Fair Processing Notice

Under the Data Protection Act your practice is required to process personal data fairly and lawfully. The methods by which these processes are governed and explained to patients are known as ‘fair processing’.

The General Data Protection Regulation (GDPR) ‘right to be informed’ encompasses the obligation to provide fair processing information, typically through a privacy notice. It emphasises the need for transparency over how you use personal data and for privacy notices to be easily assessable.

Fair processing includes:

  • telling patients about what type of information you will collect, how you intend to use it and who you may share it with
  • providing assurance to patients that their data will be safe, confidential and used appropriately if they share it with you
  • enabling patients to opt out of sharing their data and making them aware of their rights
  • COVID-19 contingency sharing: Primary care staff across each borough will be able to access your full medical record without consent during the COVID-19 pandemic but will only do so when this is necessary to provide you with care. They will be required to use a smartcard which confirms their identity, and which limits their access and actions to those appropriate for their role. They will all have been trained to understand their professional and legal responsibilities in providing you with care”.

The attached exemplar privacy notice has been developed in line with ICO guidance and NHS England’s fair processing checklist and guidance for GPs and should be adapted/localised as follows:

  • use a title which is meaningful to patients such as “How we use your information”; “Protecting your confidentiality” or “Privacy Notice”.
  • update the contact details on page 7 before making the privacy notice available.
  • add details of any data processing that may be unique to your practice/locality e.g. if you are an Oxford University College Doctor practice or in an Oxfordshire GP Federation – see example additional data processing text below
  • consider user testing your privacy notice with your Patient Participation Group members prior to publication
  • give thought to providing the information as a layered notice (i.e. with links to individual sections of the notice)
  • make the privacy notice easily assessable on your website and in your reception area

GP Federation Services

As a member of the Hillingdon Primary Care Confederation we work with other local practices and Federation-managed services to provide joined up healthcare. Authorised healthcare staff who are involved in your health care are able to access relevant information in your GP record.

Some clinicians are also able to add consultation details to ensure your record is updated as soon as possible. Access is strictly controlled by your practice.

Medical student placements

Our practice is involved in the training of medical students. As part of this programme medical students will work in the practice and may be involved in your care. If staff would like a student to be present they will always ask for your permission before the start of the consultation. The treatment or care you receive will not be affected if you refuse to have a student present during your appointment.

It is usual for GPs to discuss patient case histories as part of their continuing medical education or for the purpose of training GPs and/or medical students. In these situations the identity of the patient concerned will not be revealed.

For more information see these websites: