Privacy Policy
PRACTICE PRIVACY NOTICE
MERRIDALE MEDICAL CENTRE
How we use your information to provide you with healthcare
Merridale Medical Centre is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information, and your rights regarding your data.
We manage patient information in accordance with UK data protection law, including:
- Data Protection Act 2018
- UK General Data Protection Regulation (UK GDPR)
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Codes of Confidentiality and Information Security
1. What Information We Collect
We collect and maintain records about your health and treatment, which may include:
- Personal details: name, address, date of birth, next of kin
- Contact information: phone numbers, email addresses
- Health records: consultations, diagnoses, test results, treatments, and care plans
- Relevant information from other healthcare professionals, relatives, or carers
This information may be held electronically, on paper, or a combination of both.
2. Purpose of Processing
The primary purpose of processing your data is to support patient care and improve efficiencies in our workflow. This includes:
- Direct care and treatment
- Appointment management and reminders (e.g., via SMS or phone)
- Risk stratification for patients with long-term conditions to prevent avoidable hospital admissions
- Clinical audits, quality monitoring, and research (with consent where required)
- Sharing information with other healthcare providers for your care
3. Lawful Basis for Processing
Under UK GDPR, we process your personal and health information based on the following legal grounds:
Article 6(1)(d) – Processing is necessary to protect the vital interests of the data subject or another person.
Article 9(2)(c) – Processing is necessary to protect the vital interests of the data subject where the data subject cannot give consent.
Article 9(2)(h) – Processing is necessary for the provision of health or social care, medical diagnosis, treatment, or management of health systems.
We also adhere to the Common Law Duty of Confidentiality, which ensures your information is handled responsibly.
4. How We Use Your Information
We use your information to:
- Provide healthcare and treatment
- Communicate with you regarding appointments, screening, or other health services
- Maintain accurate medical records
- Share information safely with other healthcare providers where necessary for your care
5. Sharing Your Information
We may share your data with:
- NHS Trusts, hospitals, and clinics
- Independent contractors (e.g., dentists, opticians, pharmacists)
- Private hospitals (e.g., Spire, Nuffield)
- Voluntary sector providers (with your consent)
- Ambulance services and emergency responders
- Clinical Commissioning Groups, social care, and local authorities (where relevant or with consent)
- Third-party providers under contract to support the delivery of care
We will never share your data with third parties for marketing purposes without your explicit consent.
6. Your Rights
You have the following rights under UK GDPR and the Common Law Duty of Confidentiality:
- Right to Access and Correct: You can view the information we hold about you and request corrections if necessary. Medical records cannot be deleted except by court order.
- Right to Object: You can object to some or all of your information being shared with third-party providers.
- Advance Directives: You can place an “Advance Directive” in your records to guide how your data is used or shared with healthcare workers.
- Right to Withdraw Consent: You can change your mind about previous choices regarding sharing your data.
To exercise any of these rights, please contact the practice in writing.
7. How We Keep Your Data Safe
We implement appropriate technical and organisational measures to keep your information confidential, secure, and accurate. Access is restricted to authorised staff on a need-to-know basis, and all staff receive regular training on data protection and confidentiality.
8. Mobile Phones and Electronic Communication
If you provide a mobile number or email, we may use it to:
- Send appointment reminders
- Provide health screening information
- Communicate directly about your care
You may opt out at any time by contacting the practice.
9. Our Website
- You can access our website without giving personal information.
- When you provide personal information (e.g., via forms), it is only used to respond to your requests.
- Our website does not use cookies.
- We are not responsible for the privacy practices of third-party sites linked from our website.
Website: http://www.merridalemedicalcentre.co.uk
10. Risk Stratification
We may collect and analyse de-identified information to identify patients at risk of emergency or urgent care. Risk scores are provided to your GP or care team. You have the right to opt out of this process at any time.
11. Updating Your Details
It is important to notify us if your personal details change, such as name, address, or date of birth, so that your records are accurate.
12. Data Controller
Merridale Medical Centre is the Data Controller responsible for keeping your information secure and confidential.
ICO Registration Number: Z5441916
Reviewed and updated- October 2025.
Page created: 04 August 2023