How we process your data
Our Information Governance team ensures that your personal information is dealt with legally, securely, and effectively.
What is Information Governance?
Information Governance (IG) is the framework for handling information in a secure and confidential manner that allows organisations and individuals to manage patient, personal and sensitive information legally, securely, efficiently, and effectively in order to deliver the best possible healthcare and services.
IG applies to, and impacts on, everyone working for, or on behalf of the Care Group. Additionally, everyone working in the Care Group has a legal duty to keep information about others secure and confidential.
IG is concerned with the standards that should apply when information is processed. Information processing has five broad aspects that encompass how information is obtained, recorded, held, used and shared. Therefore, it is of paramount importance that the Care Group ensures that all information is:
- Held safely and confidentially
- Obtained fairly and effectively
- Recorded accurately and reliably
- Used effectively and ethically
- Shared appropriately and lawfully
It brings together all of the legal requirements, standards and best practices (including policies and procedures, management and reporting arrangements, processes and controls, and training) that apply to the handling of patient, personal and sensitive information, including but not limited to:
- Access to Health Records Act
- Caldicott Principles
- Code of Practice on confidential information
- Common Law Duty of Confidentiality
- Computer Misuse Act
- Confidentiality: NHS Code of Practice
- Data Protection legislation - UK Data Protection Act 2018 and the UK General Data Protection Regulation 2016 (GDPR)
- Data Security and Protection Toolkit (DSPT)
- Freedom of Information Act
- Information Security Management: NHS Code of Practice
- Network and Information Systems (NIS) Regulations 2018
- Records Management Code of Practice 2021.
The Care Group collects, stores and uses large amounts of personal confidential data every day, such as care records, personnel records and computerised information. This data is used by many people in the course of their work. IG allows the Care Group to demonstrate to the public that it takes its responsibilities to safeguard information seriously. It also aims to protect patient information and confidentiality and to protect the Care Group and its staff.
You can review our policies below on how we achieve this in Tower Hamlets GP Care Group
Key contacts
Sana Sabat
Information Governance Officer (IGO)
sana.sabat@nhs.net
Christoper Norton
Deputy Director of Governance and Nursing, Senior Information Risk Owner (SIRO)
christopher.norton1@nhs.net
Toby Longwill
Medical Director, Caldicott Guardian (CG)
Privacy Notice - Children and Young people
Staff Policies and Privacy Notices
Subject Access Request
Under the UK General Data Protection Regulation, Data Protection Act 2018, you have the right to apply for access to your records and in some case, records of other people as an authorised representative. This is known as a Subject Access Request (SAR).
The Access to Health Records Act 1990 (AHRA) governs the right of access to deceased patient’s health records by specified persons.
Your health record is kept confidential at all times within the GP Care Group and is only shared with staff when it is necessary for them to carry out their job. All staff are required to work to strict professional and contractual codes of confidentiality and, where possible, we will anonymise information so that individual patients cannot be identified. The only time information will be shared to outside organisations is if they are directly involved in your care, for instance, your GP, social worker, community nurses or hospital.
If, for any reason, you would like access to your medical records held by the GP Care Group, please make your request digitally using our new online portal Home Page – SAR Portal (ams-sar.com). Click get started online, then follow the instructions to set-up your account (or login if you have an existing account).
Requests are managed electronically and once complete, you will be able to view your health records using a download function within the portal, reducing time and the need for paper copies to be printed and sent via post.
When making your request, please ensure the correct application type is selected. This will help the Subject Access Request team process your request effectively.
Download the Requester Portal Guide and view the FAQs to help you through the process. By law you will need to supply identification as part of the request process – you can find out what you need to supply by clicking here.
If you’re a third party and requesting access to the health records of another person, please use our online portal to submit your request.
The organisation will deal with your request promptly, and in any event the records will be sent to you within 30 days of receipt of your accurately completed form. If we encounter any difficulties in locating your data, we will keep you informed of our progress via the online portal.
Individuals do not have a right to have professional opinions or judgements deleted from the record, unless the entry is factually incorrect e.g. the notes on your record relate to a different patient. However, if you disagree with any content within your record, you can ask to have a statement added to reflect your opinions. You are entitled to a copy of what has been added.
If you would like access to a diagnostic report requested by the GP Care Group please specify this on the online form.
If you have queries and want to contact us directly, please email thgpcg.informationgovernance@nhs.net.
Please note: We no longer accept Subject Access Requests via email.
