CONSTABLE COUNTRY MEDICAL PRACTICE

PRIVACY NOTICE

Effective Date: June 2026
Review Date: June 2027
Classification: Public Document

Introduction

Constable Country Medical Practice is committed to protecting your privacy and ensuring that your personal information is handled securely, confidentially and in accordance with the law.

This Privacy Notice explains:

• What information we collect about you
• How we use your information
• Who we share your information with
• How we keep your information secure
• Your rights under data protection legislation
• How you can contact us regarding your information

This notice applies to all patients registered with Constable Country Medical Practice and anyone who uses our services.

Data Controller

Constable Country Medical Practice is the Data Controller for the personal information we hold about our patients.

Address
Constable Country Medical Practice
Heath Road
East Bergholt
CO7 6RT

Telephone: 01206 298272

Website: www.constablecountrymedicalpractice.co.uk

Business Manager: Rachel Wilson

Caldicott Guardian: Dr Victoria Okpiabhele

Data Protection Officer

The Practice receives Data Protection Officer and Information Governance support from Kafico Ltd.

For any data protection enquiries, please contact:

Email: ccmp@nhs.net

Where specialist advice is required, only the minimum information necessary will be shared with Kafico Ltd and appropriate confidentiality arrangements are in place.

Our Legal Responsibilities

We process personal information in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Act 2006
• Access to Health Records Act 1990
• NHS Records Management Code of Practice

The Practice has a legal duty to maintain the confidentiality, integrity and availability of the information we hold.

Information We Hold About You

We may collect and process:

Personal Information

• Name
• Address
• Date of Birth
• NHS Number
• Telephone Numbers
• Email Address
• Emergency Contact Details
• Next of Kin Information

Health Information

• Medical history
• Diagnoses
• Medications
• Allergies
• Test results
• Screening results
• Immunisations
• Care plans
• Referral information
• Hospital correspondence
• Community service correspondence

Administrative Information

• Appointment details
• Contact preferences
• Complaints and compliments
• Communications with the Practice
• Online consultation submissions

How We Collect Information

Information may be obtained from:

• You directly
• Family members or carers acting on your behalf
• Hospitals
• Community health services
• Mental health services
• Social care services
• Ambulance services
• Pharmacies
• Care homes
• NHS England
• Other GP practices
• Voluntary organisations involved in your care

Why We Use Your Information

The primary purpose for using your information is to provide safe and effective healthcare.

This includes:

Direct Care

• Diagnosing and treating illness
• Managing long-term conditions
• Prescribing medication
• Referrals to specialist services
• Reviewing investigations and test results
• Safeguarding vulnerable patients

Healthcare Administration

• Appointment management
• Recall systems
• Vaccination programmes
• Screening programmes
• Patient communications

Quality Assurance

• Clinical audits
• Service improvement
• Staff training
• Complaint investigation
• Patient safety monitoring

Legal and Regulatory Requirements

• Compliance with NHS contracts
• Regulatory inspections
• Public health obligations
• Coroner investigations
• Court orders and legal requirements

Lawful Basis for Processing

Under UK GDPR, we process personal data under:

Article 6

• Article 6(1)(c) – Legal Obligation
• Article 6(1)(e) – Public Task

Article 9

• Article 9(2)(h) – Health and Social Care
• Article 9(2)(i) – Public Health
• Article 9(2)(j) – Research and Statistics

Who We Share Information With

We will only share information where there is a lawful basis and where it is necessary to provide care or fulfil our legal obligations.

This may include:

• NHS England
• Hospitals and specialist services
• Community health services
• Mental health services
• Ambulance services
• Community pharmacies
• Social care services
• Care homes
• Safeguarding teams
• Integrated Care Boards
• Primary Care Networks
• Public health organisations
• Police where legally required
• Coroners
• Courts and tribunals

We do not sell patient information or share it for marketing purposes.

Primary Care Network (PCN)

Constable Country Medical Practice is a member of South Rural Primary Care Network.

Information may be shared between organisations within the PCN where necessary to support your direct care or delivery of NHS services.

Appropriate information sharing agreements are in place.

Multi-Disciplinary Team Meetings

Healthcare professionals from different organisations may discuss your care as part of a Multi-Disciplinary Team (MDT).

Participants may include:

• GPs
• Nurses
• Pharmacists
• Social Workers
• Mental Health Practitioners
• Community Services
• Care Coordinators
• Hospital Specialists

Only information relevant to your care will be shared.

Shared Care Records

The Practice participates in local Shared Care Record arrangements.

Shared Care Records allow authorised professionals involved in your treatment to access relevant information to provide safe and effective care.

Access is controlled, monitored and audited.

GP Connect

The Practice participates in GP Connect.

This allows authorised healthcare professionals involved in your direct care to access relevant information from your GP record when required.

All access is recorded and audited.

Population Health Management

The NHS uses pseudonymised information to understand the health needs of local populations.

Population Health Management supports:

• Service planning
• Preventative healthcare
• Reducing health inequalities
• Improving patient outcomes

Information used is generally anonymised or pseudonymised wherever possible.

Risk Stratification

Risk stratification helps identify patients who may benefit from additional healthcare support.

Approved NHS systems may analyse healthcare information to identify patients who may be at increased risk of:

• Hospital admission
• Long-term conditions
• Deteriorating health outcomes

Pharmacy First and Community Pharmacy Services

The Practice participates in NHS Pharmacy First and Community Pharmacy consultation services.

Where appropriate, relevant information may be shared with a community pharmacy to enable them to provide advice and treatment.

Information may be returned to the Practice to update your healthcare record.

Enhanced Access Services

Patients may be offered appointments outside normal Practice opening hours through Enhanced Access services.

Where another NHS organisation provides these services, relevant information may be shared securely to support your care.

Records from these appointments will be added to your GP record.

NHS App

Patients may access services through the NHS App.

This allows patients to:

• View parts of their medical record
• Order repeat prescriptions
• Manage appointments
• View test results
• Receive messages from the Practice

Use of the NHS App is subject to NHS England security requirements.

Accurx Messaging and Online Consultations

The Practice uses Accurx for:

• Secure patient messaging
• Appointment invitations
• Administrative communications
• Clinical questionnaires
• Online consultations

Information submitted through Accurx may become part of your healthcare record where appropriate.

AI-Assisted Clinical Documentation

The Practice uses Accurx Scribe to support clinicians in documenting consultations.

Accurx Scribe uses artificial intelligence technology to generate draft consultation notes.

All information generated by Accurx Scribe is reviewed and approved by the clinician before being added to the medical record.

The clinician remains responsible for the accuracy of the record.

Appropriate information governance and security controls are in place.

Call Recording

Telephone calls to and from the Practice may be recorded for:

• Training purposes
• Quality assurance
• Complaint investigation
• Service improvement
• Staff safety

Recordings are retained in accordance with NHS retention schedules.

Data Processors and Partner Organisations

The Practice works with a number of trusted suppliers and NHS organisations.

These organisations process information on our behalf or support delivery of NHS services.

Key organisations include:

• TPP SystmOne
• Accurx
• NHS England
• South Rural Primary Care Network
• Suffolk and North East Essex Integrated Care Board
• Kafico Ltd
• Shared Care Record partners
• Community Pharmacy providers
• Enhanced Access providers

All suppliers are subject to contractual and information governance requirements.

International Transfers

The Practice does not routinely transfer patient information outside the United Kingdom.

Where suppliers process information outside the UK, appropriate UK GDPR safeguards will be in place.

Keeping Your Information Secure

We use a range of technical and organisational measures to protect information, including:

• Secure NHS systems
• Role-based access controls
• Multi-factor authentication
• Staff confidentiality agreements
• Mandatory staff training
• Cyber security monitoring
• Encryption where appropriate
• Secure destruction of records

Access to patient information is monitored and audited regularly.

Any inappropriate access may result in disciplinary action.

How Long We Keep Information

Records are retained in accordance with the NHS Records Management Code of Practice.

Most GP records are retained for the lifetime of the patient and for a period after death as specified within national NHS retention schedules.

Your Rights

Under UK GDPR you have the right to:

• Be informed
• Access your personal information
• Request correction of inaccurate information
• Request restriction of processing
• Object to certain processing activities
• Request erasure in limited circumstances
• Data portability where applicable
• Rights relating to automated decision-making

Some rights may be limited where NHS legislation requires information to be retained or processed.

Subject Access Requests

You have the right to request access to personal information held about you.

Requests may be made verbally, in writing or by email.

We may request proof of identity before information is released.

Requests will normally be completed within one calendar month.

National Data Opt-Out

The National Data Opt-Out allows patients to choose whether their confidential patient information is used for research and planning purposes.

This does not affect information used for your direct care.

Further information is available at:

www.nhs.uk/your-nhs-data-matters

Telephone: 0300 303 5678

Complaints

If you have concerns regarding the way your information is being handled, please contact:

Rachel Wilson
Business Manager

Constable Country Medical Practice

Telephone: 01206 298272

Email: ccmp@nhs.net

Information Commissioner's Office (ICO)

If you remain dissatisfied after contacting the Practice, you may complain to the Information Commissioner's Office.

Website: www.ico.org.uk

Telephone: 0303 123 1113

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Changes to this Privacy Notice

This Privacy Notice may be updated periodically to reflect changes in legislation, NHS requirements, technology or Practice services.

The latest version will always be available from the Practice website and on request from reception.

Document Control

Version: 1.0

Effective Date: June 2026

Review Date: June 2027

Author: Rachel Wilson, Business Manager

Approved By: GP Partners, Constable Country Medical Practice

Data Protection Officer Support: Kafico Ltd

Classification: Public Document