The national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs.

Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by calling 0300 3035678.

By 2020 all health and care organisations are required to be compliant with the national data opt-out policy. NHS Digital and Public Health England are already compliant and are applying national data opt-outs.

The staff at this practice record information about you and your health so that you can receive the right care and treatment. We need to record this information, together with the details of the care you receive, so that it is available each time we see you.

The information recorded about you may be used for reasons other than your personal care, for example, to help to protect the health of the general public, to plan for the future, to train staff and to carry out medical and other health research.

We are involved in research studies which require access to anonymous information from patients’ notes. All directly identifiable details (name, address, post code, NHS number, full date of birth) are removed from your notes before they are collected for research, and automatic programs to de-personalise any free text (non structured or coded data) are run after information is collected . Individual patients’ records are added into a much larger anonymous database from many patients across the UK which is used by researchers outside this practice. This data may be anonymously linked to other data, such as hospital data.

If you would like to opt out of this data collection scheme, please let your doctor know and your records will not be collected for use in the anonymous research database. This will not affect your care in any way.

If anything to do with the research would require that you provide additional information about yourself, you will be contacted by your GP to see if you are willing to take part; you will not be identified in any published results.

You have a right of access to your health records. If at any time you would like to know more, or have any concerns about how we use your information, please ask reception for more details.

Please contact Michelle Page for a list of published research via telephone 0207 554 0663 or email michelle.page@thin-uk.com for a paper copy.

Everyone working for the NHS has a legal duty to keep information about you confidential.

NHS England require that the net earnings of doctors engaged in the practice is publicised, and the required disclosure is shown below.

However it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice, and should not be used to form any judgement about GP earnings, nor to make any comparison with any other practice.

All GP practices are required to declare the mean earnings (e.g average pay) for GPs working to deliver NHS Services to patients at each practice.

The average pay for GPs working in Tower House Surgery in the last financial year (2024/25) was £128,077 before tax and National Insurance. This is for 4 full time GPs, 3 part time GPs and 1 locum.

Our Fair Processing Notice is available in PDF form below. A more simplified version is available on request.

Fair Processing Notice (PDF, 242KB)

What we share and why (PDF, 205KB)

COVID-19 At risk Patients

The Department of Health and Social Care has directed NHS Digital to collect this data for the purpose of direct care in response to the spread of the COVID-19 virus (also known as coronavirus).

The objective of this collection is, on an ongoing basis, to identify registered patients:

• who are more at risk of getting seriously ill with COVID-19
• who may be suitable for treatment if they become COVID-19 positive
• who may be suitable for a COVID-19 vaccination.

The required data comprises two extracts:

• patients registered at GP practices in England
• patients registered on the health and justice information system (HJIS) which serves the detained estate in England.

The data collected will be analysed and linked with other data NHS Digital holds. Patient level data including name, address, NHS Number and GP practice will be collected for identified patients.

COVID-19 At Risk Patients data collection (PDF, 1.04MB)

TOWER HOUSE SURGERY DATA PROTECTION POLICY

At Tower House Surgery, we are committed to protecting the personal information of our patients, staff, and business contacts. Our Data Protection Policy aligns with the principles of the Data Protection Act 2018 to ensure secure, lawful, and fair handling of personal data.

Key Principles of Data Protection

We uphold the six data protection principles:

1. Process personal data fairly, lawfully, and transparently.
2. Collect and use data only for specified, lawful purposes.
3. Ensure data is adequate, relevant, and not excessive.
4. Keep data accurate and up to date.
5. Retain data only as long as necessary.
6. Process data securely to prevent unauthorised access, loss, or destruction.

Responsibilities

Employee Responsibilities:
All employees are trained to:

• Follow the Data Protection Act principles.
• Collect and process data only for lawful purposes.
• Ensure data is accurate, securely stored, and properly disposed of when no longer needed.
• Notify the Practice Manager of requests for personal information.
• Report any breaches or risks to data security promptly.

Practice Responsibilities:
Tower House Surgery will:

• Appoint a Data Protection Officer (DPO) to oversee compliance.
• Provide training and clear procedures for handling personal data.
• Ensure compliance with the National Data Opt-Out Policy.
• Respond to subject access requests in line with the law.
• Protect patient and staff records from unauthorised disclosure.

Patient Information

We maintain personal information on secure systems to support your healthcare needs. Your records are accessible only to authorised staff trained in confidentiality.

• Sharing Information: We may share details with those involved in your care or when legally required, such as in public health emergencies or court orders.
• Consent: Written consent is needed for non-care-related disclosures, such as insurance reports.
• Privacy Measures: We do not disclose information over the phone, to third parties, or leave messages without your prior consent.

Commitment to Security

We ensure robust safeguards for all data to prevent accidental loss or breaches. All staff contracts include confidentiality clauses, and we regularly assess our compliance to mitigate risks.

You have the right to view your own records. To request access, please submit your request in writing, addressed to the Practice Manager.

For further information, please contact our Practice Manager (Data Protection Officer) in writing.

We ask you for personal information so that you can receive appropriate care and treatment. This information is recorded on computer and we are registered under the Data Protection Act. The practice will ensure that patient confidentiality is maintained at all times by all members of the practice team. However, for the effective functioning of a multi-disciplinary team it is sometimes necessary that medical information about you is shared between members of the team. This information may also be shared with other external healthcare professionals unless you advise the surgery that you wish to ‘opt out’ of this information sharing initiative.

The principles of confidentiality apply equally to all patients regardless of age. Young people (including those under 16) are entitled to equal confidentiality as all other patients. This includes respecting their wishes to withhold information from parents or guardians. The GP involved will determine the competency of a young person seeking treatment and will determine the extent to which confidentiality guidelines apply in each case. Prescriptions and some of the consultation records are run entirely on computer.