Information about you and the care you receive is shared, in a secure system, by healthcare staff to support your treatment and care.

It is important that we, the NHS, can use this information to plan and improve services for all patients. We would like to link information from all the different places where you receive care, such as your GP, hospital and community service, to help us provide a full picture. This will allow us to compare the care you received in one area against the care you received in another, so we can see what has worked best.

Information such as your postcode and NHS number, but not your name, will be used to link your records in a secure system, so your identity is protected. Information which does not reveal your identity can then be used by others, such as researchers and those planning health services, to make sure we provide the best care possible for everyone.

How your information is used and shared is controlled by law and strict rules are in place to protect your privacy.

We need to make sure that you know this is happening and the choices you have.

• HSCIC Patient Leaflet
• FAQs

Introduction

This policy is designed to protect both patients and staff from abuse or allegations of abuse and to assist patients to make an informed choice about their examinations and consultations.

Guidelines

A chaperone can be requested by either

• The patient or
• The clinician

Patients who request a chaperone should never be examined without a chaperone being present.

Who Can Act as a Chaperone?

Chaperones should be clinical staff familiar with procedural aspects of personal examination. On the very rare occasion when this is not possible then a member of staff who has received formal training as a Chaperone can be used.

Confidentiality

The chaperone should only be present for the examination itself, and most discussion with the patient should take place while the chaperone is not present.

Patients should be reassured that all practice staff understand their responsibility not to divulge confidential information.

Procedure

• The clinician will contact reception to request a chaperone.
• Where no chaperone is available, a clinician may offer to delay the examination to a date when one will be available, as long as the delay would not have an adverse effect on the patient’s health.
• If a clinician wishes to conduct an examination with a chaperone present but the patient does not agree to this, the clinician must clearly explain why they want a chaperone to be present. The clinician may choose to consider referring the patient to a colleague who would be willing to examine them without a chaperone, as long as the delay would not have an adverse effect on the patient’s health.
• The clinician will record in the notes that the chaperone is present, and identify the chaperone.
• The chaperone will enter the room discreetly and remain in the room until the clinician has finished the examination.
• The chaperone will normally attend inside the curtain at the head of the examination couch and watch the procedure.
• To prevent embarrassment, the chaperone should not enter into conversation with the patient or GP unless requested to do so, or make any mention of the consultation afterwards.

What is a privacy notice and why does it apply to me?

A Privacy Notice tells people how organisations use information that they hold about them. A new law called the UK General Data Protection Regulation 2016, also known as UKGDPR, says that we need to provide you with this Privacy Notice and let you know:

• What information we hold about you
• How we keep this especially important information safe and secure and where we keep it
• How we use your information
• Who we share your information with
• What your rights are
• When the law gives us permission to use your information

Why does the law give you permission to use my information?

The law gives us permission to use your information in situations where we need it to take care of you. Because information about your health is very personal, sensitive and private to you, the law is very strict about how we use it.

So, before we can use your information in the ways we have set out in this Privacy Notice, we have to have a good reason in law, which is called a ‘lawful basis’.  Not only do we have to do that, but we also have to show that your information falls into a special group or category, because it is very sensitive. By doing this the law makes sure we only use your information to look after you and that we do not use it for any other reason.

If you would like more information about this please ask to speak to our Data Protection Officer (DPO) mentioned in this Privacy Notice who will explain this in more detail.

About Us

We, at Dr A Sulakshana and Partners, are responsible for collecting, storing and handling your information when you registered with us as a patient. Because we do this, the law says we are Data Controllers. Sometimes we may use your information for a particular purpose and when we do so, the law says we are Data Processors.

What information do you hold about me?

We hold information about you such as:

• Your name
• Address
• Mobile number
• Information about your parent(s) or person with parental responsibility
• All your health records
• Appointment records
• Visits to see your GP
• Treatments you have had
• Medicines prescribed for you and any other information to help us look after you

How do you keep it safe?

• The law says that we must do all we can to keep your information private, safe and secure.
• We use secure computer systems and we make sure that any written information held about you is under lock and key and kept in a safe place. This includes taking great care with any passwords we use which we change on a regular basis. We also train our staff to respect your privacy and deal with your information in a manner that makes sure it is always kept and dealt with in a safe way.

What do you do with my information?

• We only usually use your information to help us care for you. That means we might need to share your information with other people who are concerned and involved with looking after your health.
• We might need to share your information with the police, courts, social services, solicitors and other people who have a right to your information, but we always make sure that they have a legal right to see it (or have a copy of it) before we provide it to them.

Who else will see my information?

• Usually only doctors, nurses and other people who work with us are allowed to see your information.
• Sometimes though, if you need to go to the hospital or be seen by a special doctor, we will share your information with them but this only so that we can take care of you.
• Sometimes we might be asked to take part in medical research that might help you in the future. We will always ask you or your parent(s) or adult with parental responsibility if we can share your information if this happens.
• Possibly the police, social services, the courts and other organisations and people who may have a legal right to see your information.

What are my rights?

• If you want to see what information we hold about you then you have a right to see it and you can ask for it.
• To ask for your information you will usually need to put your request in writing and tell us what information you want us to give you.
• We usually need to answer you within one month. Your parent(s) or adult with parental responsibility can help you with is if you need help.
• Usually we will give this to you free of charge.
• If you think there are any errors in the information we hold about you then you can ask us to correct it but the law says we can’t remove any of the information we hold about you even if you ask us to. This is because we need this information to take care of you.
• You have a right to ask us not to share your information.
• If you would like to talk to us about not sharing your information, even if this means you don’t want us to share your information with your parent(s) or adult with parental responsibility, please let us know. We will be happy to help.

What if I have a question?

• A member of our staff/receptionist will be happy to talk to you about any questions you may have and we will do our best to help you.
• The Surgery has a person called a Data Protection Officer (DPO) who deals with all queries about patient information. Our receptionist may put you in touch with this person who will listen to your concerns and give you the advice you need.
• The Data Protection Officer for the for the GPs for the Bedfordshire Luton and Milton Keynes GP Practices signed to Arden and GEMCSU is:Judith Jordan, Arden & GEM Head of Integrated Governance, but we have a team who carry out the function, the contact details are:
  •  Email:agem.dpo@nhs.net
  • Telephone: 0121 611 0730

What if I have a serious complaint about how you look after my information?

• We will always do our best to look after your information and to answer your questions.
• If you are still not happy with something we have done with your information you can speak to our DPO.
• If our DPO has not been able to help you or if you prefer not to speak to our DPO then you have a right to pass your complaint to an organisation called the Information Commissioner’s Office (ICO) who will look into what has gone wrong. For more information visit ico.org.uk

Updates to this privacy notice

• The law says we must keep all information we provide in this Privacy Notice up to date.
• This Privacy Notice was last updated on 01/07/2025 and will be reviewed on 01/07/2026

Our aim is to provide the highest level of care for all our patients.  We will always be willing to hear if there is any way that you think we can improve the service we provide.

Making a complaint:

If you have a complaint or concern about the service that you have received from the doctors or staff working for this practice, please speak to our receptionists and they will advise you of the procedure.

We hope that most problems can be sorted out easily and quickly, often at the time they arise and with the person concerned.  If your problem cannot be sorted out in this way and you wish to make a complaint, we would like you to let us know as soon as possible in writing, ideally within a matter of days or at most a few weeks because this will enable us to establish the facts in a timely manner.  If it is not possible to do this, please let us have details of your complaint:

• Within 12 months of the incident that caused the problem or
• Within 12 months of discovering that you have a problem, provided it is within 12 months of the incident.

Please complete the complaints form below:

feedback form.

Please submit your complaint in writing and give as much information as you can.  Send your complaint to the practice for the attention of the Practice Manager as soon as possible.  Alternatively, you can email your complaint to barton.letters@nhs.net

Complaining on Behalf of someone else:

Please note that we keep strict rules of medical confidentiality.  If you are complaining on behalf of someone else, we must know that you have their permission to do so.  A note signed by the person concerned will be required.

Help us to get it right

We constantly try to improve the service we offer.

Please let us know when you think we have done something well or if you have any suggestions as to how we can do something better.

All staff working within the NHS have a legal duty of confidentiality towards patients which is written into their Contract of Employment.

No information concerning a patient will be given to a third party without the consent of the patient involved.

We adhere strictly to the Data Protection Act.

COVID19-Privacy-Notice-v5-May-2023-permanent-1

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.

Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.

Here you can find additional information about OpenSAFELY

All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice.

The average pay for GPs who worked for six months or more in The Surgery in the last financial year was £74,177 before Tax and National Insurance. This is for 3 full-time GP’s and 4 part-time GP’s.

The main reasons for which your information may be needed are:

• Giving you health care and treatment
• Looking after the health of the general public
• Managing and planning the NHS – for example
• Making sure that our services can meet patients needs in the future
• Preparing anonymous statistics on NHS performance and activity
• Investigating complaints or legal claims
• Helping staff to review the care they provide to make sure it is of the highest standard
• Training and educating staff
• Research approved by the Local Research Ethics Committee.
  (If anything to do with the research would involve you personally, you will be contacted to see if you are willing).

If at any time you would like to know more about how we use your information you can speak to Jo Penlington Practice Manager.

NHS Digital is developing a new system to support the national data opt-out which will give patients more control over how confidential patient information is used. The system will offer patients and the public the opportunity to make an informed choice about whether they wish their confidential patient information to be used just for their individual care and treatment or also used for research and planning purposes.

Patients and the public who decide they do not want their confidential patient information used for planning and research purposes will be able to set their national data opt-out choice online.

For further opt-out information, please visit the NHS Digital site:

• digital.nhs.uk/opt-out-programme

And if you would like to opt-out, you can follow the process using the link below;

• www.nhs.uk/manage-your-choice

Our practice policy on this subject is available to review below:

• National Data Opt-Out Policy

This policy sets out the practice provision to ensure that patients are afforded privacy and dignity, and are treated respectfully, in all appropriate circumstances where there is the potential for embarrassment or for the patient to feel “ill at ease”.

The requirement to respect patients is the responsibility of all staff, not just those in direct clinical contact with the patient.

Vulnerable patients in this respect may include:

• Elderly
• Infirm
• Disabled
• Those with racial or cultural beliefs
• Illiterate
• Homeless / no fixed abode
• Those with specific conditions
• Patients with communication difficulties
• Those patients with gender requirements
• Those known to staff / known by staff
• Family members
• Patients from minority groups

General

• The Practice will not stereotype patients based on perceived characteristics
• Patients will be referred to with respect even in private discussions in the surgery
• Patients will be addressed by their preferred method and titles. Mr, Mrs etc. will be used as a first preference by staff
• Guide dogs will be permitted in all parts of the building.
• A hearing loop will be installed
• Under no circumstances will staff enter through a closed consultation room / treatment room door without first knocking, and waiting for permission to enter (if occupied), or pausing to determine that the room is empty

Consultations

• Patients will be allowed free choice of gender of doctor and nurse, where available, and will be able to wait or delay an appointment to see their choice of clinician. Where clinically urgent, patients will be encouraged to see a clinician appropriate for their “best care”, however undue pressure is not appropriate
• Consultations will not be interrupted unless there is an emergency, in which case the room will be telephoned as a first step, before knocking at the door and awaiting specific permission from the clinician to enter
• A chaperone will be offered where an examination is to take place. See Chaperone Policy [*]
• Clinical staff will be sensitive to the needs of the individual and will ensure that they are comfortable in complying with any requests with the potential to cause embarrassment
• Patients will be afforded as much time and privacy as is required to recover from the delivery of “bad news”, and the clinical staff will, where possible, anticipate this need and arrange their appointments accordingly
• Clinicians and staff will allow “personal space” where possible and respect this
• Patients with difficulty in understanding due to language may have a family member or friend available to interpret or assist
• Communication by staff to patients will be individual according to the needs of the individual patient (e.g. those with speech difficulties, hearing, or learning difficulties may need an individual approach)
• Where an intimate examination is considered necessary to be performed on a patient with difficulty in understanding due to language or other issues (e.g. consent or cultural issues) it is recommended that a Chaperone or family member / carer should always be present
• Patients who may have difficulty in undressing may be offered the services of a second (same gender) clinician or trained Chaperone to assist
• Patients will be requested only to remove a minimum of clothing necessary for the examination
• Consultations in the patient’s home will be sensitive to the location and any other persons who may be present or may overhear

Post – Consultation

• Clinicians and staff will respect the dignity of patients and will not discuss issues arising from the above procedures unless in a confidential clinical setting appropriate to the care of the patient (respectful of the patient even when not present).

Appendix A – Privacy Notice

Dr Sulakshana & Partners

Appendix A – The Practice will share patient information with these organisations where there is a legal basis to do so.

We keep our Privacy Notice under regular review. This notice was last reviewed on 02 July 2025.

Lawful basis for processing:

The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the UK GDPR:

• Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
• Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

Objections/Complaints

Should you have any concerns about how your information is managed at the GP, please contact the GP Practice Manager or the Data Protection Officer as above. If you are still unhappy following a review by the GP practice, you have a right to lodge a complaint with a supervisory authority:

You have a right to complain to the UK supervisory Authority as below:

• Information Commissioner:
  Wycliffe house,
  Water Lane,
  Wilmslow,
  Cheshire,
  SK9 5AF
• Tel: 01625 545745
• https://ico.org.uk/

If you are happy for your data to be used for the purposes described in this privacy notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact Greensand Surgery Data Protection Officer.

If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer as below.

Data Protection Officer

The Data Protection Officer for the for the GPs for the Bedfordshire Luton and Milton Keynes GP Practices signed to Arden and GEMCSU is:

Judith Jordan, Arden & GEM Head of Integrated Governance, but we have a team who carry out the function, the contact details are:

•  Email:agem.dpo@nhs.net
• Telephone: 0121 611 0730

Changes:

It is important to point out that we may amend this Privacy Notice from time to time. If you are dissatisfied with any aspect of our Privacy Notice, please contact the Dr Sulakshana & Partners Data Protection Officer.

Generic-GP-GDPR-Privacy-Notice-v3.1-September-2023-SystmOne-Practices-GP-Connect-2

Dr Sulakashana and Partners have currently paused the use of Heidi A.I. and will let patients know should they resume it’s usage.

Dr Sulakashana and Partners are committed to delivering the best possible care to our patients. To enhance the quality and efficiency of our consultations, clinicians (your GP or a member of the multidisciplinary team within practice) may use Heidi Health AI Scribe during your appointment. This section provides information about what Heidi Health AI Scribe is and how your consent is managed.

What is Heidi Health AI Scribe?

Heidi Health AI Scribe is an advanced, secure digital assistant designed to support clinicians during consultations. It uses artificial intelligence to document medical notes, ensuring your clinician can focus on actively listening to your concerns and delivering personalised care, rather than spending time manually recording the notes. Clinicians review and approve the notes that have been captured prior to adding to the patient record.

• Improved Interaction: Allows clinicians to focus solely on the patient during the consultation.
• Accurate Documentation: Helps create precise, clear, and detailed medical notes for the patient record.
• Time Efficiency: Streamlines administrative tasks, giving clinicians more time to spend with their patients.

Patient Consent

Your privacy and comfort are our top priorities. Heidi Health AI Scribe only processes information discussed during your appointment and operates within strict privacy and data protection regulations. Before using Heidi Health AI Scribe, your clinician will explain its role and seek your verbal consent. You have the right to decline its use at any time.

• Data Security: Heidi Health AI Scribe complies with UK data protection laws, including GDPR, ensuring that your information is handled securely and confidentially.
• Data Protection Officer: The Heidi Health Data Protection Impact Assessment has been reviewed and approved by the Data Protection Officer for Hillton Primary Care Network, on behalf of your GP Practice.
• Your Control: If you prefer not to have Heidi Health AI Scribe involved, please do let your clinician know. This will not affect the quality of care you receive.

Policy written on 3rd March 2025
– Dr Avanti Sulakshana

NHS Staff must be able to come to work without fear of violence, abuse or harassment from patients or their relatives. The NHS has a zero tolerance attitude towards violence.

Violent, threatening or abusive behaviour including shouting and swearing will not be tolerated at this practice.

Patients who act in such a manner will be asked to leave the premises; the Police may be called and you could be removed from our patient list.

Our staff are here to help you, please treat them with respect.