PRACTICE PRIVACY NOTICE

MERRIDALE MEDICAL CENTRE

How we use your information to provide you with healthcare

Merridale Medical Centre is committed to protecting your privacy and ensuring your personal information is handled safely and responsibly.

This Privacy Policy explains:

• What information we collect
• How we use and share your information
• How we keep your data secure
• Your rights regarding your personal data

We manage patient information in accordance with UK data protection law, including:

• Data Protection Act 2018
• UK General Data Protection Regulation (UK GDPR)
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality and Information Security

We collect and maintain information about your health and care, which may include:

• Personal details – name, address, date of birth, NHS number, next of kin
• Contact details – telephone numbers and email addresses
• Health information – consultations, diagnoses, test results, treatments, referrals, and care plans
• Information from others involved in your care – hospitals, community services, relatives, or carers

Your information may be held electronically, on paper, or a combination of both.

We use your information to:

• Provide direct healthcare, treatment, and advice
• Manage appointments and send reminders (e.g. SMS or phone calls)
• Maintain accurate and up-to-date medical records
• Support patients with long-term conditions
• Prevent avoidable hospital admissions through risk stratification
• Carry out clinical audit, quality monitoring, and approved research
• Share relevant information with other healthcare professionals involved in your care

 

 

Under UK GDPR, we process your personal and health information using the following lawful bases:

• Article 6(1)(d) – Processing necessary to protect vital interests
• Article 6(1)(e) – Processing necessary for tasks carried out in the public interest
• Article 9(2)(c) – Vital interests where consent cannot be given
• Article 9(2)(h) – Provision and management of health or social care
• Article 9(2)(i) – Public interest in public health

We also comply with the Common Law Duty of Confidentiality, ensuring your information is only used appropriately and lawfully.

We may share your information, where necessary and lawful, with:

• NHS Trusts, hospitals, and community services
• Other GP practices involved in your care
• Independent contractors (e.g. dentists, opticians, pharmacists)
• Private healthcare providers (e.g. Spire, Nuffield)
• Ambulance services and emergency responders
• Social care services and local authorities (where relevant)
• Voluntary sector organisations (with your consent)
• NHS-approved research and analytics platforms such as OpenSAFELY
• Third-party service providers under contract to support healthcare delivery

We never share your information for marketing purposes without your explicit consent.

Merridale Medical Centre supports health research and NHS service improvement through OpenSAFELY.

OpenSAFELY is a secure NHS data analytics platform that allows approved researchers to analyse patient data without the data leaving the GP practice’s secure system.

OpenSAFELY Protects Your Privacy

• Data is pseudonymised (identifying details such as name and address are removed)
• Researchers cannot see information that identifies you
• All activity is strictly controlled, logged, and audited
• Results are checked to ensure individuals cannot be identified

 

 

Why OpenSAFELY Is Used

OpenSAFELY helps the NHS to:

• Improve patient safety and quality of care
• Support population health planning
• Evaluate treatments and services
• Respond to public health emergencies

Your Choice

You can opt out of your data being used for research and planning (including OpenSAFELY) by:

• Registering a National Data Opt-Out, or
• Contacting the practice in writing

Opting out will not affect your direct care.

More information: https://www.opensafely.org

You have the following rights under UK GDPR and the Common Law Duty of Confidentiality:

• Right of Access – request a copy of the information we hold about you
• Right to Rectification – ask for incorrect information to be corrected
• Right to Object – object to certain uses or sharing of your information
• Right to Withdraw Consent – change your mind where consent is used
• Advance Directives – request restrictions on how your data is shared

Please note: medical records cannot be deleted except by court order.

To exercise your rights, please contact the practice in writing.

We may use de-identified information to identify patients who may be at risk of emergency or urgent care.
This supports proactive care and prevention.

You have the right to opt out of risk stratification at any time by contacting the practice.

 

We take data security seriously and use appropriate technical and organisational measures to protect your information, including:

• Secure computer systems and controlled access
• Role-based access on a need-to-know basis
• Regular staff training on confidentiality and data protection
• Monitoring and auditing of information access

If you provide a mobile number or email address, we may use it to:

• Send appointment reminders
• Share screening and health information
• Communicate with you about your care

You can opt out of electronic communications at any time by contacting the practice.

Website: http://www.merridalemedicalcentre.co.uk

• You can access our website without providing personal information
• Information submitted via forms is used only to respond to your enquiry
• Our website does not use cookies
• We are not responsible for the privacy practices of external websites we link to

Please inform us as soon as possible if your details change, such as:

• Name
• Address
• Telephone number
• Date of birth

This helps ensure your records are accurate and safe.

Merridale Medical Centre is the Data Controller responsible for your personal information.

ICO Registration Number: Z5441916

 Reviewed and Updated December 2025

---