GDPR stands for General Data Protection Regulations and is a new European Directive. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
What does this mean for patients?
The change in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things including recording certain information about you for your clinical records. Individuals have the right to withdraw consent at any time.
- Data must be processed lawfully, fairly and transparently
- It must be collected for a specific, explicit and legitimate purpose
- It must be limited to what is necessary for the purposes for which it is processed
- Information must be accurate and kept up to date
- Data must be held securely
- It can only be retained for as long as necessary for the reasons it was collected
There are also stronger rights for patients regarding the information that practices/organisations hold about them including:
- Being informed about how data is used
- Patients having access to their own data
- Patients can request to have incorrect information changed
- Patients can restrict how their data is used
- Patients can move their data from one health organisation to another
- The right to object to patient information being processed (in certain circumstances)
For more information about specific policies and notices please see the information below: