Privacy Notice

Why we collect information about you

In the National Health Service we aim to provide you with the highest quality of health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.

These records may include:

  • Basic details about you, such as address, date of birth, next of kin
  • Contact we have had with you such as clinical visits
  • Notes and reports about your health
  • Details and records about your treatment and care
  • Results of x-rays, laboratory test etc.,
  • Relevant information from people who care for you and know you well, such as health professionals and relatives

It is good practice for people in the NHS who provide care to:

  • discuss and agree with you what they are going to record about you
  • give you a copy of letters they are writing about you; and
  • show you what they have recorded about you, if you ask


How your records are used

The people who care for you use your records to:

  • Provide a good basis for all health decisions made by you and care professionals
  • Allow you to work with those providing care
  • Make sure your care is safe and effective, and
  • Work effectively with others providing you with care

Others may also need to use records about you to:

  • check the quality of care (such as clinical audit)
  • protect the health of the general public (such as national screening programmes)
  • keep track of NHS spending
  • manage the health service
  • help investigate any concerns or complaints you or your family have about your health care
  • teach health workers and
  • help with research

Some information will be held centrally to be used for statistical purposes. In these instances we take strict measures to ensure that individual patients cannot be identified.

We use anonymous information, wherever possible, but on occasions we may use personally identifiable information for essential NHS purposes such as research and auditing. However, this information will only be used with your consent, unless the law requires us to pass on the information.


How we keep your records confidential

Everyone working for the NHS has a legal duty to keep information about you confidential.

We have a duty to:

  • Maintain full and accurate records of the care we provide to you
  • Keep records about you confidential, secure and accurate
  • Provide information in a format that is accessible to you (ie in large type if you are partially sighted).

We will not share information that identifies you for any reason, unless:

  • you ask us to do so;
  • we ask and you give us specific permission;
  • we have to do this by law;
  • we have special permission for health or research purposes or
  • we have special permission because the interests of the public are thought to be of greater importance than your confidentiality


Primary Care Network (PCN)

We are a member of GP Connect Primary Care Network (PCN). This means we will be working closely with a number of other Practices and health and care organisations to provide healthcare services to you.

During the course of our work we may share your information with these Practices and health care organisations/professionals. We will only share this information where it relates to your direct healthcare needs.

When we do this we will always ensure that appropriate agreements are in place to protect your information and keep it safe and secure. This is also what the Law requires us to do.

If you would like to see the information the PCN holds about you please contact: Data Protection Officer - Judith Jordan, Arden & GEM Head of Integrated Governance on 0121 611 0730.


Who are our partner organisations?

We may share information with the following main partner organisations:

  • NHS England
  • Public Health England
  • Clinical Commissioning Groups
  • NHS Trusts (Hospitals)
  • Ambulance Service

We may also share your information, with your consent and subject to strict sharing protocols about how it will be used with:

  • Social Services
  • Education Services
  • Local Authorities
  • Voluntary Sector Providers
  • Private Sector

Anyone who receives information from us also has a legal duty to:

  • Keep it confidential


General Data Protection Register (GDPR)

The EU GDPR came into force on 25th May 2018, replacing the Data Protection Act 1998 (DPA); the Data Protection Act 2018 is to be read in conjunction with the GDPR. The GDPR applies to all EU member states and Holbrooks Health team must be able to demonstrate compliance at all times. Understanding the requirements of the GDPR will ensure that personal data of both staff and patients is protected accordingly. As a result, we are publishing a new Privacy Notice to make it easier for you to find out how we use and protect your information. We will not be changing the way we use your personal information but the new notice will provide you with additional details such as:

  • Your increased rights in relation to the information we hold about you
  • How we keep your personal information secure
  • The types of personal information we collect about you and how we collect and use it
  • The legal grounds for how we use your information

See our Access to medical records policy which includes the application form required for each request.


Caldicott Guardian

The Caldicott Guardian is an expert on confidentiality issues and access to patient records.  Dr Bettina Kleine holds this role within the practice.


Freedom to Speak Up Guardian

Staff within the can speak up to their Freedom To Speak Up (FTSU) Guardian about any concern that they have. Staff can text, email or telephone the Guardian confidentially to seek support and advice on how to escalate or manage their concerns.  The Freedom to Speak Up process is adhered to by the Guardian which provides structure and consistency when managing each speak up case. It is the role of the Guardian to ensure that the identity of staff speaking up to them is protected, that conversations take place to understand and manage expectations, and to gain consent to sharing identity where appropriate. Dr Kiran Mandhyan holds this role within the practice.



If you have any concerns about about our information rights practices you may contact the Information Commissioner (ICO).

Information Commissioner’s Office (ICO)

The details are publicly available from the Information Commissioner:

Wycliffe house

Water Lane




Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.