The Jubilee Medical Practice

0116 295 0600

Phone lines open 8am to 6:30pm

Find us on Facebook

Privacy

Privacy notice

As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.

Download the privacy notice (1) for the Jubilee Medical Practice or read below.

Download the privacy notice (2) ‘How your information is used for medical research and to measure the quality of care’

Download the privacy notice (3) ‘How your information is shared so that we meet legal requirements’

How we use your personal information

This Privacy Notice explains why this GP practice collects information about you and how that information may be used.

Health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records are used to help to provide you with the best possible healthcare.

NHS health care records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records this GP Practice hold about you may include the following information:

  • Details about you, such as your name, address, carers, legal representatives, and emergency contact details
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you

We record all incoming and outgoing telephone calls to the Practice. This helps us with training staff and to improve the quality of our call handling. We may also use the recording to help resolve a complaint or claim.

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.

Some of this information will be held centrally and used for statistical purposes.

Where we do this, we take strict measures to ensure that individual patients cannot be identified.

Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.

Risk Stratification

Risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information using software and is only provided back to your GP as data controller in an identifiable form.

Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary, your GP may be able to offer you additional services.
Please note that you have the right to opt out of your data being used in this way.

Medicine Management

The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost-effective treatments. This service is provided to practices within Westminster and the local Clinical Commissioning Group.

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • General Data Protection Regulation 2016 (Previously: Data Protection Act 1998)
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Health and Social Care Act 2012
  • NHS Codes of Confidentiality, Information Security and Records Management
  • Information: To Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and/or in accordance with the new information sharing principle following the Caldicott information sharing review.

This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles.

How long do we retain your information?

Whenever we collect or process your data, we will only keep it for as long as is necessary for the purpose it was collected. We comply with the Records Management NHS Code of Practice which states that we keep medical records for 10 years after date of death. Following this time, the records are securely destroyed if stored on paper, deleted on the electronic health record system, or archived for research purposes where this applies.

Incoming and outgoing calls to the practice number are kept for 28 days after which they are deleted, similarly our email inbox is kept for 28 days after which they are deleted. Some telephone calls or emails may be kept for longer than 28 days if they are in relation to an ongoing matter.

CCTV

We have CCTV in place for security reasons. These records are kept secure in a similar manner to patient records and follow the ICO code of practice.
Information is only shared in the exceptional circumstances

Recorded Telephone calls

Patients should be aware that this Practice records telephone calls to and from the practice.
The primary purpose of call recording at our Practice sites is for training and monitoring purposes. This includes the provision of a record of incoming and outgoing calls which can:

  • Identify practice staff training needs
  • Protect practice staff from nuisance or abusive calls
  • Establish facts relating to incoming/outgoing calls made (e.g. complaints)
  • identify any issues in practice processes with a view to improving them (e.g. to aid workforce planning)

Our Practice will make every reasonable effort to advise callers that their call may be recorded and for what purpose the recording may be used. This will normally be via a pre-recorded message within the telephone system and via signage at the practice.

We lawfully do not require your consent under articles 6(1)(e) and 9(2)(b)(c)(h) of the Data Protection Act 2018; however, you do have the right to terminate the call if you do not wish for the call to be recorded.

The recording will be securely stored within the telephone recording system software to which strict rules of confidentiality will apply.

The telephone service supplier operates under an approved code of practice for the storage of recorded calls. Calls are stored for 28 days only; however, stored calls may be kept for longer if there is an ongoing matter.

The practice sites’ data protection registration also covers voice files similarly to other data.

If you need to request a copy of a recording, please do the following:

Make a request, in writing to the Practice Manager. The request the written request must state the following:

  1. The reason for the request
  2. Date and time of the call if known
  3. External number involved
  4. Where possible, the names of all parties to the telephone call
  5. Any other information on the nature of the call

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:

  • NHS Trusts / Foundation Trusts
  • GPs
  • NHS Commissioning Support Units
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private Sector Providers
  • Voluntary Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Social Care Services
  • Health and Social Care Information Centre (HSCIC)
  • Heidi Health
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police and Judicial Services
  • Voluntary Sector Providers
  • Private Sector Providers
  • Other ‘data processors’ which you will be informed of.

You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required.

What if I don’t want my information to be shared in this way?

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit NHS – Your Data Matters. On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at: https://www.hra.nhs.uk (which covers health and care research); and Understanding Patient Data (which covers how and why patient information is used, the safeguards and how decisions are made).

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

AI-enabled Ambient Scribing

We are committed to providing you with the highest quality of care. To enhance our service, we are trailing with a view to introducing AI-powered medical scribing, such as Heidi Health, to assist in documenting our consultations.

Below, we explain what this is, how your data will be managed, and the benefits it brings to your care and our practice.

What are AI-enabled Ambient Scribing Products?

These are speech recognition and natural language processing (NLP) systems that: • Record and transcribe conversations between clinicians and patients during consultations.

  • Use AI algorithms to generate structured clinical notes, such as SNOMED-coded entries.
  • Can auto-populate sections of the patient record, with clinician approval.
  • Can generate outputs in the form of medical letters or other documentation.
  • Can recommend actions such as onward referral. Some tools include features such as:
  • Automatic summarisation of discussions based on text transcripts.
  • Intelligent prompts for missing clinical information.
  • Real-time transcription during the consultation

Protecting your Data

Your data is processed and stored in your jurisdiction and in accordance with applicable privacy laws.

None of your data is used for secondary purposes.

Data is undergoes a rigorous deidentification process to remove personal identifiers.

Data is handled securely, with encryption and regular audits to ensure compliance.

What are the benefits?

  • AI enabled scribing is used to assist with documenting your consultation, capturing only what is necessary for accurate medical records.
  • Enable GPs to dedicate more time to providing care rather than documenting it.
  • May enhance rapport and patient satisfaction with the GP solely focused on the patient not the computer screen during consultations
  • Potentially more comprehensive and standardised notes improving the quality of the patient record and supporting clinical decision making by having up to date, detailed, real-time accurate records.
  • Assists with clinical coding and claiming for work carried out.
  • Improvements in operational efficiency and potential cost savings by reducing administrative workload and improving data quality.
  • Intelligently automating workflow, promoting scalability and interoperability across health care settings.

Research & Audit

Medical research

The Jubilee Medical Practice shares information from medical records:

  • To support medical research when the law allows us to do so, for example to learn more about why people get ill and what treatments might work best.
  • We will also use your medical records to carry out research within the practice.

This is important because:

  • The use of information from GP medical records is very useful in developing new treatments and medicines.
  • Medical researchers use information from medical records to help answer important questions about illnesses and disease so that improvements can be made to the care and treatment patients receive.

You have the right to object to your identifiable information being used or shared for medical research purposes. Please speak to the practice if you wish to object

Checking the quality of care – national clinical audits

The Jubilee Medical Practice contributes to national clinical audits so that healthcare can be checked and reviewed.

  • Information from medical records can help doctors and other healthcare workers measure and check the quality of care which is provided to you.
  • The results of the checks or audits can show where hospitals are doing well and where they need to improve.
  • The results of the checks or audits are used to recommend improvements to patient care.

We will only share your information for national clinical audits or checking purposes when the law allows.

Use of Anonymised Patient Data for the LLR Data for Research Project

The Practice is participating in Leicester, Leicestershire, and Rutland Data for Research (LLR DfR), a local project that has requested data from general practices in the area. This data is used for research that will aim to improve the care of the population. Information from your health records will be available for researchers, but all data will be anonymous in a way that does not identify you. The use of anonymised data does not need your consent as it is used in the kind of research where you do not need to be identified.

Anyone who has opted-out of their data being used for planning and research purposes under the National Data Opt-Out service will not be included in the LLR DfR project. Their data will not be processed.

NHS Leicestershire Health Informatics Service (LHIS) of Gwendolen House, Gwendolen Road, Leicester LE5 4QF will work on our Practice’s behalf as a data processor. We have a Data Processing Agreement with LHIS to ensure that there are controls in place to protect the confidentiality and security of the information extracted from the Practice.

iGPR

We use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for.

iGPR manages the reporting process for us by reviewing and responding to requests in accordance with our instructions and all applicable laws, including UK data protection laws.

The instructions we issue to iGPR include general instructions on responding to requests and specific instructions on issues that will require further consultation with the GP responsible for your care.

Access to personal information

You have a right under the General Data Protection Regulation 2016, to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:

  • Your request must be made in writing to the GP – for information from the hospital you should write direct to them
  • There will not be a charge to have a printed copy of the information held about you
  • We are required to respond to you within 30 days
  • You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located.

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

Notification

We are registered as a data controller and our registration can be viewed online in the public register via the Information Commissioner’s Office website

Who is the Data Controller?

The Data Controller, responsible for keeping your information secure and confidential is:

The Jubilee Medical Practice
Syston Health Centre
Melton Road
LE7 2EQ

Who is the Data Protection Officer?

Named DPO: Hayley Gidman, Head of Information Governance, Midlands, and Lancashire CSU

Address of DPO: Midlands and Lancashire Commissioning Support Unit, Heron House, 120 Grove Road, Fenton, Stoke-on-Trent ST4 4LX

Contact details for DPO:

Telephone: 01782 872648
E-mail: mlcsu.dpo@nhs.net

Complaints

Should you have any concerns about how your information is managed by the Practice please contact the Practice Manager at the following address:

The Jubilee Medical Practice
Syston Health Centre
Melton Road
LE7 2EQ

If you are still unhappy following a review by the Practice you can then complain to the Information Commissioners Office (ICO):

The Information Commissioner Wycliffe House Water Lane
Wilmslow Cheshire SK9 5AF

Phone: 0303 123 1113 (local rate) or 01625 545 700 (Outside UK)
or, visit the website by clicking Information Commissioner’s Office

Safeguarding

  • Sometimes we need to share information so that other people, including healthcare staff, children, or others with safeguarding needs, are protected from risk of harm.
  • These circumstances are rare.
  • We do not need your consent or agreement to do this.
  • Please speak to the Practice if you require any further information

We are required by law to provide you with the following information about how we handle your information.

Right to access and correct

  • You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website – https://www.jubileemedicalpractice.nhs.uk/
  • We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Retention period

GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or speak to the practice.

How your information is shared so that this practice can meet legal requirements

The law requires The Jubilee Medical Practice to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:

  • plan and manage services.
  • check that the care being provided is safe.
  • prevent infectious diseases from spreading.

We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information.

We must also share your information if a court of law orders us to do so

Lawful basis for processing

These purposes are supported under the following sections of the GDPR:

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.

NHS Digital

  • NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.
  • It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
  • This practice must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
  • More information about NHS Digital and how it uses information can be found at:
    https://digital.nhs.uk/home

Care Quality Commission (CQC)

  • The CQC regulates health and social care services to ensure that safe care is provided.
  • The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk.
  • For more information about the CQC see: http://www.cqc.org.uk/

Public Health

  • The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population.
  • We will report the relevant information to local health protection team or Public Health England.
  • For more information about Public Health England and disease reporting see: https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report

OpenSAFELY Data Analytics Service

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.
Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register type 1 opt out with their GP.

Find additional information about OpenSAFELY.

Date published: 20th September, 2023
Date last updated: 12th December, 2025