GDPR, Data Protection & Security

There is a requirement for every NHS organisation and provider to publish a Practice Privacy Notice on their Web sites which sets out why the General Practice collects information about each patient and how the information is used. 

Please see the attached for the 'Practice Fair Processing & Privacy Notice' for Whitewater Health.

Click to View Patient Privacy Notice

The document below gives further details on 'Who we share your information with & why'

Click to View Data Processing Activities

This document gives details on the management of the practice website 

Click to View Website Privacy Statement

This document allows you to request data that the practice may hold relating to your medical record

Click to View Subject Access Request

This document advises patients that we utilise a text messaging service for matters directly related to their care, this can include but is not limited to: appointment booking confirmation, appointment booking reminders, flu program reminders, medication review reminders, links to support self help (NHS A-Z), results from tests.  For more information on the text messages please see click here

We use a third party provider for this which has been commissioned by North Hants CCG, and that has completed all NHSx and NHS Improvements data / cyber security assurance.  They have direct API into Emis Web, which is the practice Clinical System.  As per the ICO recommendations and Data protection, we do not use SMS for e-marketing or Spam messaging patients.

Patient Information Poster Accurx SMS

Update from Information Commissioners Office (ICO) in relation to Managing care during COVID-19.

Date: 12 March 2020
Type: Statement

We all share the same concerns about the spread of the COVID-19 virus. The need for public bodies and health practitioners to be able to communicate directly with people when dealing with this type of health emergency has never been greater.

Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing. Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.

The ICO is a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency.

Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website