Practice Policies

We ask you for personal information so that you can receive appropriate care and treatment. This information is recorded on computer and we are registered under the Data Protection Act. The practice will ensure that patient confidentiality is maintained at all times by all members of the practice team. However, for the effective functioning of a multi-disciplinary team it is sometimes necessary that medical information about you is shared between members of the team. This information may also be shared with other external healthcare professionals unless you advise the surgery that you wish to ‘opt out’ of this information sharing initiative.

The principles of confidentiality apply equally to all patients regardless of age. Young people (including those under 16) are entitled to equal confidentiality as all other patients. This includes respecting their wishes to withhold information from parents or guardians. The GP involved will determine the competency of a young person seeking treatment and will determine the extent to which confidentiality guidelines apply in each case. Prescriptions and some of the consultation records are run entirely on computer.

At Tower House Surgery, we are committed to protecting the personal information of our patients, staff, and business contacts. Our Data Protection Policy aligns with the principles of the Data Protection Act 2018 to ensure secure, lawful, and fair handling of personal data.

Key Principles of Data Protection

We uphold the six data protection principles:

1. Process personal data fairly, lawfully, and transparently.
2. Collect and use data only for specified, lawful purposes.
3. Ensure data is adequate, relevant, and not excessive.
4. Keep data accurate and up to date.
5. Retain data only as long as necessary.
6. Process data securely to prevent unauthorised access, loss, or destruction.

Responsibilities

Employee Responsibilities:
All employees are trained to:

• Follow the Data Protection Act principles.
• Collect and process data only for lawful purposes.
• Ensure data is accurate, securely stored, and properly disposed of when no longer needed.
• Notify the Practice Manager of requests for personal information.
• Report any breaches or risks to data security promptly.

Practice Responsibilities:
Tower House Surgery will:

• Appoint a Data Protection Officer (DPO) to oversee compliance.
• Provide training and clear procedures for handling personal data.
• Ensure compliance with the National Data Opt-Out Policy.
• Respond to subject access requests in line with the law.
• Protect patient and staff records from unauthorised disclosure.

Patient Information

We maintain personal information on secure systems to support your healthcare needs. Your records are accessible only to authorised staff trained in confidentiality.

• Sharing Information: We may share details with those involved in your care or when legally required, such as in public health emergencies or court orders.
• Consent: Written consent is needed for non-care-related disclosures, such as insurance reports.
• Privacy Measures: We do not disclose information over the phone, to third parties, or leave messages without your prior consent.

Commitment to Security

We ensure robust safeguards for all data to prevent accidental loss or breaches. All staff contracts include confidentiality clauses, and we regularly assess our compliance to mitigate risks.

You have the right to view your own records. To request access, please submit your request in writing, addressed to the Practice Manager.

For further information, please contact our Practice Manager (Data Protection Officer) in writing.

At Tower House we are committed to fostering an inclusive workplace where diversity is celebrated, and every individual is treated with respect and fairness. Our goal is to create an environment where everyone feels valued and empowered to contribute to their full potential.

We provide equal opportunities for all, regardless of age, disability, gender, race, religion or belief, sexual orientation, marriage and civil partnership, pregnancy and maternity, or gender reassignment. We strictly adhere to the principles of the UK Equality Act 2010 and take active steps to ensure fair treatment in all aspects of our employment practices.

By promoting diversity and inclusivity, we aim to enhance our creativity, innovation, and success. We believe that a diverse team strengthens our ability to achieve excellence and meet the needs of the community we serve.

If you have any questions about our commitment to equality and diversity or require adjustments during the recruitment process, please feel free to contact the Practice Manager.

Our Fair Processing Notice is available in PDF form below. A more simplified version is available on request.

Fair Processing Notice (PDF, 242KB)

What we share and why (PDF, 205KB)

The national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs.

Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by calling 0300 3035678.

By 2020 all health and care organisations are required to be compliant with the national data opt-out policy. NHS Digital and Public Health England are already compliant and are applying national data opt-outs.

A zero tolerance policy towards violent, threatening and abusive behaviour is now in place throughout the NHS.

Our staff have the right to do their work in an environment free from violent, threatening and abusive behaviour and everything will be done to protect that right.

At no time will any violent, threatening or abusive behaviour be tolerated in this practice. If you do not respect the rights of our staff we may choose to inform the police and make arrangements for you to be removed from our list of registered patients.