TOWER HOUSE SURGERY DATA PROTECTION POLICY
At Tower House Surgery, we are committed to protecting the personal information of our patients, staff, and business contacts. Our Data Protection Policy aligns with the principles of the Data Protection Act 2018 to ensure secure, lawful, and fair handling of personal data.
Key Principles of Data Protection
We uphold the six data protection principles:
- Process personal data fairly, lawfully, and transparently.
- Collect and use data only for specified, lawful purposes.
- Ensure data is adequate, relevant, and not excessive.
- Keep data accurate and up to date.
- Retain data only as long as necessary.
- Process data securely to prevent unauthorised access, loss, or destruction.
Responsibilities
Employee Responsibilities:
All employees are trained to:
- Follow the Data Protection Act principles.
- Collect and process data only for lawful purposes.
- Ensure data is accurate, securely stored, and properly disposed of when no longer needed.
- Notify the Practice Manager of requests for personal information.
- Report any breaches or risks to data security promptly.
Practice Responsibilities:
Tower House Surgery will:
- Appoint a Data Protection Officer (DPO) to oversee compliance.
- Provide training and clear procedures for handling personal data.
- Ensure compliance with the National Data Opt-Out Policy.
- Respond to subject access requests in line with the law.
- Protect patient and staff records from unauthorised disclosure.
Patient Information
We maintain personal information on secure systems to support your healthcare needs. Your records are accessible only to authorised staff trained in confidentiality.
- Sharing Information: We may share details with those involved in your care or when legally required, such as in public health emergencies or court orders.
- Consent: Written consent is needed for non-care-related disclosures, such as insurance reports.
- Privacy Measures: We do not disclose information over the phone, to third parties, or leave messages without your prior consent.
Commitment to Security
We ensure robust safeguards for all data to prevent accidental loss or breaches. All staff contracts include confidentiality clauses, and we regularly assess our compliance to mitigate risks.
You have the right to view your own records. To request access, please submit your request in writing, addressed to the Practice Manager.
For further information, please contact our Practice Manager (Data Protection Officer) in writing.