About SPCL
Here you will learn more about us, our team, opportunities to join us and topical health news
This privacy notice explains why Southampton Primary Care Limited (SPCL) collects information about you, how we keep it safe and confidential and how that information may be used.
Addendum – 20th March 2020
Coronavirus (COVID-19) pandemic and your information
The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the Coronavirus (COVID-19) pandemic.
The ICO also recognise that ‘Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.’
The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a Notice under Regulation 3(4) of The Health Service (Control of Patient Information) Regulations 2002 requiring organisations such as GP Practices to use your information to help GP Practices and other healthcare organisations to respond to and deal with the COVID-19 pandemic.
In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non-clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the Covid-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease.
Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs.
The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 30th September 2020 unless a further extension is required. Any further extension will be will be provided in writing and we will communicate the same to you.
Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.
It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice.
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare.
We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The
records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as outcomes of needs assessments.
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously or elsewhere (e.g. NHS Hospital Trust, other GP Surgery, Out of Hours GP Centre, A&E, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
Records which we may hold about you may include the following:
All your GP NHS health records are kept electronically. Our GP records database is hosted by TPP SystmOne and EMIS, who are acting as data processors, and all information is stored on their secure servers in Leeds, is protected by appropriate security, and access is restricted to authorised personnel.
Your records may also be stored in Sharepoint (Azure), within NHS Digital and all information is stored on their secure UK server in either Durham, London or Cardiff, and is protected by appropriate security, and access is restricted to authorised personnel.
We also make sure that data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We only use your mobile number to text you, regarding matters of medical care, such as appointment reminders and (if appropriate) test results.
We maintain our duty of confidentiality to you always. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
Confidential patient data will be shared within the healthcare team in SPCL and with your registered practice. This includes nursing staff, admin staff, secretaries and receptionists, and with other healthcare professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality.
Details of who is authorised to access your GP record can be found on our website in Privacy Notices.
Referrals for specific health care purposes
We sometimes provide your information to other organisations for them to provide you with medical services. We will always inform you of such a referral and you always have the right not to be referred in this way.
Data Sharing Schemes
A number of data sharing schemes are active locally, enabling healthcare professionals outside of your registered practice to view information from your GP record, with your explicit consent, should that need arise. These schemes are as follows:
Details of these schemes, and of your right to opt-out of any or all of them, can be found in your registered practice.
SPCL information is sent back to your registered practice. We do not share data directly with any of these schemes.
Mandatory disclosures of information
We are sometimes legally obliged to disclose information about patients to relevant authorities. In these circumstances the minimum identifiable information that is essential to serve that legal purpose will be disclosed.
That organisation will also have a professional and contractual duty of confidentiality. Data will be anonymised if at all possible before disclosure if this would serve the purpose for which the data is required.
Organisations that we are sometimes obliged to release information to include:
Permissive disclosures of information
Only with your explicit consent, SPCL can release information about you, from your GP record, to relevant organisations. These may include:
Accessing your information on other databases
SPCL can access certain medical information about you, when relevant or necessary, that is held on other databases (i.e. under the control of another data controller). These include Southampton General Hospital databases and NHS Digital’s Open Exeter database. Accessing such information would only be for your direct medical care.
Research
SPCL sometimes undertakes accredited research projects. Where this involves accessing identifiable patient information, we will only do so with the explicit consent of the individual and Research Ethics Committee approval.
SPCL is not currently involved with other research projects such as the Clinical Practice Research Database or QResearch, and we do not permit secondary processing (e.g. for research, “analytics”, commissioning, commercial or political purposes) of our patients’ information uploaded to the Hampshire Health Record.
You have the right to opt-out (or object) to ways in which your information is shared, both for direct medical care purposes (such as the national NHS data sharing schemes), i.e. primary uses of your information, or for purposes other than your direct medical care – so-called secondary uses.
Details of these purposes, and how you can opt out, can be found on our website.
You have the right to access your own GP record. Details of how to do this can be found in your registered practice.
You can also sign up to have secure online access to your electronic GP record. Again, details of how to do this can be found on our website.
The Data Protection Act 1998 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
We are registered as a data controller and our registration can be viewed online in the public register at: http://ico.org.uk/what_we_cover/register_of_data_controllers
If you have concerns or are unhappy about any of our services, please contact the Complaints Manager. Details of how to complain are on our website, or available in hubs.
For independent advice about data protection, privacy, and data sharing issues, you can contact:
The Information Commissioner Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF
Phone: 08456 30 60 60
Website: www.ico.gov.uk
If you would like any further information about primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing or your medical records, then please do contact the organisation’s Information Governance Lead.
Data Protection Officer
Dr Ali Robins
© Southampton Primary Care 2025 | Registration number: 09332040
Website by Eldo™
