How We Use Your Data – GDPR

Use of personal health information

The practice manages the confidentiality of your medical records in accordance with the Data Protection Act 1998. Our Primary Care Trust may require some of this data for auditing and research purposes. You may request that your data is excluded from these audits and research at any time. Please speak with reception for more information.

Please click HERE for important information on how we use your medical records General Data Protection Regulation (GDPR):

GPDPR – 1st September 2021

The data held in the GP medical records is used to support health and care planning and research in England, helping to find better treatments and improve patients outcomes for everyone.

You may have seen concerns expressed in the media this June 2021 about the new ways the NHS plans to collect / extract patient data; for planning purposes. The pre-1st September GP data Extraction System (GPES) ,is due to be replaced on 1st September 2021 with a new system called the General Practice Data for Planning and Research (GPDPR) under legal legislation (General Practice Data for Planning and Research (GPDPR) – NHS Digital).

The British Medical Association’s statement is a good summary of what is going on and that it is a legal obligation for general practices like WLMC to comply:

“NHS Digital issued a DPN (data provision notice) on 12 May 2021 as part of the development of GPDPR (GP data for planning and research). This is a planned replacement for the GPES (GP extraction service) to collect data for planning and research from general practices in England.

It is a legal obligation to comply with the DPN as a result of a new direction from the secretary of state for health and social care as part of the Health and Care Act 2012. Once fully established, this new collection will replace multiple other data collections from general practices. Read our full statement >

However, GPC England chair Richard Vautrey and RCGP chair Martin Marshall wrote to NHS Digital at the end of last week to express their concerns about the lack of communication with the public regarding the GPDPR programme. Read their information to the public and practices >

GPC England and the RCGP informed NHS Digital that while they are aware of the crucial role that GP data plays in research and planning to improve public health, it is important that any sharing of data is transparent and maintains public trust in how general practice and the NHS uses their information.

We have strongly lobbied NHS Digital to reconsider their timetable for implementation and called on them to run a comprehensive and significant public awareness campaign to increase communication with patients and practices.”

What Data is shared?

The extraction will take almost all the coded data from our patients record and pseudonymise (not anonymise) it for the purpose of research and planning.  

The data that may be shared will be data from patients medical records about:

·         Any living patient registered at a GP practice in England when the collection started- this includes adults and children

·         Any patient who dies after 1st July 2021, and was previously registered at a GP practice in England when the data collection started.

The NHS does not collect patients names or addresses. Records will be “pseudonymised” – which means that the identifiers such as date of birth, NHS number and exact postcode will be replaced by a code. This process is called pseudonymisation, and means the patient will not be identified directly in the data.

What are Some Concerned About? 

Some GPs and privacy campaigners are concerned about issues of data security. There is a long list of organisations outside the NHS, detailed on the NHS Digital website, including other government departments, research bodies, charities and pharmaceutical companies, with whom they might share the data.  

Pseudoanonymisation can be reversed, according to NHS Digital, if there is “a valid legal reason” to do so. Concerns are that it is not clear what such a reason might be, but the fact that it is possible to re-identify the records may be a cause for concern. 

Some are not confident that the tight rules and contracts proposed to prevent recipients of the data doing their own work to re-identify patients – for example, by combining bits of data with information gleaned from social media – will be 100% effective.

Most doctors and most patients are only just learning about this project, and at a time when General Practice is exceptionally busy and when time is short to give this matter consideration.  (Ref Apple News – Helen Salisbury – June 1, 2021 10:40 am (Updated June 1, 2021 2:14 pm)

How Can You Opt Out?

There are two types of opting out

1- Opt out by submitting this form to your GP

2- For any data that has left the GP practice, you would also need to register your objection here: Overview – Choose if data from your health records is shared for research and planning – NHS (

Contact our doctors online

Fill out a simple online form to get advice and treatment – We aim to respond within 2 working days, please bear with us if it takes a little longer. Please ignore the automated email response.