by health and care organisations for the purpose of the medical examiner programme.

Details of the approved application  (ref: 21/CAG/0032) can be found on the Health Research Authority’s website https://www.hra.nhs.uk/planning-and-improving-research/application-summaries/confidentiality-advisory-group-registers/ .

The General Medical Council’s (GMC) Confidentiality Guidance advises that doctors should disclose relevant information about a patient who has died where disclosure is authorised under section 251 of the NHS Act 2006.

Paragraph 137 of the General Medical Council (GMC) guidance https://www.gmc-uk.org/ethical-guidance/ethical-guidance-for-doctors/confidentiality/managing-and-protecting-personal-information#paragraph-137 advises:

137 – Circumstances in which you should usually disclose relevant information about a patient who has died include:

  • the disclosure is permitted or has been approved under a statutory process that sets aside the common law duty of confidentiality, unless you know the patient has objected

Paragraph 103 to 105 of the GMC guidance https://www.gmc-uk.org/ethical-guidance/ethical-guidance-for-doctors/confidentiality/using-and-disclosing-patient-information-for-secondary-purposes#paragraph-103 advises:

103 – In England, Wales and Northern Ireland, statutory arrangements are in place for considering whether disclosing personal information without consent for health and social care purposes would benefit patients or the public sufficiently to outweigh patients’ right to privacy. Examples of these purposes include medical research, and the management of health or social care services. There is no comparable statutory framework in Scotland.

104 – Section 251 of the National Health Service Act 2006 (which applies in England and Wales) and the Health and Social Care (Control of Data Processing) Act (Northern Ireland) 2016 allow the common law duty of confidentiality to be set aside for defined purposes where it is not possible to use anonymised information and where seeking consent is not practicable.

105 – You may disclose personal information without consent if the disclosure is permitted or has been approved under regulations made under section 251 of the National Health Service Act 2006 or under the Health and Social Care (Control of Data Processing) Act (Northern Ireland) 2016. If you know that a patient has objected to information being disclosed for purposes other than direct care, you should not usually disclose the information unless it is required under the regulations.

How will we secure your information?

We have provided a copy of our organisational assurance checklist with this statement, which should provide you with confidence in our ability to process your data in a secure, lawful and transparent manner.

The Royal Wolverhampton NHS Trust