PRACTICE PRIVACY NOTICE

MERRIDALE MEDICAL CENTRE

How we use your information to provide you with healthcare

Merridale Medical Centre is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information, and your rights regarding your data.

We manage patient information in accordance with UK data protection law, including:

• Data Protection Act 2018
• UK General Data Protection Regulation (UK GDPR)
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality and Information Security

1. What Information We Collect

We collect and maintain records about your health and treatment, which may include:

• Personal details: name, address, date of birth, next of kin
• Contact information: phone numbers, email addresses
• Health records: consultations, diagnoses, test results, treatments, and care plans
• Relevant information from other healthcare professionals, relatives, or carers

This information may be held electronically, on paper, or a combination of both.

2. Purpose of Processing

The primary purpose of processing your data is to support patient care and improve efficiencies in our workflow. This includes:

• Direct care and treatment
• Appointment management and reminders (e.g., via SMS or phone)
• Risk stratification for patients with long-term conditions to prevent avoidable hospital admissions
• Clinical audits, quality monitoring, and research (with consent where required)
• Sharing information with other healthcare providers for your care

3. Lawful Basis for Processing

Under UK GDPR, we process your personal and health information based on the following legal grounds:

Article 6(1)(d) – Processing is necessary to protect the vital interests of the data subject or another person.
Article 9(2)(c) – Processing is necessary to protect the vital interests of the data subject where the data subject cannot give consent.
Article 9(2)(h) – Processing is necessary for the provision of health or social care, medical diagnosis, treatment, or management of health systems.

We also adhere to the Common Law Duty of Confidentiality, which ensures your information is handled responsibly.

4. How We Use Your Information

We use your information to:

• Provide healthcare and treatment
• Communicate with you regarding appointments, screening, or other health services
• Maintain accurate medical records
• Share information safely with other healthcare providers where necessary for your care

5. Sharing Your Information

We may share your data with:

• NHS Trusts, hospitals, and clinics
• Independent contractors (e.g., dentists, opticians, pharmacists)
• Private hospitals (e.g., Spire, Nuffield)
• Voluntary sector providers (with your consent)
• Ambulance services and emergency responders
• Clinical Commissioning Groups, social care, and local authorities (where relevant or with consent)
• Third-party providers under contract to support the delivery of care

We will never share your data with third parties for marketing purposes without your explicit consent.

6. Your Rights

You have the following rights under UK GDPR and the Common Law Duty of Confidentiality:

1. Right to Access and Correct: You can view the information we hold about you and request corrections if necessary. Medical records cannot be deleted except by court order.
2. Right to Object: You can object to some or all of your information being shared with third-party providers.
3. Advance Directives: You can place an “Advance Directive” in your records to guide how your data is used or shared with healthcare workers.
4. Right to Withdraw Consent: You can change your mind about previous choices regarding sharing your data.

To exercise any of these rights, please contact the practice in writing.

7. How We Keep Your Data Safe

We implement appropriate technical and organisational measures to keep your information confidential, secure, and accurate. Access is restricted to authorised staff on a need-to-know basis, and all staff receive regular training on data protection and confidentiality.

8. Mobile Phones and Electronic Communication

If you provide a mobile number or email, we may use it to:

• Send appointment reminders
• Provide health screening information
• Communicate directly about your care

You may opt out at any time by contacting the practice.

9. Our Website

• You can access our website without giving personal information.
• When you provide personal information (e.g., via forms), it is only used to respond to your requests.
• Our website does not use cookies.
• We are not responsible for the privacy practices of third-party sites linked from our website.

Website: http://www.merridalemedicalcentre.co.uk

10. Risk Stratification

We may collect and analyse de-identified information to identify patients at risk of emergency or urgent care. Risk scores are provided to your GP or care team. You have the right to opt out of this process at any time.

11. Updating Your Details

It is important to notify us if your personal details change, such as name, address, or date of birth, so that your records are accurate.

12. Data Controller

Merridale Medical Centre is the Data Controller responsible for keeping your information secure and confidential.
ICO Registration Number: Z5441916

 

Reviewed and updated- October 2025. 

---