top of page

Data Protection

Our website and information governance processes were compliant with the regulations under the Data Protection Act (DPA) which was superseded by the General Data Protection Regulations (GDPR) in  March 2018. We have reviewed our processes in the light of the new GDPR and updated those areas which required us to tell our patients in more detail about how we process personal data to undertake our business of providing healthcare services to our patients.

We have published this information in three sections - our Website Information and Privacy notice - including the use of cookies - a separate section on your Medical Records and how to access - and our GDPR Notices

For more information please click on the relevant link below


General Data Protection Regulations

The GDPR requires practices to process data ‘fairly’ and in a ‘transparent manner’ which is ‘easily accessible and easy to understand’. This means that practices must provide information to patients about how the practice processes patient data in the form of ‘practice privacy notices’.

Privacy Notice

How we use your medical records - Important information for patients


  • This practice handles medical records in-line with laws on data protection and confidentiality

  • We share medical records with those who are involved in providing you with care and treatment. 

  • In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill. 

  • We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.  

  • You have the right to be given access to your medical record

  • You have the right to object to your medical records being shared with those who provide you with care. 

  • You have the right to object to your information being used for medical research and to plan health services.  

  • You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office. 


Fuller details and explanations about how your information is used to provide healthcare is explained on the GDPR webpage

Fair Processing

Security of information

Confidentiality affects everyone. We as a healthcare provider have a legal basis to gather, store and process large amounts of information on a daily basis. This includes medical records, personal records and computerised information for the purposes of preventive or occupational medicine; medical diagnosis; or if the process is necessary for the performance of a task carried out in the public interest. This information is used by many people throughout the course of their daily work.


Our duty to protect information and confidentiality is taken very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and the security of all information for which we are responsible, whether computerised or on paper. This includes regular staff training on the legal obligations they have to maintain confidentiality and security of information at all times.

We have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.

Willerby & Swanland Surgery takes staff training extremely seriously. This is to ensure that nobody will access or use your information without a relevant reason, and to stop accidental loss, damage and destruction of any of your medical, personal and electronic records.

Why do we collect information about you?

To make sure you get the best care doctors, nurses and the team of healthcare staff caring for you keep records about your health and any care or treatment you may receive from the NHS. These records help to make sure that you receive the best possible care. These may be written down in your paper records or held on a computer. They may include:

  • Basic details about you such as name, address, date of birth, next of kin, etc,

  • Contact we have had with you such as appointments or clinic visits,

  • Notes and reports about your health, treatment and care,

  • Results of x-rays, scans and laboratory tests,

  • Relevant information from people who care for you and know you well such as health professionals and relatives.

Always check that your details are correct when you visit us and please tell us of any changes as soon as possible.


How your personal information is used

Your records are used to manage and deliver the care you receive to make sure that:

  • The doctors, nurses and other healthcare members of staff involved in your care have correct and up to date information, to look at your health and decide on the right care for you,

  • Healthcare staff have the information they need to be able to look at and improve the quality and type of care you receive,

  • Your concerns and worries can be properly investigated if a complaint is raised,

  • The right information is available if you see another doctor, or are referred to a specialist or another part of the NHS.


Who do we share personal information with?


Everyone working within the NHS has a legal duty to keep information confidential. Similarly, anyone who receives information from us has a legal duty concerning your confidentiality. The partner organisations with which we share information are:

  • Other NHS Trusts and hospitals that are involved in your care,

  • ICB. (Integrated care Board), previously know as the CCG (Care Commissioning Group)

  • General Practitioners (GPs),

  • Ambulance Services,

  • Yorkshire & Humber Care Record

  • Adults’ and children’s social care services.

You may be receiving care from other sectors as well as the NHS. Therefore we may need to share information to other agencies about you, so we can all work together for your benefit. We will only do this if they have a legitimate need, or we have your permission. These agencies include:

  • Social Care Services.

  • Education Services.

  • Local Authorities.

  • Voluntary and private sector providers working with the NHS.

  • General Medical Council

We will not provide your information to any other third parties without your permission unless there are exceptional circumstances, such as, if the health and safety of you and others is at risk or if the law requires us to pass on information.

The Yorkshire & Humber Care Record (shared care record)


The Yorkshire & Humber Care Record is a shared system that allows health and care staff within the Yorkshire & Humber Health and Social Care community to appropriately access the most up-to-date and correct information about patients, to deliver the best possible care.

The Yorkshire & Humber Care Record guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing.


If you would like any further information, or would like to discuss this further, please contact us using the details provided below.

Yorkshire & Humber Care Record – Information Governance Lead

Leeds Teaching Hospitals NHS Trust
St James University Hospital
Lincoln Wing/Chancellor Wing Link Corridor
Beckett Street



Telephone: 0113 2064102


Disclosure of information


You have the right to object to how and with whom we share the information that is within your records that could identify you. This will be noted within your records so that all staff involved with your care and treatment are aware of your decision. By choosing this option, it may mean that the delivery of your care or treatment more difficult. You can also change your mind at any time about your decision.

If your consent is relevant, you are required to provide this in writing. This is essential as you may change your preference regarding consent further down the line. You as an individual also have the right to withdraw your consent at any time.


How your personal information is used to improve the NHS


Your information will also be used to help us manage the NHS and protect the health of the public by being used to:

  • Review the care we provide to make sure it is of the highest standard and quality,

  • Make sure our services can meet your needs in the future,

  • Investigate your queries, complaints and legal claims,

  • Make sure the healthcare providers receive any payment for the care you receive,

  • Prepare statistics on NHS performance,

  • Audit NHS accounts and services,

  • Undertaking heath research and development ,

  • Helping to train and educate healthcare staff.


The National Data Guardian opt-out programme is a new service that allows people to opt out of their confidential patient information being used for research and planning, which has over taken the Type two opt out. The trust is working to develop and implement this new programme. Please see


Call recording and CCTV


Telephone calls to the Willerby & Swanland Surgery are routinely recorded and we also operate CCTV cameras on our site.  Our current policy is that the CCTV cameras are for live-streaming only and NO images are recorded.


SMS text messaging


When attending the Willerby & Swanland Surgery for an appointment or a procedure you may be asked to confirm that Willerby & Swanland Surgery has the correct contact number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.  We may contact you via AccuRx messaging which links to our clinical system. 


How you can access your records


The Data Protection legislation gives you a right to access the information we hold about you in our records. Requests must be made in writing to the Access to Health Records Department. Willerby & Swanland Surgery will aim to provide your information to you 30 calendar days from receipt of:

  • A completed application form, containing adequate supporting information to enable us to verify your identity and locate your records,

  • An indication of what information you are requesting, to enable the Willerby & Swanland Surgery to locate it in an efficient manner.

You as an individual have the right to have erased any records that have been inaccurately added to your medical records, personal records or other computerised system. If you think any information is inaccurate or incorrect, please contact us using the details below.

Ultimately, if you are unhappy with the way we have handled your information you have the right to make a complaint to Willerby & Swanland Surgery or to the Information Commissioner’s Office (the ICO).

Access to Deceased Records 

If you want to see the health records of someone who has died, you can apply in writing under the Access to Health Records Act (1990).

Under the terms of the act, you will only be able to access the deceased's health records if you're either:

  • a personal representative (the executor or administrator of the deceased person's estate)

  • someone who has a claim resulting from the death (this could be a relative or another person)

Only information directly relevant to a claim will be disclosed.




The retention period for medical records once you have been discharged from care is eight years. Once this period is up your records will then be destroyed within the guidelines set out by the Data Protection legislation. There are some exemptions to this, such as maternity and child’s records; these will be kept for 25 years.

Data controller

The Data controller responsible for keeping your information confidential is:

Willerby & Swanland Surgery

Willand Primary Care Centre

Lowfield Road


HU10 7JR
Telephone: 01482 652652

The Data Protection Officer is Amanda Edwards (Mrs)


Freedom of Information


The Freedom of information Act 2000 provides any person with the right to obtain information held by the Willerby & Swanland Surgery, subject to exemptions.




The Data Protection Legislation requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:

Information Commissioner’s Office
Wycliffe House
Water Lane

Telephone: 08456 306060

bottom of page