We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice
Your information - what you need to know
This privacy notice explains why we collect information about you, how that information will be used, how we keep it safe and confidential and what your rights are in relation to this. If you want to speak to us about your data, please contact the practice.
Why we collect information about you
Your records are used to ensure you get the best possible care. Your information helps them to make the best decisions about your care and helps provide you with proactive advice and guidance. Important information is also collected to help us to remind you about specific treatment which you might need, such as health checks, immunisations for children and reminders for screening appointments. We work with other NHS services to co-ordinate these.
Information held about you may be used to help protect the health of the public and to help us to improve NHS services. Information may be used within the GP practice to monitor the quality of the service provided (known as ‘clinical audit’).
What data do we collect and receive about you?
Records are stored digitally and on paper. Your record includes personal details about you such as your name, date of birth, address, carers, legal representatives, emergency contact details, as well as:
- Any appointments, visits, emergency appointments
- Notes and reports about your health
- Details about your diagnosis, treatment and care
- Details about any medication you are taking
- Results of investigations such as laboratory tests, x-rays
- Relevant information from health and care professionals, relatives and/or carers
We also receive information from other organisations that are caring for you that we hold in your record, including letters and test results.
How we keep your information confidential and safe
Everyone working for our organisation is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law. The NHS Digital Code of Practice on Confidential Information applies to all NHS staff and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All our staff are expected to make sure information is kept confidential and receive regular training on how to do this.
The health records we use will be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel.
We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- General Data Protection Regulation (GDPR 2016/679)
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality and Information Security
- Health and Social Care Act 2015
- And all applicable legislation
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.
How we use your information for providing your care
Prescriptions
Where you have given consent, we will share your prescription information with pharmacies.
Test requests and results
Where we carry out tests for you—such as blood tests—we will send your sample, along with details of the tests requested, to the most appropriate pathology laboratory. The information shared with the laboratory will include your NHS number, name, the type of test requested, and any health information necessary to perform the test and produce the result or report. Once completed, the laboratory will return the results to us in digital or paper form, and these will be stored in your electronic patient record (EPR).
Out of hours
We work closely with out‑of‑hours providers, including NHS 111, to ensure that if you need care from a doctor outside normal surgery hours, they can access your electronic patient record when necessary to provide the best possible care. This care may be delivered in various ways, such as through a telephone consultation.
Primary Care Networks
Primary Care Networks (PCNs) are a key part of the NHS Long Term Plan, designed to enable neighbouring GP practices to work more closely together by sharing services, improving access, and enhancing the delivery of patient care. Your information may be shared with services operating at PCN level—for example, when you are referred to a specialist clinic that is available to patients from all practices within the PCN.
Patient referrals
With your agreement, your healthcare professional may refer you to services that are not provided by the practice, or they may work with other organisations to help deliver your care within the practice. Information required for these referrals or shared‑care arrangements will usually be shared digitally—most commonly through shared record systems or secure email, and in some cases by letter.
Once you have been seen, the receiving service will provide us with details of the treatment or support they have given you, along with any actions your GP needs to take. This information is added to your electronic patient record. Referrals may be made to a range of services as appropriate for your care, such as smoking‑cessation services, social prescribers, voluntary organisations, and other health and care agencies.
Hospital, Community or Social Care Services
Sometimes the staff caring for you need to share certain information with other professionals who are also involved in supporting your care. This may include hospital or community‑based specialists, nurses, health visitors, therapists, or social care services. Information will be shared with organisations providing your care both locally and, where necessary, in other parts of the country—for example, if you require specialist treatment or emergency care while away from home.
Somerset Integrated Digital Electronic Record (SIDeR)
Health and social care services have developed—and continue to improve—systems that allow important information to be shared efficiently and safely. This ensures that the professionals involved in your care have timely access to the details they need, whether during routine appointments or in urgent situations such as attending A&E, calling NHS 111, or using an out‑of‑hours service. Shared records help reduce delays and avoid the need for staff to gather information by phone or email.
In Somerset, the Somerset Integrated Digital e‑Record (SIDeR) Programme supports this by enabling authorised health and care staff to view relevant information from the different services involved in your care. This helps them quickly understand your needs and provide the right treatment at the right time. Your information will only be available to staff directly involved in your care, and only when they need it.
Access to these shared systems is strictly controlled. Only authorised staff can view the information, and each person can see only the parts of your record necessary for their role. Shared record systems do not contain all of your data—only the information that participating services have agreed is essential for delivering safe and effective care.
For more information about shared care records, please visit: SiDER+ webpage
Clinical Digital Tools
We also use a range of digital tools to support improved patient care and experience. These tools may relate to specific conditions and help with diagnosis, clinical decision‑making, prescribing, and the management of long‑term or acute health needs. Many of these digital systems are developed and managed by third‑party organisations contracted by the NHS to provide specialist services that contribute to high‑quality patient care. Your information may be shared with, or processed by, these organisations where it is relevant and necessary for your care.
Digital Tools
We use a range of digital tools to improve patient experience and support administrative functions within the practice. These tools include services for patient registration, online appointment booking, text messaging, online consultations, appointment reminders, and SMS campaigns that help us keep you informed about services, changes, and important updates at the practice.
Some of these digital tools—both clinical and administrative—may also incorporate automation or artificial intelligence (AI) to enhance accuracy, safety, and operational efficiency.
Safeguarding of children or vulnerable adults
If we have significant concerns, or receive information indicating that a child or vulnerable adult may be at risk of harm, we may share relevant information with other organisations involved in safeguarding and ensuring their safety. This may include local authorities, social care teams, and the Police.
Further information can be found in our Safeguarding Statement Policy.
Medicines Management
We work with the local Medicines Management Team at NHS Somerset Integrated Care Board (ICB) to help ensure that patients receive the most effective and appropriate medicines for managing their conditions. This work generally uses anonymous data; however, the team may sometimes support the practice in reviewing medication for patients with more complex needs. Our clinicians may also seek advice and guidance from the Medicines Management Team on specific prescribing queries.
Identifying health risks
We use systems known as risk stratification tools to help identify individuals who may be at higher risk of developing certain conditions. This enables us to focus on preventing ill health before it develops and to offer additional support where appropriate. These tools use information from a range of sources, including hospitals and the practice. Using this information helps us identify patients who may benefit from further care, monitoring, or preventative services to improve their health.
Population Health Management
Health and care services work together as part of Integrated Care Systems (ICS) and share data for several important reasons:
- To understand the health and care needs of the local population, including identifying health inequalities and areas where support is needed most.
- To target resources and support where they will have the greatest impact on improving outcomes and reducing inequalities.
- To identify early interventions that help keep people well, not only supporting those already receiving care but also joining up services across different organisations to provide more coordinated and proactive care.
Multidisciplinary Team
For some long‑term conditions, such as asthma, the practice takes part in meetings with staff from other organisations involved in providing your care. These meetings help us plan and coordinate the most appropriate care for patients with complex or long‑term health needs.
National Services (including screening programmes)
There are several national NHS services—such as the National Diabetes Audit and the National Cancer Screening Programmes—that collect and securely hold information from across the NHS. This allows the NHS to know when to contact you about important services, including cervical, breast, or bowel cancer screening.
You can find out more about how the NHS holds and shares your information for national screening programmes by visiting the NHS Screening website.
Information may also be shared for public health purposes when necessary—for example, if someone contracts a communicable disease such as measles. Sharing this data helps health authorities monitor and manage public health risks and support the safety of the wider population.
Clinical Audit
Information may be used by the Integrated Care Board (ICB) for clinical audit purposes to monitor the quality of care provided to patients with long‑term conditions. In some cases, information is held centrally and used for statistical or audit purposes—for example, contributions to national programmes such as the National Diabetes Audit. When this happens, strict measures are applied to ensure that individual patients cannot be identified from the data.
Clinical Research
We occasionally receive requests from external organisations to use patient information for research purposes. If such a request involves identifiable information, we will always ask for your explicit permission before any information is shared.
Improving Diabetes Care
Information that does not identify individual patients is used to support practice‑led local diabetes review meetings between healthcare professionals. Using anonymised data in this way enables focused discussions about how to improve the management and support of patients with diabetes, without revealing any personal information.
Individual Funding Request
An Individual Funding Request (IFR) is a request made on your behalf, with your consent, by a clinician to seek funding for specialised healthcare that falls outside the range of services routinely commissioned by the Integrated Care Board (ICB). An IFR may be considered when your clinician is able to demonstrate that there are exceptional clinical circumstances which make your case significantly different from other patients with the same condition at a similar stage of illness, or when the treatment requested is new or experimental and there are no comparable patients who might benefit from it.
Once the ICB has reviewed the request, a detailed response—setting out the decision and the criteria considered—will be provided to your GP.
Invoice Validation
Invoice validation is an important process that helps ensure healthcare providers are paid correctly for the services they deliver. It involves using your NHS number to identify which Integrated Care Board (ICB) is responsible for funding your treatment. Section 251 of the NHS Act 2006 provides a legal basis for the use of patient information for invoice validation purposes. Your NHS number may also be used to check whether your care should be funded through specialised commissioning, which is paid for by NHS England. This process ensures that payments are accurate and made to the appropriate organisations.
National Fraud Initiative - Cabinet Office
The Cabinet Office uses data for data‑matching exercises under statutory authority provided by Part 6 of the Local Audit and Accountability Act 2014. These exercises are carried out to assist in the prevention and detection of fraud. The use of information for this purpose does not require the consent of the individuals concerned under data protection legislation. All data‑matching undertaken by the Cabinet Office is subject to a published Code of Practice, which sets out how the data must be handled securely and lawfully.
For further information see the UK Government website.
National Registries
National registries, such as the Learning Disabilities Register, have statutory permission under Section 251 of the NHS Act 2006 to collect and hold identifiable patient information without the need to obtain consent from each individual. This permission allows these registries to gather the information necessary to support planning, monitoring, and improving services for specific patient groups.
NHS App integration
Registered patients who use the NHS App can access and use the online services functionality through the app, giving them greater accessibility to healthcare services and advice from the practice.
This integration has been commissioned by NHS England, who—together with the GP practice—act as Joint Data Controllers for the data processed through online consultations accessed via the NHS App. It is important to note that NHS England does not have access to your GP patient record as part of these arrangements.
Summary Care Record (SCR)
The NHS in England uses a national electronic record called the Summary Care Record (SCR) to support patient care. Your SCR contains key information extracted from your GP record. It provides authorised healthcare professionals with fast, secure access to essential information about you in an emergency or when you require unplanned care—situations where your full medical record may not be available.
SCRs are designed to improve the safety and quality of the care you receive. The core SCR includes your:
- allergies
- adverse reactions
- current medications
With your agreement, an SCR with additional information can also include:
- the reason for prescribed medications
- vaccinations
- significant diagnoses and long‑term problems
- significant procedures
- anticipatory care information
- end‑of‑life care preferences
Adding this additional information can improve the care you receive, especially in urgent or unplanned situations.
Please be aware that if you choose to opt out of having an SCR, NHS healthcare staff treating you outside of this practice may not have immediate access to important details such as your current medications, allergies, or past reactions to medication. This may affect their ability to treat you safely in an emergency. If you opt out, your information will only be shared using traditional methods such as letter, email, or telephone.
You can opt out of the Summary Care Record either by completing the online opt‑out process or by filling in an SCR opt‑out form and returning it to the practice.
Supporting Locally Commissioned Services
Integrated Care Boards (ICBs) support GP practices by auditing anonymised data to monitor locally commissioned services, assess local health needs, and improve data quality. This data does not include any information that can identify you. It is used solely to support the planning and delivery of patient care and to ensure providers are accurately reimbursed for the services they provide.
Data Retention
We manage patient records in line with the Records Management NHS Code of Practice for Health and Social Care which sets the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England, based on current legal requirements and professional best practice. If you transfer to another GP and we are asked to transfer your records we will do this to ensure your care is continued. Currently the NHS is required to keep GP records for 10 years after a patient has died. Exceptions to these rules are detailed in the code of practice.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:
- NHS Trusts
- Specialist Trusts
- GP Federations
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Social Care Services
- Local Authorities
- Education Services
- Fire and Rescue Services
- Police
- Other ‘data processors’
We will never share your information outside of health partner organisations without your explicit consent unless there are exceptional circumstances such as when the health or safety of others is at risk, where the law requires it or to carry out a statutory function.
Within the health partner organisations (NHS and Specialist Trusts) and in relation to the above mentioned themes – Risk Stratification, Invoice Validation, Supporting Medicines Management, Summary Care Record – we will assume you are happy for your information to be shared unless you choose to opt-out (see below).
This means you will need to express an explicit wish to not have your information shared with the other organisations; otherwise it will be automatically shared. We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional. There are occasions when we must pass on information, such as notification of new births, where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS), and where a formal court order has been issued. Our guiding principle is that we are holding your records in strictest confidence.
Your right to withdraw consent for us to share your personal information (Opt-Out)
If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything. If you do not want your information to be used for any purpose beyond providing your care you can choose to opt-out. We will respect your decision if you do not wish your information to be used for any purpose other than your care but in some circumstances we may still be legally required to disclose your data.
The NHS Constitution states ‘You have a right to request that your personal confidential information is not used beyond your own care and treatment and to have your objections considered’. For further information please visit UK Government - NHS Constitute.
There are several forms of opt- outs available at different levels:
Type 1 opt-out.
If you do not want personal confidential information that identifies you to be shared outside your GP practice you can register a ‘Type 1 opt-out’ with your GP practice. This prevents your personal confidential information from being used except for your direct health care needs and in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease. If you do not want your information to be used for any purpose beyond providing your care you can choose to opt-out. If you wish to do so, please let us know so we can code your record appropriately to stop your records from being shared outside of your GP Practice.
National data opt-out
The national data opt-out was introduced on 25 May 2018 and replaces the previous ‘type 2’ opt-out. NHS Digital collects information from a range of places where people receive care, such as hospitals and community services. The new programme provides a facility for individuals to opt-out from the use of their data for research or planning purposes. For anyone who had an existing type 2 opt-out, it will have been automatically converted to a national data opt-out from 25 May 2018 and you will receive a letter giving you more information and a leaflet explaining the new national data opt-out.
The national data opt-out choice can be viewed or changed at any time by using the online service at Your NHS Data Matters.
General Practice Data for Planning and Research (GPDPR) - NHS Digital
Right of Access to your information (Subject Access Request)
Under Data Protection Legislation everybody has the right to see, or have a copy, of data we hold that can identify you, with some exceptions. You do not need to give a reason to see your data. Under special circumstances, some information may be withheld. We may charge a reasonable fee for the administration of the request in certain instances (e.g. where a duplicate copy is requested).
Your request must be made in writing or by using our Subject Access Request Form.
Redgate Medical Centre
Westonzoyland Road
Bridgwater
TA6 5BF
Somerset Bridge Medical Centre
Stockmoor Park Estate
Taunton Road
Bridgwater
TA6 6LD
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details are incorrect in order for this to be amended. Please inform us of any changes so our records for you are accurate and up to date.
Mobile telephone number
If you provide us with your mobile phone number we may use this to send you reminders about your appointments or other health screening information. Please let us know if you do not wish to receive reminders on your mobile.
Email address
Where you have provided us with your email address we will use this to send you information relating to your health and the services we provide. If you do not wish to receive communications by email please let us know.
Notification
Data Protection Legislation requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
We are registered as a Data Controller and our registration can be viewed online in the public register.
Any changes to this notice will be published on our website and in a prominent area at the Practice.
Data Protection Officer
Should you have any data protection questions or concerns, please contact our Data Protection Officer at:
Kevin Caldwell
Somerset CCG
Wynford House
Lufton Way
Yeovil
Somerset
BA22 8HR
Complaints
If you have concerns or are unhappy about any of our services, please contact the Practice Manager or contact us online.
For independent advice about data protection, privacy and data-sharing issues, you can contact:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113
Online: ICO Website
Reviews of and Changes to our Privacy Notice
We will keep our Privacy Notice under regular review. This notice was last reviewed in January 2026.