England | Scotland | Wales | Northern Ireland | Ireland
Get the latest NHS information and advice about coronavirus (COVID-19).
Check if you or your child has coronavirus symptoms
Find out about the main symptoms of coronavirus and what to do if you have them.
Self-isolation and treatment if you have coronavirus symptoms
Advice about staying at home (self-isolation) and treatment for you and anyone you live with.
Testing and tracing
Information about testing for coronavirus and what to do if you're contacted by the NHS Test and Trace service.
People at high risk
Advice for people at higher risk from coronavirus, including older people, people with health conditions and pregnant women.
Social distancing and changes to everyday life
Advice about avoiding close contact with other people (social distancing), looking after your wellbeing and using the NHS and other services during coronavirus.
GOV.UK: coronavirus – guidance and support
Government information and advice.
Hartley Corner SurgeryTel: 01252 872333
Monteagle SurgeryTel: 01252 872333
Yateley Medical CentreTel: 01252 872333
You have the right to share data on your terms.
We share information from your medical records in a number of ways.
In North East Hampshire & Farnham, a number of data sharing schemes are running that involve either extracting and uploading information from your GP record to a 3rd party data controller, a data processor, or making information from your GP record visible to other healthcare professionals.
You have the right to control how your personal information is used and who has access to it.
You can do this by opting out of any or all of these schemes. And you can opt back into any of the schemes, at any time.
We have detailed information about all of these schemes in our "Your Medical Records" booklet.
Our universal opt-out formto opt out of any or all of the schemes below
This is a national centralised database of limited medical information (allergies and medication only), extracted and uploaded from your GP record to NHS Digital.That information is then potentially available to medical staff nationwide.There are no secondary uses of the SCR, and data uploaded to the SCR database is neither shared nor used beyond that required to provide direct medical care.Clinicians at SCAS NHS 111 can access the SCR.
SECAMB (our local ambulance service) can access the SCR in its 999 Emergency Operations Centre. However, front-line ambulance crews doe not have access to it.
Frimley Park Hospital does have access to the SCR (see here for a list of departments that do).
Our community health services (such as district nurses and health visitors) have access but infrequently use the SCR.
This is a complex, localised centralised database of very large amounts of medical information extracted and uploaded from your GP record to NHS South, Central and West CSU, where it is combined with information from hospital records, community care records, social care records and mental health records.That combined information is then potentially available to medical staff across Hampshire (i.e. regionally), by a large number of organisations (NHS, non-NHS and private).
Please note that you may not be asked for your explicit permission before your HHR information is accessed by a clinician.
In the majority of occasions, your explicit consent will be obtained prior to your HHR being accessed by a clinician, but that may not always be the case. Whilst access to the HHR has always been permissible (under the DPA and common law) in a true emergency, when a patient is incapable of consenting (e.g. unconscious), clinicians are seemingly able to access the HHR of a patient in advance of a routine consultation (even though consent could easily be obtained prior to the appointment).In addition, uploaded data is processed for secondary purposes by some - but not all - organisations uploading to the database.Oakley Health Group does not allow secondary processing of our patients' uploaded GP records.
Our data sharing agreement with the CSU can be seen here.Neither Frimley Park Hospital, nor the Royal Berkshire Hospital, nor The Royal Surrey County Hospital upload to (or access) the HHR.
No departments or wards within Frimley Park Hospital access the HHR, nor are they any plans to enable this.
SECAMB (our local ambulance service) does not access the HHR.
Our community staff (district nurses & health visitors) have access to the HHR.All our community nurses already have full access to the GP records of our patients (through our EMIS Web clinical system).
Phyllis Tuckwell Hospice Care and SCAS NHS 111 can – with your explicit consent – access details of your GP record should you be referred to that organisation or have need to contact NHS 111. Your information is only available locally with this scheme.No data from your GP record is extracted, uploaded or “sent” anywhere with this system – it is “viewed” in real time.
Except for in a genuine emergency, you will always be asked for your explicit permission before your GP record is accessed in this way.
More information about this can be found in our PTHC fact sheet and ourSCAS NHS 111 fact sheet.
Our PTHC data protection impact assessment (DPIA):PTHC DPIA
Our SCAS NHS 111 data protection impact assessment (DPIA):SCAS NHS 111 DPIA
Secondary purposes are those unrelated to your direct medical care.Examples include using your information for research, audit, healthcare planning, risk profiling (or “stratification”), "population health management", extraction of sick note data to the DWP, commercial and even political uses.
Currently, Oakley Health Group processes the following for secondary uses:
From January 2019, Oakley Health Group recommenced risk stratification for case finding, details of which can be found in our dedicated factsheet.Our Risk stratification DPIA can be found here.
GP surgeries are sometimes required by law to extract and upload data to NHS Digital. We are required by law to let patients know about these and of their right to opt-out (fair processing information).
One such mandatory extraction is for Individual GP Level Data - you can read about it here.
Another mandatory data collection is the National Diabetes Audit - you can read about it here.
The other mandatory data collection is the extraction of sick note data to NHS Digital (and thereafter to the DWP), as mentioned above.
If you have opted out of secondary uses of your GP record, then data from your GP record will not be extracted and uploaded to NHS Digital for these purposes.
You can read more about Type 1 secondary uses opt-outs in our factsheet.
You can also read our section on the National Data Opt Out.
Oakley Health Group uses data processors to perform certain administrative tasks for us, particularly where these involve large numbers of patients.
EMIS Health Ltd hosts our electronic GP patient records database at their secure servers in Leeds. As such, EMIS is acting as the data processor.
We have a contract with Docmail Ltd to permit them to send out letters from the surgery to patients, for example, to invite them for a flu vaccination. We provide names and addresses only, and a template letter, to Docmail, who then create and post the letters out.
Our data sharing agreement with Docmail Ltd is here.
We also have a contract with Hampshire County Council (HCC) to enable them to invite patients for an NHS Health Check on our behalf. Again, we provide demographic data, plus date of birth, to HCC, who then create and post the letters of invitation out.
Our data sharing agreement with HCC is here.
We also have a contract with Content Capture Ltd to digitize the paper (“Lloyd George”) records of our patients, which will be ultimately imported into the electronic GP record. Once this has been completed, the paper record will be securely destroyed.
Our data sharing agreement with Content Capture is here.
You can opt back into any of the above-mentioned schemes, at any time.If you are not sure what you have already opted out from, then please do contact the Caldicott Guardian, Dr. Neil Bhatia, and he will be able to tell you.Our "opting back in" form can be found here.
A small number of routine, pre-bookable Sunday morning GP appointments are available to patients of Oakley Health Group.This service is being provided by Frimley Primary Care Services (FPCS), our local GP out of hours provider (part of North Hampshire Urgent Care).16 x 15-minute GP appointments will be available every Sunday morning and will be bookable via the surgery, in the normal way, if required.
As part of this service, the GP that you see at FPCS will necessarily require access to view your full GP record, and permission to record that consultation directly in your GP record. These types of GP appointments are known as “remote consultations”.
Any accesses to your GP record for remote consultations are recorded and auditable, and are only permissible in this way
Full details about this can be found in our factsheet.
We provide a confidential service to all our patients, including under 16s. This means that you can tell others about a visit to the surgery, but we won't.
You can be sure that anything you discuss with any member of this practice– family doctor, nurse or receptionist – will stay confidential.
Even if you are under 16 nothing will be said to anyone – including parents, other family members, care workers or tutors – without your permission. The only reason why we might have to consider passing on confidential information without your permission would be to protect you or someone else from serious harm. We would always try to discuss this with you first.
Confidential patient data will be shared with the healthcare team at the practice, including nursing staff, admin staff, secretaries and receptionists, and with other healthcare professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality.
All of our medical records are held on the surgery server. We do not hold any records on laptops, USB sticks or other portable devices.
Read about Confidentiality at Oakley Health Group in our booklet
If you would like any further information about primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing, then please do contact the surgery’s Caldicott Guardian / Information Governance lead:Dr Neil Bhatia Neil.Bhatia@nhs.net
This privacy notice explains why Oakley Health Group collects information about you, how we keep it safe and confidential, and how that information may be used.
Oakley Health Group places privacy and data protection at the heart of all its processing.
Download this privacy notice as a pdf
Download our privacy notice for children as a pdf
Why we collect information about you Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare.
We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as outcomes of needs assessments. Details we collect about you
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously or elsewhere (e.g. NHS Hospital Trust, other GP Surgery, Out of Hours GP Centre, A&E, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
Records which we may hold about you may include the following:
How we keep your information confidential and safeAll your GP NHS health records are kept electronically. Our GP records database is hosted by EMIS Health Ltd, who is acting as a data processor, and all information is stored on their secure servers in Leeds, is protected by appropriate security, and access is restricted to authorised personnel.
We also make sure that data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We only email you, or use your mobile number to text you, regarding matters of medical care, such as appointment reminders and (if appropriate) test results. Unless you have separately given us your explicit consent, we will not email you for non-medical matters (such as surgery newsletters and other information).
We maintain our duty of confidentiality to you always. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
How we use information about you
Confidential patient data will be shared within the healthcare team at the practice, including nursing staff, admin staff, secretaries and receptionists, and with other healthcare professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality.
Details of who is authorised to access your GP record can be found in our “Your Medical Records” section.
Oakley Health Group uses data processors to perform certain administrative tasks for us, particularly where these involve large numbers of patients. Details of these data processors can be found in our “Your Medical Records” section.
Referrals for specific health care purposes
We sometimes provide your information to other organisations for them to provide you with medical services. We will always inform you of such a referral and you always have the right not to be referred in this way. These include:
Data Sharing Schemes
A number of data sharing schemes are active locally, enabling healthcare professionals outside of the surgery to view information from your GP record, with your explicit consent, should that need arise. These schemes are as follows:
Details of these schemes, and of your right to opt-out of any or all of them, can be found in our “Your Medical Records” section.
Mandatory disclosures of information
We are sometimes legally obliged to disclose information about patients to relevant authorities. In these circumstances, the minimum identifiable information that is essential to serve that legal purpose will be disclosed.
That organisation will also have a professional and contractual duty of confidentiality. Data will be anonymised if at all possible before disclosure if this would serve the purpose for which the data is required.
Organisations that we are sometimes obliged to release information to include:
In the event of actual or possible legal proceedings, we may need to disclose information from an individual’s GP record to a medical defence organisation.
Permissive disclosures of information
Only with your explicit consent, Oakley Health Group can release information about you, from your GP record, to relevant organisations. These may include:
Accessing your information on other databases
Oakley Health Group can access certain medical information about you, when relevant or necessary, that is held on other databases (i.e. under the control of another data controller). These include Frimley Park Hospital databases and NHS Digital’s Open Exeter database. Accessing such information would only be for your direct medical care.
Oakley Health Group sometimes undertakes accredited research projects. Where this involves accessing identifiable patient information, we will only do so with the explicit consent of the individual and Research Ethics Committee approval, or where we have been provided with special authority to do so without consent (s251 HRA/CAG approval, e.g. for the National Cancer Diagnosis Audit).
Oakley Health Group is not currently involved with other research projects such as the Clinical Practice Research Database (CPRD) or QResearch, and we do not permit secondary processing (e.g. for research or "analytics") of our patients’ information uploaded to the Hampshire Health Record.
Your right to opt-out of sharing your information
You have the right to opt-out (or object) to ways in which your information is shared, both for direct medical care purposes (such as the national NHS data sharing schemes), i.e. primary uses of your information, or for purposes other than your direct medical care – so called secondary uses.
Details of these purposes, and how you can opt out, can be found in our “Your Medical Records” section.
Accessing your own medical information
You have the right to access your own GP record. Details of how to do this can be found in our “Your Medical Records” section.
You can also sign up to have secure online access to your electronic GP record. Again, details of how to do this can be found in our “Your Medical Records” section.
Lawful bases for processing and the EU GDPR
Detailed information (individual privacy notices) about all our data processing activities, including lawful bases, can be found on our website, upon request from the surgery, or from the Data Protection Officer (Dr Neil Bhatia).
We rely upon Article 6(1)(e) Official Authority and Article 9(2)(h) Provision of Health for much of our processing, in particular:
• Maintaining your electronic GP record• Sharing information from, or allowing access to, your GP record, for healthcare professionals involved in providing you with medical care• Referrals for specific health care purposes• The NHS data sharing schemes• Our data processors• Organising your prescriptions, including sending both paper and electronic prescriptions to your chosen pharmacy• Some permissive disclosures of information• Accessing your information on other NHS organisation databases
We rely upon Article 6(1)(d) Vital Interests and Article 9(2)(h) Provision of Health to share information about you with another healthcare professional in a medical emergency.
We rely upon Article 6(1)(c) Legal Obligation and Article 9(2)(h) Provision of Health for mandatory disclosures of information (such as to NHS Digital, CQC).
We rely upon Article 6(1)(a) Consent and Article 9(2)(h) Provision of Health for certain permissive disclosures of information (such as to insurance companies).
We rely upon Article 6(1)(e) Official Authority and Article 9(2)(j) Research for accredited research undertaken in the surgery, with your explicit consent.
The Data Protection Act 1998 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
We are registered as a data controller and our registration certification is available here.
Data Protection Officer (DPO)
Dr Neil Bhatia has been designated as the Data Protection Officer for the surgery
If you have concerns or are unhappy about any of our services, please contact the Business Manager. Details of how to complain are available in surgery.
For independent advice about data protection, privacy, and data sharing issues, you can contact: The Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Phone: 08456 30 60 60Website:www.ico.gov.uk
If you would like any further information about primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing or your medical records, then please do contact the surgery’s Caldicott Guardian / Information Governance lead:Dr Neil Bhatia Neil.Bhatia@nhs.net
We ask all our patients to provide us with their mobile phone numbers and their email address, if they have them and should they so wish.
We use your mobile phone number in two ways:
The texts that we send are only ever related to your medical care - for example, reminding you of a forthcoming appointment at the surgery, an invitation for a check-up or immunisation, or to inform you that a blood test or x-ray result is back.
We do not use SMS for direct marketing in any way.
If you would prefer us not to ring you on your mobile phone then please say so and we will either not add your mobile phone number to your record, or remove any existing mobile phone number.
If you would prefer us not to send you SMS text messages - but you are happy for us to ring you on your mobile phone (when needed) - then please say so and we will mark your record as "no SMS text messages".
We occasionally use email to communicate with our patients, again for matters related to your direct medical care.
Unless you have separately given us your explicit consent, we will not email you for non-medical matters (such as surgery newsletters and other information).
If you would prefer us not to email you then please say so and we will either not add your email address to your record, or remove any existing email address.
In line with the GDPR requirements, Oakley Health Group provides fair processing information about all data processing activities.
Download all the privacy notices on this page as an indexed booklet.
General information sharing for direct medical care We share relevant information from your medical record with other health or social care staff or organisations when they provide you with care
Video recording of surgery consultations
Access to your GP record We allow access to your medical record for healthcare professionals working with the surgery to provide you with care
NHS Data Sharing databases We allow access to relevant information from your medical record, with your explicit consent, to healthcare staff working in A&E, the GP out-of-hours service and the Ambulance service.
Statutory Disclosures of information We are sometimes required by law to share relevant information about you to certain organisations
Permissive Disclosures In certain circumstances, the surgery can agree to share relevant information about you to certain organisations (usually with your explicit consent)
Data Processors A number of organisations help us manage your medical information on our behalf, under our instruction and control
Pharmacies We share relevant information from your medical record with pharmacies when they provide you with medical care and process your prescriptions
Accessing your information on other databases We can access information about you held by other organisations, in order to help us provide you with medical care and so that we can assist authorities with the national screening programmes
Legal Proceedings and Complaints We share relevant information about you in certain circumstances
Research With your explicit permission, we undertake and support accredited medical research within the practice
Research (authorised by s251)If so authorised, we undertake and support accredited medical research by providing medical information extracted from GP records
Patient Online If you wish, you can have secure online access to your medical record
Communicating with our patients With your permission, we can use SMS messages and emails to communicate with you
Your data rights The law allows you certain rights over your GP medical record
The Right to ObjectA specific data right related to how we process your GP records.
Oakley Health Group provides full and detailed fair processing information about how your personal and sensitive data is processed by the surgery. Details can be found in this "Medical Record" section, with external links to more detailed information.
You have to right to ask for factual inaccuracies in your GP record to be corrected.
You have to right to access your own GP medical record. You can:
See our "Access to Your Medical Record" section.
You have right to control how information from your GP record is shared outside of Oakley Health Group and used by the surgery.
You have the right to opt-out - to "object" - to any or all of the data sharing schemes (and the right to opt back in, whenever you like, if you choose to).
Fill in Our universal opt-out form
For Oakley Health Group, the Type 1 (9Nu0) secondary uses objection will prohibit your information from being uploaded to NHS Digital for:
The National Data Opt Out will prohibit personal confidential information being shared/disseminated/sold by NHS Digital for purposes other than for your own direct care.
Just ask in person at the surgery, or in writing, or by email.We will then only ring you on your mobile phone (if we need to).
Just ask in person at the surgery, or in writing, or by email.We will then remove your email address from your GP record.
You will only receive such messages (newsletters, surveys, general information etc) if you have given us your separate, explicit consent to do so.To withdraw your consent, simply ask in person at the surgery, or in writing, or by email.We will then no longer send you any such messages.
Download this page as a pdf
You have the right to get a copy of information that is held about you.This is known as a subject access request.
If you do wish to make a subject access request then:
Please let us know exactly what information you would like.
We will strive to provide the information within 28 calendar days.
There is usually no fee for this.
We will also provide you with a link to the "supplementary information", which for nearly all such requests will be the detailed privacy notice for our GP records database (EMIS Health Ltd).
NHS Digital launched the National Data Opt Out on 25th May, to coincide with the EU GDPR. www.nhs.uk/your-nhs-data-matters
They have produced a brief fact sheet about it, downloadable here.
You can download the contents of this web page as a pdf.
What is the National Data Opt Out (NDOO)?
The NDOO is a mechanism by which individuals in England can control, to a limited degree, certain aspects of their confidential medical information and, in particular, what NHS Digital can do with it once in their possession.
The NDOO only applies to confidential information, that is medical information that can identify you, for example by containing your name, DOB, address, NHS number etc.
And the NDOO only applies to uses of your confidential medical information for secondary purposes, that is unrelated to, and beyond, the direct medical care that GP surgeries and other healthcare organisations provide you with when you are unwell, or to keep you well. Secondary purposes include healthcare planning, audit, population analytics, “risk stratification”, research, "commissioning", commercial and even political uses.
The NDOO is not limited to electronic data and so includes paper records. It simply replaces the Type 2 (9Nu4) opt-out that has been in force for some years, and which you were able to express, together with the Type 1 (9Nu0) objection, via your GP surgery.
If I set, or keep, my NDOO status at “do not allow”, what will this mean?
What will the NDOO/Type 1 objection NOT do?
What about Research?
The NDOO/Type 1 objection will in no way prevent you from taking part in accredited medical research, at your GP surgery/local hospital/other health organisation, where you have given your explicit consent to be involved (i.e. you have been asked first).
They will in no way prevent you from:
Being contacted by your GP to invite you to take part in any research
Granting researchers access to your medical records, or information extracted from your medical records - with your permission
The National Data Opt Out doesn't stop you contributing to any research where you are asked first.
It only stops the use of your confidential medical information where you are not asked before your data is taken and used.
Will the NDOO stop my confidential GP information being uploaded to NHS Digital in the first place?
NHS Digital does not rely upon section 251 approval (anymore) for data gathering, preferring instead to make such data collections compulsory under section 259 of the Health and Social Care Act.
However, the existing secondary uses, Type 1 (9Nu0), opt-out that many people have in force on their GP record will prohibit data (confidential and, in some cases, de-identified) from being extracted and uploaded from your GP record to NHS Digital.
In addition, the Type 1 opt-out will also prohibit section 251 approved data extractions, for example for “risk stratification”, as well as the mandatory section 259 extractions.
So how do I maximally limit secondary uses of my medical records, beyond my direct medical care, should I wish to?
What about preventing NHS Digital releasing or disseminating anonymised and pseudonymised data about me?
You cannot – directly. And you have no control over why they are doing this, for what purpose(s), and to which organisation they are releasing your information to.
But you can limit how much information NHS Digital gathers about you from healthcare organisations, by maximally limiting the secondary uses of your medical records, as described above.
So how do I set, check, or update my National Data Opt Out status?
If you had previously requested a Type 2 objection to be in force, via the surgery, then this will have automatically have set your NDOO status to “do not allow”. You should have received a letter from NHS Digital, confirming this, in due course. Any children aged 13yrs or over will have received their own letter as well.
It is no longer possible to directly view, set or change your NDOO status at your GP surgery.
Anyone aged 13yrs or over can set their NDOO status via an online service at www.nhs.uk/your-nhs-data-matters
Anyone aged 12yrs or younger, or if you are acting on behalf of another individual (i.e. as a proxy, perhaps with lasting power of attorney authority) cannot do this online but will have to ring 0300 330 9412 instead (or via other so-called “non-digital” methods).
Where can I find more information about sharing my medical information?
If you would like any further information about the NDOO, GDPR, primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing or your medical records, then please do contact the surgery’s Caldicott Guardian / Information Governance lead / Data Protection Officer: Dr Neil Bhatia Neil.Bhatia@nhs.net
Copyright 2006 - 2020 My Surgery Website | Privacy & Usage | Edit | Staff Home | Site Map | Accessibility | Site T&C's | Service T&C's