Covid-19 and Your Information

 

BACK TO MAIN INDEX

 

Version 3 updated on 07.10.2020

Supplementary privacy note on Covid-19 for patients using GP Surgeries based in Kent and Medway

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is available [Practices please include a link to your main privacy pages here].

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is available 

The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information including contact details to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law, the Secretary of State has required NHS Digital; NHS England and Improvement; Arm’s Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. 

Further information is available on gov.uk and some FAQs on this law are available here. During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information.  This includes National Data Opt-outs.  However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply.  It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the contact details we have to send public health messages to you, either by phone, text or email.

During this period of emergency we may offer you a consultation via telephone or video-conferencing and within Kent and Medway CCG we are using AccuRx. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak.  Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.  

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves.  All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you.  Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

GP Data for Planning and Research Programme: GP data has a crucial role to play in research and planning which can improve public health, but it is important for patients and the public that this data is made available for appropriate purposes in a secure and trusted manner. This programme is a planned replacement for the GP Extraction Service (GPES) currently used to collect data for planning and research from general practices in England.

It is a legal obligation for the practice to comply with the Data Provision Notice ‘DPN’ for this programme as a result of a new direction from the secretary of state for health and social care as part of the Health and Care Act 2012. Once fully established, this new collection will replace multiple other data collections from general practices including the GPES in due course.

It is important to state that this new GPDPR programme is not a new processing of GP data in any way; what it does is to carry out an ongoing processing i.e. extraction of patients’ data by NHS Digital for planning and research purposes via a more efficient means. NHS Digital has set out that, whilst general practice will still retain data controllership over patient records within their practice, once data has been extracted from patient records and shared with NHS Digital, NHS Digital will be the responsible and accountable data controller under the UK GDPR for data access and dissemination for planning and research. Full details on the processing of patients’ data for this programme can be found in the NHS Digital’ privacy notice here

 

NHS Test and Trace COVID-19 App

From 26th September 2020, everyone over the age of 16 who is registered with a GP in England, and has provided an email address or phone number to the NHS, will receive an email or SMS asking them to download the NHS COVID-19 app.

  • Emails will come from NHS Test and Trace COVID-19 App with ‘Public Health Message: NHS COVID-19 App’ as the subject.
  • Text messages will come from NHStracing and begin with ‘This is a public health message from NHS Test and Trace.'

Read more on gov.uk about what the messages will look like.

The message is deemed to be an essential part of dealing with a public health emergency. It is being done to help inform and encourage the use of the NHS COVID-19 app, a new tool which will help users to protect their own health, and the health of those they care about. The Secretary of State decided that sending emails and text messages to individuals is a necessary and proportionate approach.

The contact details data came from the central NHS database which stores demographic information, called PDS. The Secretary of State asked NHS Digital to use the mobile phone numbers and emails for registered patients over the age of 16, so that the public health message could be sent. Whenever there is a request to use NHS data, an assessment is made to ensure that it is legal and safe to do so. The current DPIA is available on the government website

Email addresses and phone numbers are used by NHS Digital as a Processor (and Gov Notify as a Sub-Processor) on behalf of Department of Health and Social Care (DHSC) to send the messages. DHSC will not receive patients’ contact details data directly. Gov Notify will receive phone numbers to send text messages on behalf of NHS Digital.

Read more about how we protect your data and privacy in the NHS Test and Trace privacy notice.

Beware of scams: The contact-tracing service will only call you from 0300 013 5000 or send you a text message or email from ‘NHStracing’. You will never be asked to dial a premium rate number, make a payment, provide your bank details, or provide other personal information such as your social media identities or login details.

If you have feedback or questions please contact us through our online webform

The COPI Regulations is valid until 31st March 2021, so in effect this COVID privacy notice is valid until then or until any other time when the COPI Regulations is no longer in effect. We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.