The new General Data Protection Regulations (GDPR) comes into force May 25th 2018 . As a UK organisations that process personal data of EU residents we need to ensure that we are compliant with this new regulation.
The regulations take the 1998 Data Protection Act requirements on Information Governance and Confidentiality to a new level of responsibility for businesses' with a focus on policies and procedures and patients rights. Organisations, such as our own have been mandated with informing patients and staff about the data we hold on them and how it is managed.
As a healthcare provider we already ensured that we follow strict codes on confidentiality and sharing of data, however with the introduction of GDPR we will be making a few policy changes specifically around consent and right to access review and amend data within your records. This will include a request for patients to re-consent to sharing medical information with family members or carers and access to medical records. The sharing of data under this regulation requires consent, we may ask you for consent to share with others who are involved in your direct care, a list is included in our privacy statement. You are entitled to refuse permission for any sharing or data extraction arrangements or to opt in as you chose. Please be assured we do not share you information for marketing purposes.
The phrase 'nothing about me without me' was a mantra of the NHS a few years ago.... under the GDPR it is more true now than ever.
If you have any queries regarding this or any other aspect of the implementation of GDPR please do ask either our Data Protection Officer - Dr S Edwards or our Practice Manager Mrs Denise Wait.