Your Data




Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive.  Your record may be in a paper format, electronic, or a mixture of both.  The record may include:

  • Basic details about you such as address and next of kin
  • Contact we have had with you, such as surgery or home visits
  • Letters about your health and any treatment you have received at NHS and private outpatient clinics
  • Hospital discharge letters following admission to hospital
  • Results of investigations, such as x-rays and laboratory tests
  • Relevant information from other health professionals or those who care for you and know you well. 

image depicting your data


We use your healthcare record to:

  • Give you care and treatment using accurate and up-to-date information.
  • Refer you to another healthcare provider, such as a hospital.  We will share relevant information with other healthcare staff so they can investigate and give you appropriate advice, treatment and care.
  • Check and review the quality of care you have received so that any concerns can be properly investigated.

To reduce the number of missed appointments we may use a patient reminder service which means you will receive a discrete text message a few days before your appointment. Please tell us if you wish to opt-out of this service.

We comply with current data protection and confidentiality law and have secure working practices to protect your data.  Anyone who receives data from us is also under a legal duty to keep it confidential.


We may share your data with:

  • Relevant healthcare professionals and staff in this healthcare centre and within the community
  • NHS Trusts, ambulance service
  • Out of hours services
  • Diagnostic and treatment centres
  • Other organisations involved in the provision of your care such as social services, local authorities, education authorities, voluntary sector providers, etc.
  • Health authorities, child health services.

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.

The lawful bases for processing your data for these purposes are Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of … the provision of health or social care or treatment or the management of health or social care systems and services...” 


Your data may also be used to:

  • Audit our services to (a) make sure our services can meet patient needs in the future and (b) review the care we provide to ensure it is of the highest standard
  • Teach and train healthcare professionals
  • Prepare statistics to review NHS performance and assess the needs of the general population
  • Make an Individual Funding Request on your behalf
  • Investigate complaints, legal claims or untoward incidents

We are required by law to report certain information to the appropriate authorities, for example notification of new births and notification of infectious diseases which may endanger the safety of others (not HIV or AIDS).

Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units and research institutions.

We may ask if we can use your identifiable data for research purposes but we will always check with you first and you do not need to agree to the request.

We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as at the request of a law court or to prevent fraud or a serious crime.  Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm. These circumstances are rare but we do not need your consent or agreement to do this.

We may have CCTV on our premises but this is usually managed by NHS Property Services.  Please ask us.



Under the powers of the Health and Social Care Act 2015, NHS Digital can extract data from GP Practices for specific purposes set out in law without seeking patient consent. Sometimes the data is anonymous and sometimes it is identifiable.  For example, we hold some data centrally for those with long term conditions, e.g. diabetes, and we contribute to national clinical audits to monitor the quality of the service provided to patients.  You may choose to opt-out from personal data being shared for these purposes. If you are happy for your data to be extracted then you do not need to do anything. If you do not want your data to be used beyond direct healthcare purposes you can choose to opt-out.  Please let us know so we can code your record appropriately.


How long do we keep your data?

GP healthcare records will be kept in line with the law and national guidance (Records Management Code of Practice for Health and Social Care 2016). Please ask us if you would like further details.


Your rights

You have the right to access your healthcare record and ask us to correct have any errors.  You can write to us or speak to a member of staff or look at our ‘subject access request’ policy on the practice website. Data portability: When you leave our surgery your electronic records are closed and cannot be accessed by our staff unless there are valid reasons.  Where available, your electronic data will be transferred securely via the GP to GP process. Your paper records will be sent back to the Primary Care Services England process for onward transportation to your new practice.


How you can help us to keep your healthcare record

  • Let us know when you change address, telephone number or name
  • Keep a note of your unique NHS number
  • Tell us if any information in your record is incorrect
  • Tell us if you change your mind about how we share the data we hold within your healthcare record
  • Let us know if you do not wish to receive appointment reminders on your mobile phone.

Who can I contact?

You can contact the Practice Manager who will be able to assist.

Our Data Protection Officer oversees compliance with this privacy notice and will help with any questions about the data we hold on you. Write to: The DPO, Malling Health Ltd, 10th Floor, 1 City Approach, Albert St, Eccles M30 0BG or telephone 0203 745 5505.

The Information Commissioner’s Office (ICO) is responsible for data protection issues in the UK. Write to: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephone 0303 123 1113.