Privacy Notice

How we use and share your information

The Old Dairy Health Centre keeps medical records confidential and complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

We hold your medical record so that we can provide you with safe care and treatment.

We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.

We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care; for example, your GP will share information when they refer you to a specialist in a hospital, or your GP will send details about your prescription to your chosen pharmacy.

For more information on how we share your information with organisations who are directly involved in your care can be found in our Local Care Record section of Practice Information.

Healthcare staff working in A&E and out of hours care will also have access to your information; for example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record.

For more information go to

You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.

Other important information about how your information is used and shared to provide you with health care.

Registering for NHS care

  • All patients who receive NHS care are registered on a national database.
  • This database holds your name, date of birth, NHS Number, contact details (address, telephone/mobile number and email – if provided), but it does not hold information about the care you receive.
  • The database is held by NHS Digital, a national organisation that has legal responsibilities to collect NHS data.

For full information, please go to

Alternatively you can call 0300 303 5678

Identifying patients who might be at risk of certain diseases

  • Your medical records will be searched by a computer programme (risk stratification tool) managed by United Health (also known as Optum), so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital. This means we can offer patients additional care or support as early as possible. For further information, please visit
  • Risk stratification enables us to focus on the preventing ill health and not just the treatment of sickness. This process will involve linking information from your GP record with information from other health or social care services you have used.
  • Information, which identifies you, will only be seen by this practice.
  • For more information, please speak to the practice.
  • Please note that you have the right to opt out, by contacting the practice.


  • Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs are protected from risk of harm. These circumstances are rare and we do not need your consent or agreement to do this.
  • Information on safeguarding children and adults is on the Lambeth CCG website at

We are required by law to provide you with the following information about how we handle your information.

Data Controller

The Old Dairy Health Centre

19b Croxted Road, London SE21 8SZ

Telephone: 020 8761 8070, Fax: 020 8761 7310


Data Protection Officer

Judy Williams (Practice Manager)

Purpose of the processing

  • To give direct health or social care to individual patients. For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
  • To check and review the quality of care. This is called audit and clinical governance.

Lawful basis for processing

These purposes are supported under the following sections of the GDPR: Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” Healthcare staff will also respect and comply with their obligations under the common law duty of confidence. Full information on the common law duty of confidence can be found at

Recipient or categories of recipients of the processed data

The data will be shared with:

  • Healthcare professionals and staff in this surgery
  • Local Care Record
  • Local hospitals – King College Hospital NHS Foundation Trust, Guys and St Thomas’ Hospital NHS Foundation Trust, South London and Maudsley NHS Foundation Trusts
  • Out of hours services
  • Urgent and emergency care services, such as NHS 111 and the London ambulance services
  • Diagnostic and treatment centres
  • Lambeth GP Access Hub –
  • Other organisations involved in the provision of direct care to individual patients

Rights to object

  • You have the right to object to information being shared between those who are providing you with direct care.
  • This may affect the care you receive – please speak to the practice.
  • You are not able to object to your name, address and other demographic information being sent to NHS Digital. This is necessary if you wish to be registered to receive NHS care.
  • You are not able to object when information is legitimately shared for safeguarding reasons. In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
  • The information will be shared with the local safeguarding service. Information can be found on the Lambeth CCG website for adults and children at

Right to access and correct

You have the right to access, or be provided with a copy of personal data held about you, and have any errors or mistakes corrected. Please register for Patient Access, which enables you to view your medical records online (subject to approval), or you will need to make a ‘Subject Access Request’ to the practice. Please contact the practice to do so. Fees may be charged for repetitive requests.

We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Retention Period

GP medical records will be kept in line with the law and national guidance.

Information on how long records are kept can be found at: or speak to the practice.

Right to complain

You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link or call the helpline 0303 123 1113.

Data we get from other organisations

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.

How the NHS and care services use your information

The Old Dairy Health Centre is one of many organisations working in the health and care system to improve care for patients. Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. The information collected about you when you use these services can also be used and provided to other organisations for  purposes beyond your individual care, for instance to help with:

  • Improving the quality and standards of care provided
  • Research into the development of new treatments
  • Preventing illness and diseases
  • Monitoring safety
  • Planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information, you do not need to do anything. If you do choose to opt-out, your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit

On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual
    care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can apply your national data opt-out choice. Our organisation is able to apply your national data opt-out choice to any confidential patient.