GDPR and Privacy

General Data Protection Regulation (GDPR)

Henfield Medical Centre work under the General Data Protection Regulations (GDPR) which came into force on 25th May 2018 and are working with the Data Protection Act (DPA). We have a legal duty to keep information about you confidential. The staff at this practice record information about you and your health so that you can receive the right care and treatment. We need to record this information, together with the details of the care you receive, because it may be needed if we see you again.

If your health needs require care from others elsewhere outside this practice we will exchange with them whatever information about you that is necessary for them to provide that care. When you make contact with healthcare providers outside of the practice but within the NHS, it is usual for them to send us information relating to that encounter. We will retain part or all of those reports. Normally we will receive equivalent reports of contacts you have with non NHS services but this is not always the case.

Your consent to this sharing of data, within the practice and with those others outside the practice is assumed and is allowed by the Law. However, people who have access to your information will only normally have access to that which they need to fulfil their roles. 

You have the right to object to our 'Sharing your Data' in these circumstances but we have an overriding responsibility to do what is in your best interests - Please read our 'Organisational Statement on Accountability' and 'Privacy Notices' below: