- How can we help
- Self-help centre
- Register as a patient
- Find us
Harcourt Medical Centre is a well-established GP Practice. Our General Practitioners and allied healthcare professionals provide primary medical care services to our practice population and are supported by our administrative and managerial team in providing care for patients.
This privacy notice explains how we as a data controller use any personal information, we collect about you as a patient of health care services provided by Harcourt Medical Centre
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare and help us to protect your safety.
We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form. The records will include both personal and special categories of data about your health and wellbeing.
We may collect the following types of personal information:
We may use your personal information in the following ways:
If you have provided your mobile telephone number, we may use this to send automatic appointment reminders, requests to complete surveys or to make you aware of services provided by the surgery that we feel will be to your benefit.
If you do not wish to receive these text messages, please let the reception team know.
Recordings of calls made and received by Harcourt Medical Centre may be used to support the learning and development of our staff and to improve the service we provide to our patients.
They may also be used when reviewing incidents, compliments or complaints.
Call recordings will be managed in the same way as all other personal information processed by us and in line with current data protection legislation.
We may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how they will handle patient information and ensures they treat any information in line with the General Data Protection Regulation, confidentiality, privacy law, and any other laws that apply.
We may share your personal information with other health and social care professionals and members of their care teams to support your ongoing health and or social care and achieve the best possible outcome for you. This may include:
Harcourt Medical Centre is a member of the Sarum Cathedral Primary Care Network (PCN) so you may be contacted by or treated by one of the other practices within the PCN. In order to support and provide healthcare services to you, they will require access to your patient record.
With your agreement, we may refer you to other services and healthcare providers for services not provided by Harcourt Medical Centre.
We will share your information with other providers of healthcare services to enable them to support us in providing you with direct healthcare. This may include NHS organisations or private companies providing healthcare services for the NHS.
Sometimes the clinicians caring for you may need to share some of your information with others who are also supporting you outside of the practice.
The local authority (council) provides health or social care services or assists us in providing direct healthcare services to you. We will share your personal information with them to enable this to take place.
We will share your personal information with the safeguarding teams of other health and social care providers where there is a need to assess and evaluate any safeguarding concerns. Your personal information will only be shared for this reason when it is required for the safety of the individuals concerned.
Your Summary Care Record is an electronic record of important patient information created from the GP medical records. It contains information about medications, allergies and any bad reactions to medications in the past. It can be seen by staff in other areas of the health and care system involved in your direct care.
An Integrated Care Record allows other health and care providers who are directly involved with your care to access appropriate, timely and relevant information about you to enable them to support your heath and care. Further details about the ICR can be found here:
GP Connect is a system that allows other health and care providers access to your GP medical records to enable them to support your heath and care when you are seen outside your normal GP surgery.
In order to comply with its legal obligations this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012.
This practice contributes to national clinical audits and will send the data, which are required by NHS Digital when the law allows. This may include demographic data, such as date of birth and information about your health, which is recorded in coded form. For example, the clinical code for diabetes or high blood pressure.
There are some national services like the national Cancer Screening Programme that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cancer screening.
Risk Stratification, also known as ‘Health Risk Screening’, is a process that helps your GP determine whether you are at risk of any unplanned admission or sudden deterioration in health. By using information such as age, gender, diagnosis, and consideration of existing long-term conditions, medication history, patterns of attendance at hospital, admissions and periods of access to community care, your GP supported by the local Clinical Commissioning Group will be able to judge if you are likely to need more support and care from time to time, or if the right services are in place to support the local population’s needs.
As part of the automated Risk Stratification process your pseudonymised personal data (anything that can identify an individual is replaced with code) will be shared with the Bath, Northeast Somerset, Swindon and Wiltshire Clinical Commissioning Group.
You have the right to object to your information being used in this way. However, you should be aware that your objection may have a negative impact on the timely and proactive provision of your direct care. Further details about Risk Stratification can be found here:
The CQC regulates health and care services to ensure that safe care is provided. The law requires that we must report certain serious events to the CQC, for example, when patient safety has been put at risk. Further information about the CQC can be found here:
The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population. We will report the relevant information to local health protection team or Public Health England. Further information about Public Health England can be found here:
Sometimes the practice will share information with other NHS organisations that do not directly care for you, such as the Clinical Commissioning Group. However, this information will be anonymous and does not include anything written as notes by the GP and cannot be linked to you.
We will not share your information with organisations other than health and social care providers without your consent unless the law allows or requires us to.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected in a patient record for that service. Collecting this confidential patient information helps to ensure you get the best possible care and treatment.
The confidential patient information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care where allowed by law.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information, you do not need to do anything. If you choose to opt out your confidential patient information will still be used to support your individual care.
We do not share your confidential patient information for purposes beyond your individual care without your permission. When sharing data for planning and reporting purposes, we use anonymised data so that you cannot be identified in which case your confidential patient information isn’t required.
Information being used or shared for purposes beyond individual care does not include your confidential patient information being shared with insurance companies or used for marketing purposes and information would only be used in this way with your specific agreement.
Health and care organisations that process confidential patient information have to put systems and processes in place so they can be compliant with the national data opt-out. They must respect and apply your opt-out preference if they want to use or share your confidential patient information for purposes beyond your individual care.
Harcourt Medical Centre are currently compliant with the national data-out policy as we do not share your confidential patient information for purposes beyond your individual care without your permission.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters
You can change your choice at any time.
We follow the NHS X Records Management Code of Practice 2021 which states that electronic patient records should be retained for 10 years from the date of death. At that point, all personal data we hold on you will be securely deleted.
We keep recordings of our calls for 3 months.
We have been commissioned by the Bath and North East Somerset, Swindon and Wiltshire Clinical Commissioning Group to provide a GP surgery service and it is necessary for the performance of this task in the public interest for us to process your personal data.
We will use your special categories of personal data, such as that relating to your race, ethnic origin, and health for the purposes of providing you with health or social care or the management of health or social care systems and services. Such processing will only be carried out by a health or social work professional or by another person who owes a duty of confidentiality under legislation or a rule of law.
In some circumstances, we may process your personal information on the basis that:
Our Data Protection Officer (DPO) function is provided by the Medvivo Data Protection Officer service.
If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information then please contact our Data Protection Team at:
Data Protection Team
Harcourt Medical Centre. Crane Bridge Road, Salisbury, Wiltshire. SP2 7TD
All data protection queries will be initially dealt with by the practice data protection team and escalated to the Medvivo Data Protection Officer service if required.
You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioners Office (ICO):
0303 123 1113
We keep our privacy notice under regular review and we will place any updates on this webpage. This privacy notice was last updated on 10.06.2022
This appendix has been added to include any additional data processing completed by us during the Coronavirus (COIVD-19) outbreak.
In light of the current emergency, the Department of Health and Social Care has removed the requirement for your explicit consent prior to sharing additional information as part of the summary care record.
You can read more about the changes to your Summary Care Record here:
To help the NHS during the COVID-19 outbreak, NHS Digital are improving the access that doctors, nurses and healthcare professionals have to medical records and information, so that they can more safely treat and advise patients who are not in their usual GP practice, who call 111 or are seen in hospitals and other healthcare settings.
You can read more about GP Connect here:
This practice is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital.
The health and social care system is facing significant pressures due to the coronavirus (COVID-19) outbreak. Health and care information is essential to deliver care to individuals, to support health, social care and other public services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the coronavirus outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations. This practice is supporting vital coronavirus planning and research by sharing your data with NHS Digital, the national safe haven for health and social care data in England.
NHS Digital has been legally directed to collect and analyse patient data from all GP practices in England to support the coronavirus response for the duration of the outbreak. NHS Digital will become the controller under the General Data Protection Regulation 2016 (GDPR) of the personal data collected and analysed jointly with the Secretary of State for Health and Social Care, who has directed NHS Digital to collect and analyse this data under the COVID-19 Public Health Directions 2020 (COVID-19 Direction).
All GP practices in England are legally required to share data with NHS Digital for this purpose under the Health and Social Care Act 2012 (2012 Act). More information about this requirement is contained in the data provision notice issued by NHS Digital to GP practices.
Under GDPR our legal basis for sharing this personal data with NHS Digital is Article 6(1)(c) – legal obligation. Our legal basis for sharing personal data relating to health, is Article 9(2)(g) – substantial public interest, for the purposes of NHS Digital exercising its statutory functions under the COVID-19 Direction.
The data being shared with NHS Digital will include information about patients who are currently registered with a GP practice or who have a date of death on or after 1 November 2019 whose record contains coded information relevant to coronavirus planning and research. The data contains NHS Number, postcode, address, surname, forename, sex, ethnicity, date of birth and date of death for those patients. It will also include coded health data which is held in your GP record such as details of:
NHS Digital will analyse the data they collect and securely and lawfully share data with other appropriate organisations, including health and care organisations, bodies engaged in disease surveillance and research organisations for coronavirus response purposes only. These purposes include protecting public health, planning and providing health, social care and public services, identifying coronavirus trends and risks to public health, monitoring and managing the outbreak and carrying out of vital coronavirus research and clinical trials. The British Medical Association, the Royal College of General Practitioners and the National Data Guardian are all supportive of this initiative.
NHS Digital has various legal powers to share data for purposes relating to the coronavirus response. It is also required to share data in certain circumstances set out in the COVID-19 Direction and to share confidential patient information to support the response under a legal notice issued to it by the Secretary of State under the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations).
Legal notices under the COPI Regulations have also been issued to other health and social care organisations requiring those organisations to process and share confidential patient information to respond to the coronavirus outbreak. Any information used or shared during the outbreak under these legal notices or the COPI Regulations will be limited to the period of the outbreak unless there is another legal basis for organisations to continue to use the information.
Data which is shared by NHS Digital will be subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of data necessary to achieve the coronavirus purpose will be shared. Organisations using your data will also need to have a clear legal basis to do so and will enter into a data sharing agreement with NHS Digital. Information about the data that NHS Digital shares, including who with and for what purpose will be published in the NHS Digital data release register.
For more information about how NHS Digital will use your data please see the NHS Digital Transparency Notice for GP Data for Pandemic Planning and Research (COVID-19).
The application of the National Data Opt-Out to information shared by NHS Digital will be considered on a case by case basis and may or may not apply depending on the specific purposes for which the data is to be used. This is because during this period of emergency, the National Data Opt-Out will not generally apply where data is used to support the coronavirus outbreak, due to the public interest and legal requirements to share information.
To read more about the health and care information NHS Digital collects, its legal basis for collecting this information and what choices and rights you have in relation to the processing by NHS Digital of your personal data, see: