GDPR Patient Privacy Notice
This Privacy Notice covers all Health Care Professionals as they may need to access medical records.
PRIVACY NOTICE FOR NATIONAL COVID-19 AND FLU VACCINATION PROGRAMME
NHS England has establishd a centralised service for the management of both the Covid-19 and seasonal flu vaccination programmes. The service is supported by a central system, The Immunisation Management System.
When you attend for your covid-19 vaccination a record will be made that you have been vaccinated and when. Normally vaccinations are under taken in GP Settings, however, the delivery of the covid-19 vaccine is being undertaken in a variety of care settings.
NHS England is responsible for processing your personal data for the purposes of the national vaccination programme. To find out more, you can access the NHS England privacy notice at www.england.nhs.uk/contact-us/privacy-notice/
General Practice Patient Charter 'You and Your GP'
NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes. “Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym. “Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals. “Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP. You can find additional information about OpenSAFELY at https://www.opensafely.org/
-OpenSAFELY is a secure platform that enables approved users to run queries on pseudonymised GP and NHSE patient data for research and planning purposes without the patient identifiable data being seen or accessed. - The GP data resides in the GP system suppliers (GPSS) data estate (sometimes referred to as “boundary”). - The GP data is pseudonymised by the GPSSs. NHS England’s (NHSE) pseudonymised data is shared with the GP System Suppliers to hold in their secure data estate, under agreement via data processing agreements held directly with the GPSSs. - The NHSE data is linked with the pseudonymised GP data and is queried. The results (of the query) are processed within the GP System Supplier’s secure environment. At point of query, NHSE becomes the data controller for the linked results, as per the Direction and DPN. - The results (outputs) are presented as aggregated data with small number suppression, no patient identifiable data is transferred or disclosed.