How we use your data

Information about you and the care you receive is shared, in a secure system, by healthcare staff to support your treatment and care.

It is important that we, the NHS, can use this information to plan and improve services for all patients. We would like to link information from all the different places where you receive care, such as your GP, hospital and community service, to help us provide a full picture. This will allow us to compare the care you received in one area against the care you received in another, so we can see what has worked best.

Information such as your postcode and NHS number, but not your name, will be used to link your records in a secure system, so your identity is protected. Information which does not reveal your identity can then be used by others, such as researchers and those planning health services, to make sure we provide the best care possible for everyone.

Summary Care Record

Summary Care Record (SCR) is a national database that holds electronic records of important patient information such as current medication, allergies and details of any previous bad reactions to medicines, created from GP medical records. It can be seen and used by authorised staff in other areas of the health and care system involved in the patient’s direct care.

If you are happy for your information to be used in this way you do not have to do anything. If you have any concerns or wish to prevent this from happening.

For more information, please visit NHS Digital: Summary Care Record – NHS Digital

National Data Opt-out

The national data opt-out allows a patient to choose if they do not want their confidential patient information to be used for purposes beyond their individual care and treatment – for research and planning. Patients, or people acting for them by proxy, have control over setting or changing their own opt-out choice, and can change their mind at any time.

For more information regarding this, please visit the Digital NHS Website: National data opt-out – NHS Digital

Virtual Consultations

We are pleased to be offering new ways of consulting without patients including video consultations and PATCHs. These are convenient ways for our patients to access healthcare and advice. The highest confidentiality and security standards are applied to ensure patient data acquired by these methods is always kept secure.

Photographs

You may send a photograph as part of your assessment in an email, as part of  PATCHs, or via text. This photograph will be put into your medical record and be protected under the Data Protection Act 2018. This means the picture will only be used for the purpose of your care and will be kept secure.

Please note the photograph may need to be process by administrative staff members and may need to be assessed by another clinician other than who you may have specified, dependent on which doctor or nurse is on duty.

AccuRx

AccuRx is a new software enabling a Practice to communicate with patients via SMS. Messages are sent regarding appointment bookings, health advice, blood results and other administrative matters

As part of the commitment to more personalised care for patients, NHS Employers and the General Practitioners Committee of the British Medical Association have agreed that all patients will have a named accountable GP.

The ‘Named’ GP will:

• Take lead responsibility for ensuring that all appropriate services required under the contract with the practice are delivered to you
• Where required, based on the professional judgement of the ‘named’ GP, work with relevant associated health and social care professionals to deliver a multidisciplinary care package that meets your needs.
• Ensure that your physical and psychological needs are recognised and responded to by the relevant clinicians in the practice
• Ensure that patients over 75 years of age have access to a health check if requested, which is already a requirement of the GP contract regulations.

Cedars Medical Centre will ensure that there is a named accountable GP assigned to each patient.

New patients will be allocated a GP at the time of registration.

Your named accountable GP will be Dr Ritu Prasad however this does not affect your ability to see any GP of your choice as you currently do.

If you choose to see another doctor at the surgery, you are entirely free to go on doing so exactly as before.

A chaperone is someone who accompanies another person somewhere in order to make sure that they do not come to any harm.  The chaperone will be an impartial observer.  All patients are entitled to a chaperone to be present during any consultations, examination or procedure where they feel it is required.

This policy explains the role of a chaperone when they are present during consultations to provide support to the patient and to protect the healthcare professional against allegations of improper behaviour during such consultations.

Click here for more information.

Read/Download out Complaints Leaflet

If you have a complaint or concern about the service you have received from a doctor or any member of staff working at Cedars Medical Centre, please let us know. We operate a Practice Complaints Procedure as part of the NHS system, which meets the national criteria.

If you are complaining on behalf of someone else, please note that we adhere to strict rules of medical confidentiality and will not be able to act on this complaint without the patient’s permission on a signed and dated consent letter.

If the complaint is regarding a deceased patient, the practice will proceed with an investigation.

Ideally you need to make your complaint as soon as possible, but ideally within six months of the incident that caused the problem or within six months of discovering that you have a problem. This will enable us to gather all the information whilst still fresh.

The Procedure

We aim to sort out most problems easily and quickly and often at the time that they arise. If your problem cannot be sorted immediately and you wish to make a complaint, we would like you to let us know in writing as soon as possible.

All complaints should be addressed to the Practice Manager at the Practice, who will ensure that your complaint is dealt with promptly.

What we will do

We will acknowledge your complaint within three working days of receipt. We aim to have looked into the matter within ten working days, although this will be determined by the complexity of the complaint and access to those involved. It is our intention then to be in a position to offer you a response or a meeting with the people involved or, if there is to be a delay in responding (for instance, due to staff absences or a third party not directly employed by practice), to keep you updated of the progress of your complaint.

When we look into your complaint we will aim to:

• Investigate the problem with all members of staff concerned

• Notify you of the outcome of the investigation with a satisfactory explanation

• Identify the problem with a view to improving the service we offer to our patients

We hope that you will use the Cedars Medical Centre Complaints Procedure so that we are able to resolve the problem and have the opportunity to improve our service to you, but if you choose not to contact us you can approach NHS England direct at [email protected] or on 0113 254 5000

If neither body helps resolve the issue, you have the right to approach the Ombudsman on 0345 015 4033 and at [email protected]

The Care Quality Commission is always interested in both issues and outcomes. Details can be forwarded to [email protected] though please be aware they are not involved in the resolution process.

Contact Details – Telephone no 020 8429 9595

• Jane England – Complaints Coordinator
• Mohammed Anis – Practice Manager
• Contact us online

View Our Infection Control Statement for 2023

All GP Practices are required to declare mean earnings (i.e. average pay) for GPs working to deliver NHS services to patients at each practice.

The average pay for GPs working in the practice of Cedars Medical Centre in the last financial year was £17,531 before tax and National Insurance.

This is for 2 full time GPs, 3 part time GPs and 1 Locum GPs who worked in the practice for more than six months.

Cedars Medical Centre

Data Privacy Policy – External

When Cedars Medical Centre processes your personal data, it is required to comply with the Data Protection Act 2018 (“DPA”) and the UK GDPR (the DPA and UK GDPR are together referred to as the “Data Protection Legislation”). Your personal data includes all the information we hold that identifies you or is about you, for example, your name, email address, postal address, date of birth, location data and in some cases opinions that we document about you; as well as special categories of data, including but not limited to, medical and health records, care plans and information about your religious beliefs, ethnic origin and race, sexual orientation and political views.

Everything we do with your personal data counts as processing it – including collecting, storing, amending, transferring and deleting it. We are, therefore, required to comply with the Data Protection Legislation to make sure that your information is properly protected and used appropriately. This data privacy policy provides information about the personal data we process, why we process it and how we process it.

Our responsibilities

Cedars Medical Centre is the data controller of the personal data you provide. We have appointed Dr Ritu Prasad – Data Controller as Data Protection Officer and they will have day to day responsibility for ensuring that we comply with the Data Protection Legislation and for dealing with any requests we receive from individuals exercising their rights under the Data Protection Legislation.

What personal data do we process about you?

We process your personal data in order to provide you with the services you have requested, to fulfil the contract we have entered into with you and/or to receive services or goods from you. We may also process your personal data to respond to any queries or comments you submit to us and to correspond with you on a day-to-day basis Cedars Medical Centre may feel it is more appropriate to use more than one data privacy policy for non-employees].

We may need personal data from you to be able to provide services to you, to meet our legal obligations, to enter into a contract with you and/or to provide you with all the information you need. If we do not receive the personal data from you, we may be unable to fulfil our obligations to you.

More information about the personal data we process is set out below:

• [Patients]

[Personal data that we may process about you (depending on the extent of the information you have provided to us) includes:

• Identity data such as your first name, middle names, last name, marital status, title, date of birth and gender
• Contact data such as your address, email address and telephone numbers
• Financial data including your bank account and payment card details
• Special categories of data including information about your medical background and health and diversity/equality information such as your race and ethnicity]

We process most of your information on the grounds of consent from you, legitimate interests, performance of a contract we have entered into with you, protection of the vital interests of a Data Subject or, in the case of special categories of data, processing for the provision of health or social care or treatment or the management of health or social care systems or services.

• [Suppliers]

[Personal data that we may process about you includes:

• Identity data such as your first name, middle names, last name, marital status, title, date of birth and gender
• Contact data such as your billing address and delivery address (whether residential or your company address), email address and telephone numbers
• Financial data including your bank account and payment card details (except to the extent the financial information is company rather than personal information); and
• Transaction data including details about payments made to you (where you are an individual)]

We process most of your information on the grounds of our legitimate interests (including a business relationship with you or the company for which you work) and fulfilment of our contract with you (where you are an individual). Any information we process about the company for which you work rather than you as an individual is not covered by this data privacy policy.

• [Candidates]

[Personal data that we are likely to process about you includes:

• Identity data such as your first name, middle names, last name, marital status, title, date of birth and gender
• Contact data such as your postal address, email address and telephone numbers
• Background data such as your education, career background and work experience
• Personal information such as your skills and qualities
• Any other information that you include on any CV, application or covering letter you send to If this information includes special categories of data we will process that information on the grounds of consent, because you have chosen to provide it to us.]

We process most of your information on the grounds of our legitimate interests to determine whether or not we have a suitable vacancy for you.

If we obtain consent from you to the processing of your personal data, you can withdraw your consent at any time. This will not affect the lawfulness of any processing we carried out prior to you withdrawing your consent.

Who will receive your personal data?

Please note – although the UK is no longer part of the EU, we still comply with the following:

We only transfer your personal data to the extent we need to. Recipients of your personal data include:

We do not transfer your personal data outside of the EEA. [If Cedars Medical Centre transfers personal data outside of the EEA, delete this sentence and include the paragraph below instead].

We may transfer your personal data outside of the EEA to [name of recipient of data outside EEA]. [A finding of adequacy has been made in respect of [relevant country], which means the EU Commission is satisfied that any data transferred to [relevant country] will be adequately protected]. [We will transfer your personal data on the basis of a data transfer agreement that incorporates EU model clauses. The EU model clauses mean that appropriate safeguards will govern the transfer of the data]. [We will transfer your personal data on the basis of an intragroup agreement, which includes appropriate safeguards to protect your personal data]. [This paragraph should be included if Cedars Medical Centre transfers personal data outside the EEA. There are a number of optional clauses within this paragraph. Cedars Medical Centre will need to consider the location of the recipient and the grounds on which personal data is transferred and update this paragraph accordingly].

How long will we keep your personal data?

We will retain your personal data for [confirm retention period – there must be valid reasons to retain the personal data for the chosen period of time. Personal data must not be retained “just in case” it is needed in the future. Valid reasons may be, for example, 6 years in case a contract claim arises. Cedars Medical Centre may need to refer to numerous retention periods particularly if this policy covers a number of different types of individuals]. Your information will be kept securely at all times.

Following the end of the relevant retention period, your files and the personal data covered by the retention period will be permanently deleted or destroyed.

What are your rights?

You benefit from a number of rights in respect of the personal data we hold about you. We have summarised the rights which may be available to you below, depending on the grounds on which we process your data. More information is available from the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general- data-protection-regulation-gdpr/individual-rights/). These rights apply for the period in which we process your data.

1.  Access to your data

You have the right to ask us to confirm that we process your personal data, as well as having the right to request access to/copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this data privacy policy.

We will provide the information free of charge unless your request is manifestly unfounded, excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.

We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we will let you know.

2.  Rectification of your data

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it unless we do not feel it is appropriate, in which case we will let you know why. We will also let you know if we need more time to comply with your request.

3.  Right to be forgotten

In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:

• Where we no longer need your personal data for the purpose for which we collected it
• Where we have collected your personal data on the grounds of consent and you withdraw that consent
• Where you object to the processing and we do not have any overriding legitimate interests to continue processing the data
• Where we have unlawfully processed your personal data (i.e. we have failed to comply with UK GDPR); and
• Where the personal data has to be deleted to comply with a legal obligation

There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we will let you know.

4.  Right to restrict processing

In some circumstances, you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we do not have to delete it. This right is available to you:

• If you believe the personal data we hold is not accurate – we will cease processing it until we can verify its accuracy
• If you have objected to us processing the data – we will cease processing it until we have determined whether our legitimate interests override your objection
• If the processing is unlawful; or
• If we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim

5.  Data portability

You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies to personal data you provide to us:

• Where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
• Where we carry out the processing by automated means

We will respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we will let you know.

6.  Right to object

You are entitled to object to us processing your personal data:

• If the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority
• For direct marketing purposes (including profiling); and/or
• For the purposes of scientific or historical research and statistics

In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling, legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

Automated decision making

Automated decision making means making a decision solely by automated means without any human involvement. This would include, for example, an online credit reference check that makes a decision based on information you input without any human involvement. It would also include the use of an automated clocking-in system that automatically issues a warning if a person is late a certain number of times (without any input from HR, for example).

We do not carry out any automated decision making using your personal data. [If Cedars Medical Centre carries out automated decision making, delete this sentence and complete the section below].

We carry out the following types of automated decision making using your personal data: [If Cedars Medical Centre does not carry out automated decision making, delete this sentence and include the sentence above. If it does carry out automated decision making, provide further information here].

Your right to complain about our processing

If you think we have processed your personal data unlawfully or that we have not complied with UK GDPR, you can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website: https://ico.org.uk/concerns/.

Any questions?

If you have any questions or would like more information about the ways in which we process your data, please contact: The Practice Manager – Mohammed Anis via email: [email protected]

This information will be updated shortly.