Frequently Asked Questions (FAQs)

About Sharing Information for Patients

Introduction

The FAQs answer frequently asked questions on how organisations share medical records to support patient care or improve services for local people. There are two main types of information that is shared:

• Personal information to provide direct care to you

• Anonymous information to provide support or improve services for local populations and patient groups.

Do tell us what you think and send us an email with any suggestions for improvement. We want to hear from you at info@ascroftmedical.co.uk

1. What is personal information?
Personal information is confidential information about identifiable individuals and includes dead as well as living people. It includes your name, address, post code, your date of birth and your patient number as well as details of your health and treatment.

2. How will I benefit from sharing my personal information?
Healthcare professionals will know how you prefer to stay well. You will not have to repeat your story every time you meet someone new. We will work with you as a team to make the best decisions about your diagnosis, treatment and care plan.
Each healthcare provider such as your GP practice, hospital or professional involved in your care held their own individual paper and electronic records about you and your treatment.

3. How is sharing personal information working now?
Improved IT systems in our area means that we can collect to support your care. We now have the ability, with your consent, to share information about you. You give consent so your GP sees information from us. There is no one person or healthcare organisation who is responsible for protecting all your data. Every organisation who offers you care and records personal information about you is responsible in law for the information they hold about you.
If you have a concern about an inaccurate record this can only be addressed by the data controller who will be the organisation who recorded that information and who held that record.

4. What are my choices on sharing personal information?
You choose whether to share or not to share your personal information. You can also choose which healthcare organisations and their professionals see your personal information. We can explain the benefits and risks of sharing personal information. We will mark your record so everyone knows your decision about sharing information.

5. Can I say yes and give consent to sharing my personal information when several organisations provide my care?
Yes. If your treatment needs the help of different healthcare professionals or social care services we will want to co-ordinate this to make sure different services work together. When the GP or hospital refers you for care co-ordination we will ask if you are happy to give your consent to share personal information to make this happen. If you give your consent
• You will not have to repeat your story every time to different providers.
• Different providers holding information about you to provide your care will know your preferences for sharing personal information.

6. Can I choose to share or not to share my personal information?
You can give your consent to share all or some of your personal information but you do not have to. We can explain the benefits and risks of sharing personal information. If you give consent to share your personal information to a healthcare organisation, they will record this as so everyone who can see your record in their organisation knows your decision.

If you do not want to share all or part of your record you need to tell your GP or health professional in the healthcare organisation that created information about you. They can mark specific parts of your record as private. Information marked as private will not be shared outside that organisation. They will record this so everyone who can see your record in their organisation knows of your decision. You can change your mind at any time.

7. Can I stop all my personal information being shared?
If you decide that you do not want any personal information shared with anyone else you inform healthcare organisation who will stop any information being shared.

8. What happens if I say no to sharing my personal information?
You will still be able to receive health services. However, you will need to tell each professional providing you with care about your medical history, your treatment, allergies and medication.

Decisions about your care may take longer; appointments and tests may be repeated. If you change your mind and want your personal information shared you tell the GP practice or professional treating you and they will mark your record.

9. What sensitive information will not be shared?
You may not want to share sensitive information or your previous history. If you want to keep sensitive information private and not shared please see your doctor to discuss this. Together you will decide how to mark your record to keep your sensitive information private.

10. Who sees my personal information with my consent?
GPs, hospital doctors, nurses, therapists, social workers and other health and social care professionals, who provide care to you. With your consent, they will be able to see your personal information. Safe and appropriate sharing of personal information to benefit individual patients will normally be the rule. There are strict rules on how and who is allowed to see your personal information.

11. Will private companies, agencies, voluntary organisations or charities providing me with care be able to see my personal information?
Yes. With your consent, people who work for private companies, agencies, voluntary organisations or charities that provide care to you such as home care to promote your health and wellbeing will be only able to see your personal information relevant to their job. There are strict rules on how and who is allowed to see your personal information.

12. Who will not be able to see my personal information?
• Your employer or your insurance company.
• Commissioners, public health professionals, researchers who do not provide direct care to you.
• Professionals working for local authority departments dealing with housing, council tax, housing benefits etc.

13. How is my personal information protected under the law?
Your personal information in computer records is protected under the Data Protection Act 1988 which means professionals can only see your personal information for the specific purpose of providing care direct to you. It is against the law to share or sell personal information to anyone else. There are strict rules on how and who is allowed to see your personal information.

14. Will I have to give my consent about sharing personal information every time I see my GP or a professional providing my care?
• No. Once your preferences about sharing personal information are recorded they remain on record. A professional providing care to you can always see information about you in their own organisation’s records.
• However, if they need to look at records of the care you get from another organisation they will always check with you that you are happy to share this information.

15. How can I see my GP medical record?
• You can talk informally to your GP who can show you your GP medical record at your appointment • You can request your GP record formally by making a subject access request under the Data Protection Act (1998)

16. What personal information will you remove from my records so it becomes anonymous information that can be shared?
We remove information that identifies you before we share it as anonymous information.

17. Are there times when you could be required to share my personal information with the authorities?
Yes. We may be required to share your personal information without your consent e.g. in a medical emergency or where we are required to do so by law (as is already the case).

18. Will you share my personal information with my employer or my insurance company?
No. The only way your employer or your insurance company can see your personal information is to ask you for your written consent.

19. Will you sell my personal information to anyone?
No. Your GP practice or any organisation that signed the ISA will not be able to sell your personal information to any other organisation or person.

20. How can I complain about errors in my personal information? Or how my personal information was collected or shared to support my care?
The first thing is to raise your concern with the healthcare provider who created your personal information. This may be your GP or another organisation providing you with care. They will take immediate action to deal with your concern. If you are not satisfied with their response you can contact the Information Commissioner’s Office.

21. Who is responsible for correcting factual errors?
The organisation that created your personal information is responsible for correcting factual errors. You have a right under the Data Protection Act 1988 to have it changed or removed from your record.
However, if the information is correct and you do not agree with it you have the right to insert your disagreement with your specific personal information.

22. How can I complain about mistakes made about my care because of incorrect information?
The first thing is to raise your concern with the GP practice or the care provider who you think made a mistake about your care. This may be your GP or other organisation providing you with care. They will take immediate action to deal with your concern.

23. How are people with learning disabilities, dementia or who lack capacity able to make an informed choice about sharing personal information?
GPs and professionals have policies and procedures to support people with learning disabilities, dementia or who lack capacity to say yes or no to sharing personal information. They are responsible for making sure consent from anyone who lacks capacity is recorded appropriately and personal information shared lawfully under the Data Protection Act 1998.

24. How can I find out more about sharing information?
• We will have posters at providers who have signed legally binding agreements to keep your personal information secure.
• We will update our posters and leaflets when there are changes about sharing information.
• You can ask the GP or your health professional for more information.
• You can look at updates on your CCG website

Frequently Asked Questions about sharing anonymous information.

25. What is anonymous information?
Anonymous information is information, data and analysis taken from Ascroft Medical records held by health and social care providers. The information taken from your records will be factual information from the read-codes in the medical record.

26. Who will use my anonymous information?
• Commissioners to help them buy the right services in the right place for patients to meet the needs of the local population

• Providers to help them deliver services to meet the needs of their patients

• Professionals collect information about patient experience to:

  • improve services for all patients
  • reduce health inequality
  • protect the health of the public

It is not legal for any professional who does not provide care to you to see your personal information. They can only see anonymous information.

27. Can I say no to sharing anonymous information?
Yes. You can choose to say yes or no to sharing anonymous information. If you do not want to share anonymous information please tell your GP practice or care provider and they will make a note on your records. You can change your mind at any time.

29. If I have never used an NHS service or needed social care what information is in my medical record?
If you are registered with a GP practice and you have not used any NHS service or needed social care there will be no personal information on your record which will be marked “no activity”.

However, basic data on people not using health and social care services is useful anonymous information for commissioners and public health professionals responsible for health and wellbeing of the local population.

29. How can you make sure that I cannot be identified from anonymous information?
We have to remove patient identifiable data before we can share anonymous information with anyone.

30. Will you sell anonymous information to anyone?
No. Ascroft Medical will not allow anonymous information to be sold to drug companies or commercial research organisations.

31. Will you share anonymous information outside Ascroft Medical?
Yes. The Health and Social Care Information Centre (HSCIC) may ask Ascroft Medical for information to help the NHS plan and provide healthcare services for the whole of England.

32. How can I find out more about sharing anonymous information?

  • We will have posters at providers who have signed legally binding agreements to keep your personal information secure.

  • We will update our posters and leaflets when there are changes about sharing information.

  • You can ask the GP or your health professional for more information.

  • You can look at updates on your CCG website  

Glossary

Anonymous information is information about your care without the personal information that can identify you. It does not include any notes by the GP or other professionals. It cannot include any patient identifiable data. However, it may not always be technically possible to restrict or limit not sharing some of your anonymous information. If you want more information about your choices on sharing all, some or none of your anonymous information please discuss this with your GP or healthcare provider.

Benefits of sharing personal information
• You won’t need to repeat your medical history or social care information every time you meet someone new • You avoid unnecessary appointments and tests
• Your appointments are planned and test results shared.
• You can be more involved in decisions about your care to support your health and well being
• You can see your medical records and talk to your health professional about your treatment.
• Healthcare professionals have the right information at the right time
• Healthcare professionals know your personal choices for managing your health and well being
• If you need several organisations to work together to support your care; different professionals will be able to find relevant information outside their organisation when they need it.
• Sharing personal information helps multidisciplinary teams to co-ordinate your care to provide you with services agreed in your care plan.

Care plan and Care Planning
Patients and carers with several long term health conditions and need several professionals to provide care may be eligible for a care plan. When the GP refers you for an assessment you will be asked if you are happy to share personal information for your care plan. Your care plan records details about your care between you and your GP who coordinates health and social care services for you.

Care planning includes collecting and sharing personal information about
• you and your goals for your health and well being
• your tests and treatment
for the conversation you have with your GP about your care plan.

Choices about sharing personal information:
You choose whether to share or not to share your personal information. You can also choose which healthcare organisations and their professionals see your personal information.

You can find out more about your choices
• When you register with a practice
• At the next appointment with your doctor
• When the GP or health/social care professional refers you to another service
• When the GP recommends you for a care plan to help coordinate your care

Data Protection Act 1998
The Data Protection Act controls how organisations, businesses or the government use your personal information.

There is no one person or organisation who is responsible for all of your data. Every organisation who offers you care and records personal information about you is responsible in law for the information they hold about you. See https://ico.org.uk/for-organisations/guide-todata-protection/key-definitions

Only the organisation who recorded your information and who holds that record can deal with any concerns about an inaccurate record and correct errors.
Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the UK without adequate protection
It also provides individuals with important individual rights, including the right to find out what personal information is held about them.

Details of your health and treatment include:
• Name, your age, contact details and next of kin.
• Details of your appointments, clinic visits etc
• Records about your health, illness, treatment and care
• Results of investigations, such as laboratory tests, x-rays, etc
• Information from other professionals involved in your care
• Where relevant social and mental health information
• Outcomes or benefits from your treatment or care plan

Direct care is where a health or social care professional provides services direct to you whether it is an appointment, treatment or diagnosis etc.

GP medical record: includes personal information held about you within the GP practice as well as personal information from a shared pool of patient data contributed by professionals outside the GP practice involved in providing care to you.

Health and Social Care Information Centre (HSCIC) is the national provider of information, data and IT systems for health and social care.

For more information:
Write to: Health and Social Care Information Centre (HSCIC)
1 Trevelyan Square, Boar Lane, Leeds, LS1 6AE
Phone: 0300 303 5678
Email: enquiries@hscic.gov.uk

Healthcare professional: includes a wide range of professionals providing care to you such as GPs (family doctors), hospital doctors and consultants, community and district nurses, practice nurses, physiotherapists, podiatrists, midwives, health visitors and therapists etc.

You may see your healthcare professional in a GP practice, an acute or local hospital, or in your own home etc depending on your circumstances.

Healthcare provider: is any organisation commissioned to provide care to you. They include GP practices, acute and local hospitals, mental health hospitals and centres etc. They may also include private companies, agencies, voluntary organisations or charities commissioned to provide care to you such as home care to promote your health and well being.

Individual Rights under the Data Protection Act 1998
• Right of access – individuals have a right to know what personal information organisations hold about them on a computer or in certain filing systems. Individuals can submit a Subject Access Request to see or have a copy of this information. This could include their medical record, files kept by public bodies, or financial information held by credit reference agencies.
• Right to prevent direct marketing – individuals have the right to object to their personal information being used to target them with unwanted marketing.

Information Commissioners Office (ICO) is responsible for monitoring and enforcing the Data Protection Act 1998. If you are not happy with the way your personal information is managed contact the ICO.
Write to:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Call the helpline: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Email: casework@ico.org.uk (If writing or emailing, please include a contact telephone number)

Information Sharing Agreement (ISA) is a legal document that must be signed by every organisation with professionals that processes or looks at personal information to support your care. It defines legal arrangements for processing patient identifiable information to keep them confidential, safe and secure.
Integrated Care Record (ICR) is personal information in a shared pool of patient data contributed by different professionals and services involved in providing care to you. When specific personal information is removed it becomes anonymous information shared with commissioners, providers, public health professionals to support health and wellbeing of patients.

Mistakes made about my care
If mistakes are made because of incorrect information: The first thing to do is to contact your practice or the relevant care provider and make a complaint about mistakes about your care.

When a GP or a hospital refers you for care co-ordination you will be asked if you are happy to share personal information to support your care.

Complaints procedure
If you're not happy with the care or treatment you've received or you've been refused treatment for a condition, you have the right to complain, have your complaint investigated, and be given a full and prompt reply. See our complaint policy.

Outcomes are changes to your life such as
• Your health and well being
• Your quality of life after treatment or care when living with a disability or long term health condition
• Your quality of life after recovering from ill health or injury
• Your experience of treatment or care
• Your experience of safe and harm free treatment or care

Patient identifiable data is confidential personal information about identified or identifiable individuals and includes dead as well as living people. Examples of identifiable data are:
• Your name and address;
• Local patient identifier
• Date of birth
• Post code

Personal information for your care plan shared with your consent includes details about
• You, your health and lifestyle
• barriers to your good health and independent living
• feedback on your most recent tests, assessments, medication and services already provided
• your goals and what you want to achieve next
• providers who will provide agreed health and social care services to you
• Who to contact in an emergency/crisis or if things go wrong
• Your wishes for end of life care

Personal information in the GP record includes
• Patient Number your age, contact details
• Details of your appointments, clinic visits etc
• Records about your health, illness, treatment and care
• Results of investigations, such as laboratory tests, x-rays, etc
• Information from other professionals involved in your care
• Where relevant social and mental health information
• Outcomes or benefits from your treatment or care plan

Problems when personal information is not shared
Your health professional may not always have the most up to date information about you. Mistakes may be made because your information is not joined up. This might delay your treatment or repeating your tests more than once unnecessarily. You may need to repeat to more than one person details about your
• blood tests or investigations which have already been done
• medical history
• allergies
• medicine you are taking

Risks of sharing personal information
There may be a risk with:
• sensitive information being shared that you would prefer to keep private. If you are worried about sharing sensitive information please have a conversation with your GP or care professional supporting your care.
• Professionals sharing information that they should not share. If this happens then you should contact the Health and Social Care Information Centre (HSCIC) or start an official complaint.

Role based access is where professionals see personal information relevant to their job.

Rules on how and who is allowed to see your personal information Safe and appropriate sharing of personal information to benefit individual patients will normally be the rule. Professionals who need to see your personal information as part of their job must:
• have consent from you to look at information about the care you get from other organisations.
• take responsibility for accurately recording your personal information and your choices about sharing information.
• work for organisations who comply with the Information Sharing Agreement (ISA) policies and procedures on sharing personal information.
• have training on Information Governance to keep personal information secure, and to manage them respectfully and confidentially.
• have role based access to your personal information with login and password to their accounts

Safeguarding
People at risk of harm may need safeguarding help. They include:
• elderly and frail people living on their own in the community, or without much family support in care homes.
• people with physical or learning disabilities
• people with mental health conditions
• children at risk of harm

Health and social care professionals have a duty to protect people who need safeguarding help. They also have responsibility for ensuring that high quality, safe services and support are provided.

Sensitive information is personal information or your previous history you may not want shared. Examples include an abortion, abuse by other people, convictions, domestic violence, gender re-assignment, HIV/AIDS, imprisonment, IVF treatment, marital status, mental health issues, rape, sexually transmitted infections and whether you made a complaint.

If you have sensitive information you do not want shared please discuss this with your doctor.

Sharing your personal information without your consent Some personal information can be shared without your consent:
• In a medical emergency or where there is risk of serious harm to you or other people.
• Where there is a legal requirement to share information such as prevention or investigation of serious crimes; control of infectious disease, notification of a birth.
• Where the courts have made a formal court order. If personal information is shared without your consent in a medical emergency, this triggers an alert. An alert means that the Caldicott Guardian in the healthcare organisation investigates the process where personal information was shared without your consent in a medical emergency

Subject access request
A subject access request asks for details of information held about you.

For more details see
http://ico.org.uk/for_the_public/personal_information

If you want to make a subject access request, contact the practice manager at your surgery. For personal information we hold about you we will:
• give you a description of it
• tell you why we are holding it
• tell you who it is shared with
• give you a copy of the information in an intelligible form

If you are not satisfied with our response you can contact the
Information Commissioner’s Office
Summary Care Record (SCR)
Summary Care Record (SCR)

The SCR includes personal information about
• medicines you are taking
• allergies where you had bad reactions to medicines you took previously.


Reviewed: 23/09/2018