News
Welcome to The High Street Surgery and Whitfield Surgery
Our main surgery is in the very centre of Dover. We have a branch surgery at Whitfield at which we can dispense for certain patients. We are fully computerised at both sites.
We are confident that our website will provide clear and concise help and give our patients the information they require in an easy and convenient format.
Access & Parking
There are adjacent public car parks but no patients’ car park at Dover. There is, however, limited parking for registered disabled patients and easy access for the disabled into the surgery, including a lift.
Our Whitfield Branch Surgery is a single story building with parking available.
Opening Times
Online Services
Register for Online Services
Have Your Say
The Purpose(s) of Processing Personal Data
Data Protection Privacy Notice
Data Protection Privacy Notice
General Practices are usually the first point of contact if you have a health problem. They can treat many conditions and give health advice. They also refer patients to hospitals and other medical services for urgent and specialist treatments.
The data we hold may also be used to shape the way we work together to plan service improvements, improve the health and wellbeing of our communities, and take action to prevent illness and disease for individuals as well as wider communities.
The categories of personal information
Dependent on the purpose of processing, different categories of data may be used by the Practice. Data can be categorised using the following terms:
Anonymised data – data where personal identifiable identifiers have been removed. Data protection laws and the Common Law of Confidentiality to do not apply to anonymised data.
Pseudonymised data – data where any information which could be used to identify an individual has been replaced with a fake identifier. Pseudonymised data remains personal data and as such the Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
Person identifiable information (or personal data) – any information about an individual from which, either on its own or together with other information, that person may be identified. The Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
To find out more about the data processed for each purpose, please click on the links below (The Purpose(s) of Processing).
In addition to the above types of data, some information is considered protected regardless of the purpose of processing; this information does not form part of your shared care record and is not disclosed to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on such information.
The purpose(s) of processing personal data
The High Street Surgery Dover, and The Whitfield Surgery processes data for the following purposes:
- Direct Care Privacy notice
- Human resource privacy notice
- Planning and research privacy notice
- Statutory purpose privacy notice
- Kent and Medway Care Record Privacy Notices
What is the lawful basis for the sharing?
Each purpose of sharing has its own lawful basis, and these can be found in detail on the associated Privacy Notices above.
Organisations we share your personal information with
Personal Data (including special category data) will only be shared between the general Practice and health and social care organisations that have signed a Joint Controller or Data Processing Agreement. These currently include:
- Dartford and Gravesham NHS Trust (D&G)
- East Kent Hospitals University NHS Foundation Trust (EKHUFT)
- Medway Maritime Hospital - Medway NHS Foundation Trust (MFT)
- Maidstone and Tunbridge Wells NHS Trust (MTW)
- Kent and Medway Partnership NHS and Social Care Partnership Trust (KMPT)
- North East London Foundation Trust (NELFT)
- Kent Community Health NHS Foundation Trust (KCHFT)
- HCRG Care Group Limited
- Medway Community Healthcare (MCH)
- South East Coast Ambulance Service (SECAmb)
- Integrated Care 24 (IC24)
- Out of hours providers (currently IC24, SECAmb, MCH and KCC Children’s Services)
- NHS Kent and Medway
- Kent County Council (children and adults social care departments) (KCC)
- Medway Council (children and adults social care departments) (MWC)
- GP federations.
- Other Practice’s that form the Dover town Primary Care Network
- NHS Commissioning Support Units
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Health care partnerships
- Mental Health providers
- Community trusts
- Kent County Council/Medway council Social Care Services
- NHS England
- Local Authorities
- School Nurse
- Police & Judicial Services
How long do we keep your record?
The Practice maintains your records in accordance with the NHS Records Management Code of Practice 2021.
How we keep your personal information safe and secure
To protect personal and special category data, we make sure the information we hold is kept in secure locations and access to information is restricted to authorised personnel only.
Our appropriate technical and security measures include:
- all employees and contractors who are involved in the processing of personal data are suitably trained, on an annual basis, in maintaining the confidentiality and security of the personal data and are under contractual or statutory obligations of confidentiality concerning the personal data.
- robust policies and procedures for example password protection
- technical security measures to prevent unauthorised access
- use of ‘user access authentication’ mechanisms to make sure all instances of access to any personal data held on clinical systems are auditable against an individual, such as role-based access and Smartcard use to make sure appropriate and authorised access reminding staff of their responsibilities in complying with data protection legislation
- encrypting information transmitted between partners
- implementing and maintaining business continuity, disaster recovery and other relevant policies and procedures
- completion of the Data Security and Protection Toolkit (DSPT) an annual self-assessment requirement that ensure organisation are compliant with the latest data protection and cyber requirements.
- regular audit of policies and procedures to ensure adherence against these criteria
The NHS Digital Code of Practice on Confidential Information applies to all staff who access clinical systems. They are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
What are your rights?
Under data protection legislation, you have the right:
- to be informed of the uses of your data: this enables you to be informed how your data is processed
- of access: this enables you to have sight of or receive a copy of the personal information held about you and to check the lawful processing of it
- to rectification: this enables you to have any incomplete or inaccurate information held about you corrected
- to erasure: this enables you to request we erase personal data about you we hold. This is not an absolute right, and depending on the legal basis that applies, we may have overriding lawful grounds to continue to process your data
- to restrict processing: this enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it
- to data portability: this enables you to transfer your electronic personal information to another party, where appropriate.
- to object: this enables you to object to processing of personal data about you on grounds relating to your situation. The right is not absolute, and we may continue to use the data if we can demonstrate compelling legitimate grounds.
- in relation to automated decision making and profiling: this enables you to be told if your data is being processed using automated software in relation to automated decision making and profiling note: No automated decision making or profiling is undertaken by the Practice.
Please note not all these rights are absolute, please see our ROPA for more details
If you wish to exercise your rights in any of the ways described above, you should in the first instance contact Kingswood surgery, kmccg.kingswood@nhs.net
Right to complain
You can get further advice or report a concern directly to sarah.jarvis9@nhs.net
Our Data Protection Officer function is provided by NHS Kent and Medway who can be contacted via email kmicb.gpdpoteam@nhs.net
You also have the right to contact the UK’s data protection supervisory authority (Information Commissioner’s Office) by:
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Phone: 0303 123 1113 (local rate) or 01625 545745 (national rate)
Email: https://ico.org.uk/concerns/handling/
Information about the way in which the NHS uses personal information and your rights is published by NHS Digital.
The NHS Constitution
The constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to. These rights cover how patients access health services, the quality of care you will receive, the treatments and programmes available to you, confidentiality, information and your right to complain, if things go wrong.
NHS England
NHS England collects health information from the records health and social care providers keep about the care and treatment they give, to promote health or support improvements in the delivery of care services in England.
Reviews of and changes to this privacy notice
We will review the information contained within this notice regularly and update it as required. We therefore recommend you check this webpage regularly to remain informed about the way in which we use your information.
Direct Care Privacy Notice
The High Street Surgery and The Whitfield Surgery uses your information to provide you with healthcare.
This practice keeps medical records confidential and complies with data protection legislation.
We hold your medical record so that we can provide you with safe care and treatment.
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details
|
The High Street Surgery 100-106 High Street Dover Kent CT16 1EQ
The Whitfield Surgery 43 Sandwich Road Whitfield Dover CT16 3LT
|
Purpose of the processing
|
To give direct health or social care to individual patients. For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
|
Information we collect and use |
· Special data information including racial or ethnic origin; religious or philosophical beliefs; genetic data; biometric data (where used for identification purposes); data concerning health; data concerning a person’s sex life; and data concerning a person’s sexual orientation. · Demographics: name, address, date of birth, postcode, and NHS number · Medical history · Adult and Children safeguarding information · Third party identifying data: basic details about other individuals that may be involved in providing your care and support services, e.g. emergency contacts, relatives, mobility services providers, home care support |
Lawful basis for processing
|
These purposes are supported under the following sections of the UK General Data Protection Regulations: Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...” Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018 The legal obligation relies on the Health and Social Care Act 2012 s251(b) (as amended by the Health and Social Care (Safety and Quality) Act 2015 which created a statutory ‘duty to share’).
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” to keep information about you confidential.
|
Recipient or categories of recipients of the processed data
|
Please see our main privacy notice for a full list of organisation we share information with
The Practice may also receive information about your health from these organisations who are involved in providing you with health and social care. This means your GP medical record is kept up-to date when you receive care from other parts of the health service. |
NHS Summary Care Record |
The Summary Care Record is an electronic record of important patient information created from GP Medical Records. They can be seen and used by authorized staff in other areas of the health and social care system involved in a patient’s direct care. |
National Screening Programmes |
The NHS provides national screening programmes so that certain diseases can be detected at an early stage. The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme. Information regarding screening programmes can be found here. |
Kent and Medway Care Record (KMCR) |
The High Street Surgery, and The whitfield surgery are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data.
For further information about the Kent and Medway Care Record and the ways in which your data is used for this system please click here.
|
Population Health Management |
Your information is passed, with all identifiers removed to NHS Kent and Medway for public health management. This enables the Practice to identify the appropriate level of care and services for distinct groups of patients. It is the process of assigning a risk status to patients, then using this information to direct care and improve overall health outcomes. |
National Data Opt-out |
The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning.
The National Data opt-out can be applied here.
It is worth noting that in a small number of exceptional circumstances, where senior health care professionals can decide to share information based on public interest, and in these cases the National Data Ot-out does not apply.
The Confidentiality Advisory Group (CAG) considers applications for the use of patient data without consent under the following regulations of Control of Patient Information Regulations 2002 , Section 251 of the NHS Act 2006:
Regulation 2 – for diagnosis and treatment of cancer Regulation 5 – for general medical and research purpose
Specific exemptions to the national data opt-out policy have been made for disclosure of data for:
· Public Health England National Disease Registers · Assuring Transformation · National patient experience surveys
There are also specific policy considerations for NHS Digital, as the national safe haven of health and care data with specific powers under the Health and Social Care Act 2012. National data opt-outs do not apply where NHS Digital indicate data should be provided to them under s259 of the Health and Social Care Act 2012. |
|
For details on your rights and who to complain please see the main privacy notice |
Commissioning, Planning, Risk Stratification and Research Privacy Notice
The High Street Surgery, The Whitfield Surgery, Dover uses data insightfully for Research, auditing and healthcare planning (population health management).
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details The High Street Surgery 100-106 High Street Dover Kent CT16 1EQ The Whitfield Surgery 43 Sandwich Road Whitfield Dover CT16 3LT
Purpose of the
processing
If data from many patients are linked up or pooled, Researchers and Doctors can look for patterns in the data, helping them to develop new ways of predicting illness, and identify ways to improve clinical care. This information can be used to help: · Understand more about disease risk and causes · Improve diagnosis · Develop new treatments and prevent diseases · Plan NHS and GP Services · Improve patient safety · Evaluate Government and NHS Policy
Information we
collect and use · Pseudonymised data: information about individuals but with identifying details (such as name or NHS number) replaced with a unique code · Anonymised data: information about individuals but with identifying details removed · Aggregated data: anonymised information grouped together so that it does not identify individuals
In certain circumstances, where we have a lawful basis it may be necessary to use: · Demographics: name, address, date of birth, postcode, and NHS number · Medical history
Lawful basis for
processing
These purposes are supported under the following sections of the UK General Data Protection Regulations: Article 6(1)(c) … ‘necessary for compliance with a legal obligation to which the controller is subject Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...” Article 9(2)(g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;’ Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of domestic law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy’ Article (9)(2)(j) ‘processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) (as supplemented by section 19 of the 2018 Act) based on domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018
Schedule 1, Part1(3) Public Health, Data Protection Act 2018 Schedule 1, Part 1(4) Research etc, Data Protection Act 2018 Schedule 1 Part 2(6) Statutory etc and government purposes, Data Protection Act 2018 The Practice recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” to keep information about you confidential. Even though consent is not the legal basis for processing personal data for secondary purposes such as service evaluations and audit, the common law duty of confidentiality is not changing, therefore consent is still needed for people outside the care team to access and use confidential patient information for clinical audit, unless you have support under the Health Service (Control of Patient Information Regulations) 2002 (‘section 251 support’) applying via the Confidentiality Advisory Group in England and Wales or similar arrangements elsewhere in the UK.
Strategic Health and
Care Board
(SHcAB) Your information will be passed, with all identifiers removed, to a collaborative programme called the Kent & Medway Shared Health and Care Analytics Board. It will be used for population health management purposes beyond your individual care, including, for example, planning services, managing finances, early treatment of illnesses (known as risk stratification), coordinating and improving patient and service user’s movement through the health and care system, research, and public health enhancement.
Kent and Medway
Care Record
(KMCR) The High Street Surgery and The Whitfield Surgery are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data. For further information about the Kent and Medway Care Record and the ways in which your data is used for this system please click here.
General Practice Extract Service (GPES) NHS Digital, collects data from Practices to support vital health and care planning and research. This information is used insightfully to better understand what causes ill health and, importantly, what we can do to prevent or treat it and provide better care.
Health Service
(Control of Patient
Information)
Regulations 2002
(COPI) The Secretary of State for Health and Social Care has issued Notices under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI) which required organisations to share confidential patient information with organisations entitled to process this under COPI for COVID-19 purposes (COPI Notices). Further guidance on processing personal data, when the COPI Notice expires can be found here.
Population Health
Management Your information is passed, with all identifiers removed to NHS Kent and Medway for public health management. This enables the Practice to identify the appropriate level of care and services for distinct groups of patients. It is the process of assigning a risk status to patients, then using this information to direct care and improve overall health outcomes.
National Data Opt-
Out The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning. The National Data opt-out can be applied here. It is worth noting that in a small number of exceptional circumstances, where senior health care professionals can decide to share information based on public interest, and in these cases the National Data Opt-out does not apply. The Confidentiality Advisory Group (CAG) considers applications for the use of patient data without consent under the following regulations of Control of Patient Information Regulations 2002 , Section 251 of the NHS Act 2006: Regulation 2 – for diagnosis and treatment of cancer Regulation 5 – for general medical and research purpose Specific exemptions to the national data opt-out policy have been made for disclosure of data for: · Public Health England National Disease Registers · Assuring Transformation · National patient experience surveys
There are also specific policy considerations for NHS Digital, as the national safe haven of health and care data with specific powers under the Health and Social Care Act 2012. National data opt-outs do not apply where NHS Digital indicate data should be provided to them under s259 of the Health and Social Care Act 2012.
Rights to object
The National Data opt-out is a service that enables patients to opt-out of their confidential information being used for research and planning. The National Data opt-out can be applied here.
For further details on your rights and how to complain please see the main privacy notice
Statutory Disclosure Privacy Notice
Where there is a statutory requirement The High Street Surgery and The Whitfield Surgery will share personal data with a range of organisations and agencies.
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details
|
The High Street Surgery 100-106 High Street Dover Kent CT16 1EQ
The Whitfield Surgery 43 Sandwich Road Whitfield Dover CT16 3LT
|
Purpose of the processing
|
· Safeguarding: to prevent serious abuse or neglect or death of a child or vulnerable adult from taking place · Regulatory bodies: such as the Care Quality Commission, who undertake audits to ensure the Practice comply with standards and provide safe health care · Law enforcement: prevention and detection of crime or apprehension and prosecution of offenders · Medico-legal: where the Practice are defending a legal claim · Complaint management: sometimes it is necessary to share information with NHS England or the Health Service Ombudsman or Information Commissioners Office · Planning and Research: information may be shared for securing, planning, and paying for primary care or and specialised NHS Services · Health Protection: information may be shared with Public Health bodies for the management of certain health condition, epidemics, and infections |
Information we collect and use |
· Demographics – name, address, date of birth, postcode, and NHS number · Medical history |
Lawful basis for processing
|
These purposes are supported under the following sections of the UK General Data Protection Regulation: Article 6(1)(c) … ‘necessary for compliance with a legal obligation to which the controller is subject Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...” Article 9(2)(g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;’ Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of domestic law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy’ Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018 Schedule 1, Part1(3) Public Health, Data Protection Act 2018 Schedule 1 Part 2(6) Statutory etc and government purposes, Data Protection Act 2018 |
Recipient or categories of recipients of the processed data
|
Where required the Practice will share your information with: Care Quality Commission Public Health England Police Courts of Justice HM Revenue and Customs Kent County Council or Medway Council General Medical Council (GMC) Royal College of nursing (RNC) NHS England/Digital Health Service Ombudsman Information Commissioners Office |
|
For full details on your rights and how to complain please see the main privacy notice |