NHS Patient records security breach
You may have read about the Information Commissioner's concerns regarding GP patient records, as reported in The Telegraph and The Times today (18th March).
This breach only affects GP surgeries running TPP's SystmOne patient records database.
Oakley Health Group uses EMIS Web as its patient database software, so please be assured that the breach will not affect any of our patients.
EMIS Web shares data in a completely different way to SystmOne. You can read all about NHS data sharing and Oakley Health Group, including how to opt-out of any or all of it, in our "Your Medical Records" booklet.
NHS Data Sharing at Oakley Health Group
The NHS shares information from your medical records in a number of ways.
In North East Hampshire & Farnham, a number of data sharing schemes are running that involve either extracting and uploading information from your GP record to a 3rd party data controller, or making information from your GP record visible to other healthcare professionals.
You have the right to control how your personal information is used and who has access to it.
You can do this by opting out of any or all of these schemes.
We have detailed information about all of these schemes in our "Your Medical Records" booklet.
Our NHS Data Sharing factsheet
brief details of all the data sharing schemes
Our universal opt out form
to opt out of any or all of the schemes below
The Summary Care Record
This is a national centralised database of limited medical information (allergies and medication only), extracted and uploaded from your GP record to the Health and Social Care Information Centre.
That information is then potentially available to medical staff nationwide.
The Hampshire Health Record
This is a localised centralised database of very large amounts of medical information extracted and uploaded from your GP record to NHS South, Central and West CSU, where it is combined with information from hospital records, community care records, social care records and mental health records.
That combined information is then potentially available to medical staff across Hampshire (i.e. regionally).
EMIS Web data streaming
Both A&E at Frimley Park Hospital and Frimley Primary Care Service GP out-of-hours centre, can – with your explicit consent at the time – access details of your GP record should you have need to attend either organisation. Your information is only available locally with this scheme.
No data from your GP record is extracted, uploaded or “sent” anywhere with this system – it is “viewed” in real time.
Secondary uses of your medical record
Secondary purposes are those unrelated to your direct medical care.
Examples include using your information for research, audit, healthcare planning, risk profiling (or “stratification”), "population health management", extraction of sick note data to the DWP, commercial and even political uses.
Data is nearly always extracted from your GP record and uploaded to a 3rd party database/data controller.
Oakley Health Group is planning to allow extraction and uploading of GP data for risk stratification purposes from 13th March.
- You can read more about this in our risk stratification information sheet
- The Data Sharing Agreement between Oakley Health Group and Monteagle Surgery can be found here
- Full details about the data extracted from your GP record can be found here
- This is a data extraction for secondary purposes and as such you have the right to opt-out of allowing your GP record to be processed in this way - full details in our information sheet
- Opting out of risk stratification will in no way effect your entitlement to full medical care from either your GP surgery or from any other NHS service (such as hospital trusts or community services)
Access to Medical Records
You have the right to get a copy of information that is held about you.
This is known as a subject access request.
In accordance with the Data Protection Act 1998, you are entitled to request to see your medical record, or obtain a copy of it.
Such requests should be made through the Practice Manager and may be subject to an administration charge.
Read about Access to your medical records in our booklet
Our access to medical records policy
We provide a confidential service to all our patients, including under 16s. This means that you can tell others about a visit to the surgery, but we won't.
You can be sure that anything you discuss with any member of this practice– family doctor, nurse or receptionist – will stay confidential.
Even if you are under 16 nothing will be said to anyone – including parents, other family members, care workers or tutors – without your permission. The only reason why we might have to consider passing on confidential information without your permission, would be to protect you or someone else from serious harm. We would always try to discuss this with you first.
Confidential patient data will be shared within the health care team at the practice, including nursing staff, admin staff, secretaries and receptionists, and with other health care professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality.
All of our medical records are held on the surgery server. We do not hold any records on laptops, USB sticks or other portable devices.
Read about Confidentiality at Oakley Health Group in our booklet
If you would like any further information about primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing, then please do contact the surgery’s Caldicott Guardian / Information Governance lead:
Dr Neil Bhatia