How We Use Your Information

19 Beaumont Street Surgery takes the privacy of all our patients very seriously.

We are registered with the Information Commissioner’s Office as a Data Controller under registration number Z5846727. If you have any queries or wish to make a request in relation to your information, please contact:

Data Protection Officer
Dr C Kenyon & Partners
19 Beaumont Street


As a healthcare provider, we collect, store, use and share personal and confidential information about our patients, including special category health data, in accordance with UK Data Protection laws and other applicable legislation.

To change your choices about how we contact you by phone, text or email, click here 

For more information on how we use your information, please click the links below:

What information do you hold about me?

The health care professionals who provide you with care keep detailed records about your health and any treatment or care you receive. This includes information from a range of sources, including your previous GP Surgeries, hospital clinics and A&E visits.

We are required by law to store and maintain these records in order to provide you with the best possible healthcare and to protect your safety.

In carrying out this role we may collect and hold information about you which helps us respond to your queries, monitor the quality of care that we provide, and refer you to specialist services which you might need. The health records we use may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Information which we may hold about you may include the following:

  • Personal details about you, such as your name, address and next of kin
  • Any contacts our staff and services have had with you, such as phone calls, emails, appointments, clinic visits, etc.
  • Notes, letters and reports about your health
  • Details about your medications, treatment and care
  • Results of investigations such as blood tests, x-rays, hospital procedures, etc.
  • Relevant information from other health professionals, relatives or those who care for you.

How do you keep my information safe?

Everyone working for our organisation is subject to a legal duty of confidentiality. The information you provide to us is kept in confidence will only be used for lawful purposes.

  • Our staff receive training on data protection and confidentiality and we follow the NHS Digital Code of Practice on Confidential Information
  • The Surgery has signed an Information Sharing Agreement with other NHS providers in Oxfordshire and uses secure and lawful ways to share your information
  • Our electronic records are backed up securely in line with NHS standard procedures and information is held in secure locations and restricted to authorised personnel
  • We make sure contracts are in place with external data processors to protect your data
  • We will only ever use or pass on information about you if we reasonably believe that the recipients have a genuine need for it
  • We will not disclose your personally identifiable information to any third party who is not involved in providing your care without your permission, unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires the information to be passed on
  • We check that only the minimum amount of data is shared or accessed
  • We use smartcards and passwords to protect our IT systems, to ensure that only the right people have access to your data
  • We use encrypted email and storage systems on the secure NHS network, which make it harder for someone to intercept or ‘hack’ your information
  • We report and manage any incidents or ‘near misses’ and make sure we learn from them and improve
  • We manage patient records in line with the Records Management NHS Code of Practice for Health and Social Care.
  • We only use information collected lawfully in accordance with:
    • Data Protection Act 2018 (and GDPR)
    • Human Rights Act
    • Common Law Duty of Confidentiality
    • NHS Codes of Confidentiality and Information Security
    • Health and Social Care Act 2015
    • And all other applicable UK legislation.

If you register with another GP Surgery in the UK, we will send your electronic and paper records to your new practice. This may involve sending your electronic record through a secure NHS system called GP2GP transfer. We do not send patient data outside of the EEA. If you are moving overseas and require a copy of your health information, please request this before you move.

How do you use my information?

Providing and supporting your care

We use and share the information in your GP record to support a wide range of activities relating to your healthcare. Common examples include:

  • Enabling the healthcare professionals who care for you to understand your health conditions, treatments and personal needs
  • Referring you to other healthcare providers when you need tests or treatments
  • Sharing samples with laboratories and sharing your results with specialists and other professionals involved in your care
  • Sending your prescriptions to a pharmacy and dealing with your medication queries
  • Recording allergies and other important health information
  • Receiving reports of appointments you have attended elsewhere, e.g. at a hospital clinic or other local health service
  • Investigating and responding to any queries or complaints you have about your care
  • Texting or emailing you with information about healthcare services or treatments
  • Inviting you to participate in research studies, if these are relevant to your health conditions

Improving quality and safety of care

We may use selected information from patient records to check that the care we provide is safe and to help us improve our services. Any information we use for this purpose is anonymised before it is shared to protect your confidentiality. Some examples include:

  • Auditing the treatment we provide, to check our care is in line with the latest recommendations
  • Identifying people at risk of developing particular health conditions or who might require additional support (known as ‘case finding’)
  • Reviewing any adverse events or ‘near misses’, to ensure our services are safe
  • Monitoring how long patients are waiting for our appointments
  • Providing reports to healthcare commissioners on the quality and activity of our services
  • Supporting staff training and developing services to meet patient need

Sharing required by law

Occasionally we are required by law to share your information with other agencies. In these situations we will usually discuss this with you first, but it is sometimes not possible for us to do so. These situations are uncommon, but examples might be:

  • To safeguard children or vulnerable adults who may be at risk of neglect or abuse
  • For the purposes of detecting or preventing a serious crime
  • To report notifiable infectious diseases to public health
  • To report cases of female genital mutilation or suspected radicalisation
  • If we are required to disclose the information by a court order.

What are my information rights?

Data protection law provides you with a number of rights which we are committed to supporting.

Right to Access

In accordance with the Data Protection Act 2018 you have the right to request a confirmation of the categories of data we are processing about you and the right to see, or have a copy of, the data we hold that can identify you. You do not need to give us a reason to see your data.

If you want to access your data please contact us. We will respond to your request within one month of receipt. Under special circumstances, some information may need to be withheld.

Right to Object

If you do not want information from your health record to be used (anonymously) for any purpose beyond providing your own care – such as to improve NHS care – you can choose to not allow this. We will respect your decision, but please note that in some circumstances we may still be legally required to disclose your data to third parties.

If you do wish to exercise this right, there are two main options available to you (you may choose either or both of these opt-outs):

  • Type 1 Opt-Out: If you do not want the Surgery to share information that identifies you for purposes beyond your direct care, you can register a ‘Type 1 Opt-Out’. This prevents information from your GP record from being shared other than for your direct care (and in particular circumstances required by law, such as a public health emergency). To do this you will need to contact us and request a Type 1 Opt-Out form. [link to the Contact the Practice page]
  • National Opt-Out: NHS Digital also collects information from a range of places where people receive care, such as hospitals and community services. If you do not want your information to be shared outside of NHS Digital, for purposes other than for your direct care, you will need to register a ‘National Opt-Out’. To do this you will need to contact NHS Digital 
  • You can also object to having your information made available to healthcare staff through the Summary Care Record and the Oxfordshire Care Summary systems. These two NHS record systems may be used by authorised health professionals to access your information if you need healthcare outside of the Surgery. For information on how to opt out of these record systems, see Choosing how we share your information.

Right to Correction

If the information we hold about you is incorrect, you are entitled to request that we correct it.

There may be occasions where we are required by law to maintain the original information – we will discuss this with you if necessary. You may request that the information is not used during this time.  We will respond to your request to correct information within one month of receipt.

Right to Complain

You also have the right to make complaints and request investigations into the way your information is used. If you have concerns, a complaint or would like further information, please contact us.

Where can I get further information?

For further details of how your information may be used and shared, please read our full privacy notice. (Coming Soon)

For independent advice about data protection, privacy and data-sharing, you can contact:

The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Phone: 0303 123 1113