This GP practice has agreed to take part in the DataLoch research programme. Both your GP practice and NHS Lothian are the data controller for the DataLoch programme (Data is only hosted within NHS Lothian), and are working in partnership with the University of Edinburgh. The aims of the DataLoch programme are to support research for the benefit of local residents in the South-East Scotland region. A Data Sharing Agreement is in place that covers the sharing of patient data with DataLoch, and all approved research is anonymous.
In line with data protection legislation, the legal basis that permits processing of patient data is:
• 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• 9(2)(j) – Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes in accordance with Article 89(1)
The DataLoch website covers the researcher data, public enquiries, and newsletter subscriptions for which the University of Edinburgh is the Data Controller: https://dataloch.org/privacy-notice
About the Personal Information we Use
- Complainants, enquirers,
- Survey respondents,
- Professional experts and consultants,
- Individuals captured by CCTV.
Our Legal Basis for Using Personal Information
- For the provision of health or social care or treatment or the management of health or social care systems and services; or,
- For reasons of public interest in the area of public health; or,
- For reasons of substantial public interest for aims that are proportionate and respect people’s rights, for example research; or
- In order to protect the vital interests of an individual; or,
- For the establishment, exercise or defence of legal claims or in the case of a court order.
On rare occasions we may rely on your explicit consent as our legal basis for using your personal information. When we do this we will explain what it means, and the rights that are available, to you. You should be aware that we will continue to ask for your consent for other things like taking part in a drug trial, or when you are having an operation.
Who Provides the Personal Information
When you do not provide information directly to us, we receive it from other individuals and organisations involved in the delivery of health and care services in Scotland. These include other NHS Boards and primary care contractors such as GPs, dentists, pharmacists and opticians; other public bodies e.g. Local Authorities and suppliers of goods and services.
Sharing Personal Information With Others
- Our patients and their chosen representatives or carers.
- Current, past and potential employers.
- Healthcare social and welfare organisations.
- Suppliers, service providers, legal representatives.
- Auditors and audit bodies
- Educators and examining bodies.
- Research organisations.
- People making an enquiry or complaint.
- Financial organisations.
- Professional bodies.
- Trade Unions.
- Business associates.
- Police forces..
- Security organisations.
- Central and local government.
- Voluntary and charitable organisations.
Transferring Personal Information Abroad
It is sometimes necessary to transfer personal health information overseas for example if you require urgent medical treatment abroad. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with NHSScotland Information Security Policy.
How we Protect Personal Information
- All staff undertake mandatory training in Data Protection and IT Security.
- Compliance with NHS Scotland Information Security Policy.
- Organisational policy and procedures on the safe handling of personal information.
- Access controls and audits of electronic systems.