IGPR
We use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for. iGPR manages the reporting process for us by reviewing and responding to requests in accordance with our instructions and all applicable laws, including UK data protection laws. The instructions we issue to iGPR include general instructions on responding to requests and specific instructions on issues that will require further consultation with the GP responsible for your care. To guarantee GDPR compliance, we have a data processing agreement explicitly stating that the processor processes information solely in accordance with our instructions and does not retain any data.
eConsult
The Practice has engaged a specialised online consultation supplier – approved to NHS England technical standards – which has gone through stringent scrutiny, achieving all necessary requirements to provide online consultations. NHS England, on your GP’s behalf, contracts with the supplier and acts as a joint system controller with your GP. However, NHS England will not receive any personal information, so your GP remains responsible for this data, ensuring that any provided data to use this service is for online consultation purposes only.
The UK GDPR and The Data Protection Act 2018 (the data protection laws) protect individuals with regard to the processing of personal data. The organisation providing this service is eConsult Health Ltd. (eConsult), who will act as a personal data processor under the data protection laws.
When accessing the service, NHS England is a controller jointly with GPs and eConsult is a processor for GPs, managed through the joint controller relationship that NHS England established with GPs and continues to maintain.
Please note that if you access our service using your NHS login details the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS login’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
Diabetes related data
The Practice shares your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England). This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.
For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.desphiow.co.uk
Other Third Party Providers
We also work with various third party healthcare providers on projects which help us deliver the best possible care to our patients. The companies we are currently working with are:
· Dragon Dictate – Providing us with software to dictate into your clinical record.
· Heidi Health – Providing us with software to dictate into your clinical record and dictate letters, such as referrals.
· AccuRX – Enabling us to send information to patients and book appointments.
We do not share your information with our providers.
If you have chosen to opt out of sharing of data with third parties your information will not be shared. We make every endeavour to obtain patient consent before passing on any information to the above companies and conduct a full Data Protection Impact Assessment in conjunction with our Data protection Officer to ensure we fully comply with GDPR regulations.
Trafalgar Medical Group Practice are committed to providing you with the highest quality of care. To enhance our service, we now have access to Heidi Health, an AI-powered medical scribe.
To enhance the quality and efficiency of our consultations, clinicians may use Heidi Health AI Scribe during your appointment.
What is Heidi Health?
Heidi Health is an advanced AI medical scribe designed to transcribe patient visits, generate clinical notes, fill out documents, and dictate letters.
Heidi uses artificial intelligence to document medical notes, ensuring your clinician can focus on actively listening to your concerns and delivering personalised care, rather than spending time manually recording the notes themselves.
Any information that is captured is reviewed and approved before being saved in the medical record.
Benefits of Using Heidi Health
· Improved Consultations: Allows clinicians to focus solely on you, the patient during your appointment.
· Accurate Documentation: Helps create precise, clear, and detailed medical notes for the patient record that can be reviewed and edited as needed.
· Time Efficiency: Streamlines administrative tasks, giving clinicians more time to spend with their patients.
Patient Consent and Data Management
Your privacy and comfort are our top priorities. Heidi Health AI Scribe only processes information discussed during your appointment and operates within strict privacy and data protection regulations. Before using Heidi Health AI Scribe, your clinician will explain its role and seek your verbal consent. You have the right to decline its use at any time.
· Data Security: Heidi Health AI Scribe complies with UK data protection laws, including GDPR, ensuring that your information is handled securely and confidentially.
· Data Security and Privacy: Heidi Health adheres to stringent UK compliance frameworks, including the Data Protection Act, GDPR, and NHS standards. This ensures that your personal information is handled securely and confidentially.
· Local Data Hosting: All data is hosted within the UK, enhancing security and compliance with local data protection regulations.
· Temporary Data Storage: Audio recordings used for generating notes are not stored. They are processed and then deleted, ensuring your data remains private and secure.