FedBucks Limited complies with the Data Protection Act (DPA) and General Data Protection Regulations (GDPR) in all our dealings with your personal data.

Medical information will be kept confidential and will only be disclosed to those involved with your treatment or care, including your GP, and, if applicable, to any other person or organisation who may be responsible for your treatment or for funding your care.

We use a facility called GP Connect to support your direct care. GP Connect makes patient information available to all appropriate clinicians when and where they need it, to support direct patients care, leading to improvements in both care and outcomes. GP Connect is not used for any purpose other than direct care.

Authorised Clinicians such as GPs, NHS 111 Clinicians, Care Home Nurses (if you are in a Care Home), Secondary Care Trusts, Social Care Clinicians are able to access the GP records of the patients they are treating via a secure NHS Digital service called GP connect.

The NHS 111 service (and other services determined locally e.g. Other GP practices in a Primary Care Network) will be able to book appointments for patients at GP practices and other local services.

Legal basis for sharing this data

In order for your Personal Data to be shared or processed, an appropriate “legal basis” needs to be in place and recorded. The legal bases for direct care via GP Connect is the same as the legal bases for the care you would receive from your own GP, or another healthcare provider:

  • for the processing of personal data: Article 6.1 (e) of the UK GDPR: “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.
  • for the processing of “Special Category Data” (which includes your medical information): Article 9.2 (h) of the UK GDPR: “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services”.

Under the DPA and GDPR, we will only keep your information as long as is necessary and in accordance with the retention periods set out in the Department of Health’s Record Management Code of Practice for Health and Social Care 2016. All records are destroyed confidentially once their retention period has been met and we have made the decision that the records are no longer required.

Your rights

Because the legal bases used for your care using GP Connect are the same as used in other direct care situations, the legal rights you have over this data under UK GDPR will also be the same- these are listed elsewhere in our privacy notice.

Please review our full Data Protection Policy.

If you would like to review any of FedBucks’ Data Protection Impact Assessments, please email your request to bucksadmin@nhs.net.