Please see the attached Documents regarding our Policy for Private Non-NHS Referrals.
Policy for Private Non-NHS Referrals Full Document PDF Only, [269KB]
Policy for Private Non-NHS Referrals Summary Document PDF, Only [111KB]
All Polices
Emergency Care Summary
There is a Central NHS Computer System called the Emergency Care Summary (ECS). The Emergency Care Summary is meant to help emergency doctors and nurses help you when you contact them when the surgery is closed. It will contain information on your medications and allergies.
Your information will be extracted from practices such as ours and held securely on central NHS databases.
As with all systems there are pros and cons to think about. When you speak to an emergency doctor you might overlook something that is important and if they have access to your medical record it might avoid mistakes or problems, although even then, you should be asked to give your consent each time a member of NHS Staff wishes to access your record, unless you are medically unable to do so.
On the other hand, you may have strong views about sharing your personal information and wish to keep your information at the level of this practice. If you don’t want an Emergency Care Summary to be made for you, tell your GP surgery. Don’t forget that if you do have an Emergency Care Summary, you will be asked if staff can look at it every time they need to. You don’t have to agree to this.
Sharing Your Medical Record
Increasingly, patient medical data is shared e.g. between GP surgeries and Community Team Nursing, in order to give clinicians access to the most up to date information when attending patients.
The systems we operate require that any sharing of medical information is consented to by patients beforehand.
Patients must consent to sharing of the data held by a health provider out to other health providers and must also consent to which of the other providers can access their data, e.g. it may be necessary to share data held in GP practices with district nurses but the local podiatry department would not need to see it to undertake their work. In this case, patients would allow the surgery to share their data, they would allow the district nurses to access it but they would not allow access by the podiatry department. In this way access to patient data is under patients’ control and can be shared on a ‘need to know’ basis.
NHS Constitution
View the NHS Constitution here.
Zero Tolerance Policy
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.
Training Policy
GPs In Training
Our practice is approved to train fully qualified doctors who wish to specialise in general practice. Our GP registrar will have had 2-4 years of experience as a qualified hospital doctor working in various specialities. They consult patients on their own, under the mentorship of our trainers, Dr Durrant, Dr Stephenson and Dr Watson. Occasionally, we ask permission to video a consultation.
You will always be asked in advance and are given the option not to take part, and this will not affect your care in any way. No recording will be taken without your consent and the camera will be switched off on request. These videos are used only for educational purposes with the doctor doing the consultation and are destroyed after use.
Dr Michael Murray, Dr Malyha Lending and Dr Nichola Coleman are currently GP registrars at the practice.
Medical Students
Medical students are sometimes attached to the practice for 2 – 3 weeks as part of their training. If you do not wish a student to be present during your consultation, please inform the receptionist.
Summary Care Record
Your patient record is held securely and confidentially on the electronic system at your GP practice. If you require treatment in another NHS healthcare setting such as an Emergency Department or Minor Injury Unit, those treating you would be better able to give you appropriate care if some of the information from the GP practice were available to them.
This information can now be shared electronically via: The Summary Care Record, used nationally across England
The information will be used only by authorised health care professionals directly involved in your care. Your permission will be asked before the information is accessed, unless the clinician is unable to ask you and there is a clinical reason for access.
If you would like to opt out, please ask reception for our opt out form.
A parent or guardian can request to opt out children under 16 but ultimately it is the GP’s decision whether to create the records or not, because of their duty of care to the child. If you are the parent or guardian of a child under 16 and feel that they are able to understand, then you should make this information available to them.
Who Has Access?
Across all health care settings, including urgent care, community care and outpatient departments in England.
Information Source
GP record
Content
- Your current medications
- Any allergies you have
- Any bad reactions you have had to medicines
- Additional information (upon request to your GP)
For more information visit: Home – NHS Digital
Complaint Policy
Want to make a suggestion?
Your comments and suggestions are important to us.
Please use the form below detailing the suggestion/comment, we will aim to get back to you as soon as possible.
Want to make a complaint?
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint, please use the form below and the practice manager will deal with your concerns appropriately.
Complaints Form
Privacy Policy
Patients Privacy Notice
Rowden Surgery is a well-established GP Practice. Our General Practitioners and allied healthcare professionals provide primary medical care services to our practice population and are supported by our administrative and managerial team in providing care for patients.
This privacy notice explains how we as a data controller use any personal information, we collect about you as a patient of health care services provided by Rowden Surgery.
Why do we collect your personal information?
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare and help us to protect your safety.
We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form. The records will include both personal and special categories of data about your health and wellbeing.
What types of personal information do we collect about you?
We may collect the following types of personal information:
- Your name, address, email address, telephone number and other contact information
- Gender, NHS Number and date of birth and sexual orientation
- Details of family members and next of kin details
- Health (Medical) information, including information relating to your sex life
- Details of any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments and telephone calls.
- Results of investigations such as laboratory tests or x-rays
- Biometric data
- Genetic information
How will we use the personal information we collect about you?
We may use your personal information in the following ways:
- To help us assess your needs and identify and provide you with the health and social care that you require
- To determine the best location to provide the care you require
- To comply with our legal and regulatory obligations
- To help us monitor and manage our services
- To support medical research
Patient Centred Care | Cherish ‘Team Rowden’ | Embrace Diversity | Exemplify Our Values | Improve the Future NHS
Text (SMS) messages
If you have provided your mobile telephone number, we may use this to send automatic appointment reminders, requests to complete surveys or to make you aware of services provided by the surgery that we feel will be to your benefit. If you do not wish to receive these text messages, please let the reception team know.
Call recording
Recordings of calls made and received by Rowden Surgery may be used to support the learning and development of our staff and to improve the service we provide to our patients.
They may also be used when reviewing incidents, compliments, or complaints.
Call recordings will be managed in the same way as all other personal information processed by us and in line with current data protection legislation.
Data processors
We may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how they will handle patient information and ensures they treat any information in line with the General Data Protection Regulation, confidentiality, privacy law, and any other laws that apply.
How will we share your personal information?
We may share your personal information with other health and social care professionals and members of their care teams to support your ongoing health and or social care and achieve the best possible outcome for you. This may include:
- Primary Care Network
Rowden Surgery is a member of the Chippenham Corsham and Box Primary Care Network (PCN) so you may be contacted by or treated by one of the other practices within the PCN. In order to support and provide healthcare services to you, they will require access to your patient record.
- Patient Referrals
With your agreement, we may refer you to other services and healthcare providers for services not provided by Rowden Surgery.
- Other Providers of Healthcare
We will share your information with other providers of healthcare services to enable them to support us in providing you with direct healthcare. This may include NHS organisations or private companies providing healthcare services for the NHS.
- Care Homes or Social Care Services
Sometimes the clinicians caring for you may need to share some of your information with others who are also supporting you outside of the practice.
- Local Authority
The local authority (council) provides health or social care services or assists us in providing direct healthcare services to you. We will share your personal information with them to enable this to take place.
- Safeguarding
We will share your personal information with the safeguarding teams of other health and social care providers where there is a need to assess and evaluate any safeguarding concerns. Your personal information will only be shared for this reason when it is required for the safety of the individuals concerned.
- Summary Care Record (SCR)
Your Summary Care Record is an electronic record of important patient information created from the GP medical records. It contains information about medications, allergies and any bad reactions to medications in the past. It can be seen by staff in other areas of the health and care system involved in your direct care.
During the height of the pandemic changes were made to the Summary Care Record (SCR) to make additional patient information available to all appropriate clinicians when and where they needed it, to support direct patients care, leading to improvements in both care and outcomes.
These changes to the SCR will remain in place unless you decide otherwise.
Regardless of your past decisions about your Summary Care Record preferences, you will still have the same options that you currently have in place to opt out of having a Summary Care Record, including the opportunity to opt-back in to having a Summary Care Record or opt back in to allow sharing of Additional Information. Further details about the SCR and your choices can be found here:
https://digital.nhs.uk/services/summary–care–records–scr/summary–care–record–supplementarytransparency–notice
- Integrated Care Records (ICR)
Bath and North East Somerset, Swindon and Wiltshire Integrated Care Record (BSW ICR) is a digital care record system for sharing information in Bath and North East Somerset, Swindon and Wiltshire. It allows instant, secure access to your health and social care records for the professionals involved in your care.
Relevant information from your digital records is shared with people who look after you. This gives them up-to-date information making your care safer and more efficient. Rowden Surgery uses the system in the following way [delete the one not relevant]:
- We can access your data stored within the system
- We can access your data stored within the system and provide relevant information about you and your health.
Further details about the ICR can be found here:
https://bsw.icb.nhs.uk/your–health/your–care–record/
- GP Connect
We use a facility called GP Connect to support your direct care. GP Connect makes patient information available to all appropriate clinicians when and where they need it, to support direct patients care, leading to improvements in both care and outcomes. GP Connect is not used for any purpose other than direct care.
Authorised Clinicians such as GPs, NHS 111 Clinicians, Care Home Nurses (if you are in a Care Home), Secondary Care Trusts, Social Care Clinicians are able to access the GP records of the patients they are treating via a secure NHS Digital service called GP connect.
The NHS 111 service (and other services) will be able to book appointments for patients at GP practices and other local services.
Further details about GP Connect are available here: https://digital.nhs.uk/services/gpconnect/gp–connect–in–your–organisation/gp–connect–privacy–notice
- NHS Digital
In order to comply with its legal obligations this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012.This practice contributes to national clinical audits and will send the data, which are required by NHS Digital when the law allows. This may include demographic data, such as date of birth and information about your health, which is recorded in coded form. For example, the clinical code for diabetes or high blood pressure.
- National Services
There are some national services like the national Cancer Screening Programme that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cancer screening.
- OpenSAFELY Covid-19 Service
NHS England has been directed by the Government to establish and operate the OpenSAFELY service. This service provides a Trusted Research Environment that supports COVID-19 research and analysis.
Each GP practice remains the controller of its own patient data but is required to let researchers run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym, through OpenSAFELY.
Only researchers approved by NHS England are allowed to run these queries and they will not be able to access information that directly or indirectly identifies individuals. More information about OpenSAFELY can be found here:
https://digital.nhs.uk/coronavirus/coronavirus–covid–19–response–information–governancehub/the–nhs–england–opensafely–covid–19–service–privacy–notice#further–information
- Risk Stratification
Risk Stratification, also known as ‘Health Risk Screening’, is a process that helps your GP determine whether you are at risk of any unplanned admission or sudden deterioration in health. By using information such as age, gender, diagnosis, and consideration of existing longterm conditions, medication history, patterns of attendance at hospital, admissions and periods of access to community care, your GP supported by the local Integrated Care Board (ICB) will be able to judge if you are likely to need more support and care from time to time, or if the right services are in place to support the local population’s needs.
As part of the automated Risk Stratification process your pseudonymised personal data (anything that can identify an individual is replaced with code) will be shared with the Bath, Northeast Somerset, Swindon and Wiltshire ICB.
You have the right to object to your information being used in this way. However, you should be aware that your objection may have a negative impact on the timely and proactive provision of your direct care. Further details about Risk Stratification can be found here: https://bswccg.nhs.uk/how–we–use–your–information
- Medical Research
With your consent, we will share information from medical records to support medical research when the law allows us to do so. For example, to learn more about why people get ill and what treatment might work best.
This is important because:
- The use of information from GP medical records is very useful in developing new treatments and medicines.
- Medical researchers use information from medical records to help answer important questions about illnesses and disease so that improvements can be made to the care and treatment patients receive.
We only share information with medical research organisations with your explicit consent or when the law allows. From time to time, we may ask other health care organisations or companies to process your data on our behalf to help provide you with the best possible care. Data will only be processed on the instructions of your GP as part of a written contract. All data processors will comply with data protection legislation.
Your personal data will be treated as strictly confidential but anonymised summary data may be collated for the purposes of reporting.
Any medical or health related personal information will be treated with confidence in line with the common law duty of confidentiality and the Confidentiality NHS Code of Practice.
We may be required to share information with organisations in order to comply with our legal and regulatory obligations. This may include:
- Care Quality Commission (CQC)
The CQC regulates health and care services to ensure that safe care is provided. The law requires that we must report certain serious events to the CQC, for example, when patient safety has been put at risk. Further information about the CQC can be found here:
- Public Health England
The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population. We will report the relevant information to local health protection team or Public Health England. Further information about Public Health England can be found here:
https://www.gov.uk/guidance/notifiable–diseases–and–causative–organisms–how–to–report
- Other NHS Organisations
Sometimes the practice will share information with other NHS organisations that do not directly care for you, such as the Integrated Care Board (ICB). However, this information will be anonymous and does not include anything written as notes by the GP and cannot be linked to you.
We will not share your information with organisations other than health and social care providers without your consent unless the law allows or requires us to.
Brave AI – Personalised Risk Assessment Tool
The South West digital neighbourhoods programme aims to transform the experience of the citizens we serve and the workforce we support by empowering integrated neighbourhood teams with the best use of digital technology and data, thereby providing the capabilities required to enable proactive care and prevent unplanned healthcare events.
We want to provide you with insight into how BRAVE AI is utilised across Primary Care Networks in Wiltshire and its potential impact on your healthcare. BRAVE AI serves as a clinical decision support tool, empowering clinicians to make well-informed decisions about individualised care plans. It’s essential to understand that the tool itself does not autonomously make decisions regarding interventions; instead, it assists healthcare professionals in their decision-making process.
BRAVE AI employs sophisticated computer algorithms to evaluate the complexity of each patient’s health needs within our practice. By assigning a score, it helps identify individuals at risk of deteriorating health, potentially necessitating hospitalisation. This innovative tool enhances our ability to recognise patients who may otherwise be overlooked, including those with borderline health indicators or infrequent medical interactions.
It’s crucial to emphasize that BRAVE AI does not utilise identifiable patient data. However, the provision of NHS numbers enables our practice to pinpoint individual patients who may benefit from interventions. Furthermore, all data processed by BRAVE AI is stored securely within NHS network servers, inaccessible from external sources. Confidential patient information is exclusively disclosed to clinical teams directly involved in patient care.
The primary objective of BRAVE AI is to promote preventive healthcare practices over reactive treatments. It facilitates proactive discussions with patients regarding their overall wellbeing, extending beyond mere medical concerns. These conversations may involve various healthcare professionals, including Health Coaches and nurses, in addition to GPs.
Should you have any questions or concerns regarding the processing of your data alongside BRAVE AI, we encourage you to contact us through the DPO listed below.
NHS National Data Opt-out
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected in a patient record for that service. Collecting this confidential patient information helps to ensure you get the best possible care and treatment.
The confidential patient information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care where allowed by law.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information, you do not need to do anything. If you choose to opt out your confidential patient information will still be used to support your individual care.
We do not share your confidential patient information for purposes beyond your individual care without your permission. When sharing data for planning and reporting purposes, we use anonymised data so that you cannot be identified in which case your confidential patient information isn’t required.
Information being used or shared for purposes beyond individual care does not include your confidential patient information being shared with insurance companies or used for marketing purposes and information would only be used in this way with your specific agreement
Health and care organisations that process confidential patient information have to put systems and processes in place so they can be compliant with the national data opt-out. They must respect and apply your opt-out preference if they want to use or share your confidential patient information for purposes beyond your individual care.
Rowden Surgery are currently compliant with the national data-out policy as we do not share your confidential patient information for purposes beyond your individual care without your permission.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your–nhs–data–matters
You can change your choice at any time.
SystmConnect
We use SystmConnect, provided by The Phoenix Partnership Ltd (TPP), to assist us in delivering healthcare services to our patients.
TPP will share your personal data with us if you require advice, an appointment or remote consultation.
Full details about how TPP will process your personal information can be found on their privacy notice here: SystmConnect–Privacy–Notice.pdf (tpp–uk.com)
How long do we keep your personal information?
We follow the Records Management Code of Practice for Health and Social Care 2021 records retention schedule published by the Information Governance Alliance for the Department of Health which states that electronic patient records should be retained for 10 years from the date of death. At that point, all personal data we hold on you will be securely deleted.
We keep recordings of our calls for up to 6 years.
Legal basis
We have been commissioned by the Bath and North East Summerset, Swindon and Wiltshire Integrated Care Board (ICB) to provide a GP surgery service and it is necessary for the performance of this task in the public interest for us to process your personal data.
We will use your special categories of personal data, such as that relating to your race, ethnic origin, and health for the purposes of providing you with health or social care or the management of health or social care systems and services. Such processing will only be carried out by a health or social work professional or by another person who owes a duty of confidentiality under legislation or a rule of law.
In some circumstances, we may process your personal information on the basis that:
- it is necessary to protect your vital interests;
- we are required to do so in order to comply with legal obligations to which we are subject;
- we are required to do so for the establishment, exercise or defence of a legal claim; or
- you have given us your explicit consent to do so.
Your rights
You have a right to:
- ask for a copy of the information we hold about you;
- correct inaccuracies in the information we hold about you
- withdraw any consent you have given to the use of your information;
- complain to the relevant supervisory authority in any jurisdiction about our use of your information
- in some circumstances:
- ask us to erase information we hold about you;
- request a copy of your personal data in an electronic format and require us to provide this information to a third party;
- ask us to restrict the use of information we hold about you; and o object to the use of information we hold about you.
You can exercise these rights by contacting us as detailed below.
Access to patient records through the NHS App
Your health record will also be accessible via the NHS App. Please visit the NHS Digital Access to Patient Records information page for more information: https://transform.england.nhs.uk/information–governance/guidance/access–to–patient–recordsthrough–the–nhs–app/#service_user
You have the right to stop your health record entries being displayed in the NHS App. Please contact your GP should you wish to do so.
Data Protection Officer
Our Data Protection Officer (DPO) function is provided by the Medvivo Data Protection Officer service.[JR1]
How to contact us
If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information then please contact our Practice Manager at:
Rowden Surgery, Rowden Hill, Chippenham, Wiltshire, SN15 2SB or email us at:
Rowden.surgery@nhs.net
All data protection queries will be initially dealt with by the practice data protection team and escalated to the Medvivo Data Protection Officer service if required. [JR2]
How to contact us
If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information then please contact our Data Protection Officer at:
Data Protection Officer:
Laura North Rowden.surgery@nhs.net
How to make a complaint
You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioners Office (ICO): https://ico.org.uk/concerns 0303 123 1113
Changes to our privacy notice
We keep our privacy notice under regular review, and we will place any updates on this webpage. This privacy notice was last updated on 24.4.2024.
IT Policy
This practice is committed to preserving, as far as is practical, the security of data used by our information systems. This means that we will take all reasonable actions to;
Maintain the Confidentiality of all data within the practice by:
- Ensuring that only authorised persons can gain access to our systems
- Not disclosing information to anyone who has no right to see it
Maintain the integrity of all data within the practice by:
- Taking care over input
- Ensuring that all changes are reported and monitored
- Checking that the correct record is on the screen before updating
- Reporting all apparent errors and ensuring that they are resolved
Maintain the availability of all data by:
- Ensuring that all equipment is protected from intruders
- Ensuring that backups are taken at regular, predetermined intervals
- Ensuring that contingency is provided for possible failure or equipment theft and that any such contingency plans are tested and kept up to date
Additionally we will take all reasonable measures to comply with our legal responsibilities under: