Middle Lane Surgery



We are an Independent GMS practises contracted by BCUHB.  We serve a practice population of 3500 people across 1 site and employ 14 staff to include General Practitioners, Practice Nurses, Health Care Assistants and administration staff.

What is a privacy notice?

A Privacy Notice is a statement to patients, service users, visitors, carers, the public and staff that describes how we collect use, retain and disclose personal information which we hold.  This is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy.

This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.


Why issue a privacy notice?

Middle Lane Surgery recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties.  This notice is one of the ways in which we can demonstrate our commitment to our values and being transparent and open.

This notice also explains what rights you have to control how we use your information.


What are we governed by?

The key pieces of legislation/guidance are:

  • General Data Protection Regulations
  • Human Rights Act 1998 (Article 8)
  • Access to Health Records Act 1990
  • Freedom of Information Act 2000
  • Health & Social Care Act 2012, 2015
  • Public Records Act 1958
  • Copyright Design and Patents Act 1988
  • The Re-use of Public Sector Information Regulations 2015
  • The Environmental Information Regulations 2004
  • Computer Misuse Act 1990
  • The Common Law Duty of Confidentiality
  • Information Security Management – NHS Code of Practice


Who are we governed by?

  • Department of Health
  • Information Commissioners Office
  • Health Inspectorate Wales
  • NHS Wales


Why and how we collect information

Information which can be accessed, where there is a need, includes:

  • personal information, such as name, date of birth, gender;
  • allergies;
  • medication;
  • hospital admission, attendances and referral dates;
  • vaccinations and immunisations;
  • test results, including measurements such as blood pressure;
  • diagnoses (current and post problems);
  • treatment and medical procedures.


How we use information

  • To help inform decisions that we make about your care
  • To ensure your treatment is safe and effective
  • To work effectively with other organisations who may be involved in your care
  • To support the health of the general public
  • To ensure our services can meet future needs
  • To review care provided to ensure it is of the highest standard possible
  • To train healthcare professionals
  • For research and audit
  • To prepare statistics on performance
  • To monitor how we spend public money


There is a huge potential to use your information to deliver care and improve health and care services across the NHS and social care.  The information can be used to help:

  • Improve individual care
  • Understand more about disease risks and causes
  • Improve diagnosis
  • Develop new services
  • Improve patient safety
  • Evaluation of policy/procedures/pathways


It helps because

  • Accurate and up to date information assists us in providing you with the best possible care
  • If you see another healthcare professional, specialist from another part of the NHS, they can readily access the information they need to provide you with the best care possible.
  • Where possible, when using information to inform future services and provision, non-identifiable information will be used.


How information is retained and kept safe?

Information is retained in secure electronic and paper records and access is restricted via passwords to the electronic computer system and in locked filing cabinets.  It is important that information is kept safe and secure to protect your confidentiality.

Under the NHS Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide and if an how your information can be shared.  This will be noted in your records.


What information will be blocked from viewing?

No information will routinely be blocked from viewing unless you specifically ask for information to be hidden.  For example, it may be possible to hide particularly sensitive information such as sexually transmitted diseases, termination of pregnancy, etc. from certain individuals.  If you have any questions, please discuss this initially with your Practice Manager.


How will my information be kept secure and confidential?

Your GP medical record is stored on a secure computer system and access to it is strictly controlled.  Where groups of staff work with the practice but are not employed by the practice (e.g. District Nurse) they will have signed an agreement to confirm that they will follow the strict controls in place around the computer system itself, and around any staff who are allowed to access the system. Everyone working with the practice has a legal, contractual and professional duty to keep information about you secure and confidential.


Can I find out who has viewed my medical record?

Every time your electronic GP medical record is accessed an audit log is created.  These audit logs are retained so if you are concerned that someone has inappropriately accessed your record, please discuss this initially with the Practice Manager.


Is there a danger someone else could hack into my record or that my information could be lost?

Contracts are in place with the supplier of the clinical computer systems to ensure that they have robust security measures installed. These measures will prevent any information from being accessed without permission, lost or accessed inappropriately by a third party.


Your right to withdraw consent

You have the right to refuse/withdraw consent to information sharing at any time.  We will fully explain the possible consequences to you, which could include delays in you receiving care.


Contacting us about your information

Each practice has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing.  This person is known as the Calidcott Guardian.  You can contact the Calidcott Guardian at the practice.


Your NHS number, keep it safe

Every person registered with the NHS in England and Wales has their own unique NHS number. It is made up of 10 digits for example 123 456 7890.

Your NHS number is used by healthcare staff to identify you correctly.  It is an important step towards improving the safety of your healthcare.  To improve safety and accuracy always check your NHS number on correspondence the NHS sends to you.

If you don’t know your NHS number, ask at the Practice.  You may be asked for proof of identify for example a passport of other form of identity.  This is to protect your privacy.


For further information


If you would like additional information you can discuss the sharing of your medical records with the Practice Manager, GP or any other member of the healthcare team.





Date published: 18th October, 2014
Date last updated: 7th June, 2024