Sutton Manor Surgery

St Ives Close
Wawne Road
Sutton upon Hull
Telephone: 01482 826457

Medical Emergencies dial 999

Out of Hours:  dial  111

Your Data

Data Protection
Information Sharing



Vector of keyboard and disc overlay

We ask for your personal information so that you can receive appropriate care and treatment.

This information is recorded on computer and we are registered under the Data Protection Act. The practice will ensure that patient confidentiality is maintained at all times by all members of the practice team.

Sometimes it is necessary  for the effective functioning of a multi-disciplinary team to  share information within that team. More information on this and your health record is detailed below.

All patients have a right to access their health records. Contact the practice if you wish to have access.      

Your Health Record

The surgery confidentially records details of your consultations, medication and letters on an electronic clinical system. This is only shared with other organisations with your consent, although some relevant information may be shared with other health professionals when we refer you for further treatment.

Reception and administrative staff may require access to your medical record in order to carry out their role. These members of staff are bound by the same rules on confidentiality as their clinical colleagues. Identifiable information about you will be shared with others in the following circumstances:  

  • to provide further medical treatment eg district nurses & hospital services.
  • to obtain other services e.g social workers. This requires your consent.
  • when we have a duty to others e.g in a child protection case

There have been developments to allow  other healthcare professionals access to your records to improve the care you receive elsewhere.

Some data was uploaded to your Summary Care Record and this allowed hospitals and other healthcare providers, with your consent) to see limited but important information such as significant illnesses, repeat medication and allergies.

NHS England have also put a system in place to enable the NHS to use health information, sent from your record to a secure system along with your postcode and NHS number - but not your name. This allows those planning NHS services or carrying out medial research to use information from different parts of the NHS in a way which does not identify you.

If you have any concerns or wish to prevent this from happening, please let the practice know of visit the Care Data website page.


Health Data

NHS Digital & Care

laptop with overlay of globes

Strict information governance standards are in place to protect patient data. All of our staff are trained to observe confidentiality standards and comply with strict  data operating procedures.

You have the right to object to your information being shared. Should you wish to opt out of data collection. 

Type 1 opt-out prevents information being shared outside a GP Practice for purposes other than direct care. A type 2 opt-out prevents information being shared outside NHS Digital for purposes beyond an individual's direct care.

If you wish to have further advice or help please contact a member of our reception team.

How the NHS
Uses Your Data

General Data Protection Regulations


Computer disk montage with keyboard

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:

Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous.

There are new protections for patient data:

  • Practices must comply with subject access requests.
  • Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous.
  • The Information Commissioner’s Office must be notified within 72 hours of a data breach.
  • Higher fines for data breaches – up to 20 million euros.
Subject Access Requests

Due to the Covid-19 pandemic there could be a delay of up to 90 days for all subject access requests

The Information Commissioner's Office has confirmed that penalties will not be issued for delays in fulfilling a subject access request.

Please click the following button to access our Online Services options


The General Data Protection Regulations allows you to find out what information is held about you including information held within your medical records, either in electronic or physical format. This is known as the “right of subject access”. If you would like to have access to all or part of your records, you can make a request in writing. 

You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified. You should however be aware that some details within your health records may be exempt from disclosure, however this will in the interests of your wellbeing or to protect the identity of a third party.

 If you wish to have access to your medical records, please contact the surgery. If you have reviewed your medical record (you can apply to do this on-line, see the Online Services tab) and wish to object or request a change to the information we hold please download a copy of our 'Patients Right to Object Form' here.

Once completed you need to return the form to the practice in person, bringing a recognised form of photo-ID, such as a passport or driver's license with you, so we can verify your identity.

We define consent as “any freely given specific and informed indication of wishes by which the data subject signifies their agreement to personal data relating to them being processed.”

This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records. Individuals also have the right to withdraw their consent at any time.

Patient Data
The changes in GDPR mean that we must get explicit permission from patients when using their data, which is information that relates to a single person, such as diagnosis, name, age, earlier medical history etc. One of the considerations patients may make is about how their personal data is used and specifically whether it is shared, with consent, and under strictly controlled circumstances, with professionals outside the practice. 

Privacy Notice One of the requirements of this legislation is that all organisations that hold personal data, whether that be data concerning patients, customers or employees, must make their policies and processes around personal information available in the form of a Privacy Notice.You can find our practice privacy notice here
Your confidentiality is very important to us, all NHS staff are bound by law and a strict code of confidentiality and we have strict controls in place to protect your information.

The Surgery's Caldicott Guardian, Dr Andrew Fellows, is responsible for ensuring patients' confidentiality is respected. The GDPR also requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office (ICO) and the practice is registered with them.
ICO website
Our Data Protection Officer is TBA. Our Data Controller, responsible for keeping your information secure and confidential is TBA.

Data Protection & Information Sharing

laptop keyboard

National Data Opt Out

Your health records contain a type of data called confidential patient information. The data can be used for research and planning. You can chose to stop your confidential patient information being used for research and planning

lady sitting with laptop

Summary Care Record

When you visit and NHS or social care service, information about you and the care you receive is recorded and stored in a health care record. This is so people caring for you can make the best decisions about your care.

Doctor and patient sitting

Care & Health Information Exchange

The Care & Health Information Exchange (CHIE) is a secure system which shares health & social care information from GP surgeries, hospitals, community and  mental health, social service and other appropriate health agencies.

Your Data

Our staff are trained to strictly observe confidentiality standards and fully comply with comprehensive data operating procedures.

LOGO, NHS Digital

Summary Care Records

Summary Care Records (SCR) are an electronic record of important patient information, created from GP records.

Image Concept of globe with binary code in waves.

Access to Health Records

Patients have a right to access details of their medical records subject to various rules & guidelines. 

Image doctor using laptop. Shows close-up of keyboard, hands and stethescope in soft colours

Medical Reports

We carry out various types of private medical reports at the request of patients and with their consent.

Image of keyboard, smartphone and  tablet


Owned & run by the NHS, the NHS App is a simple & secure way to access a range of NHS services.


Freedom of Information

This is a guide to the surgery publication scheme as required by the Freedom of Information Act 2000.  This scheme recognises members of the public are entitled to request information


Data Protection Officer

The Practice have appointed Barry Jackson as the Data Protection Officer (DPO). He is employed by N3i and can be contacted through their service desk on phone: 0300 002 001 or by email ( or via the link below-

N3i logoEmail DPO
parking iconparking iconGoogle translate iconLGBT multicoloured iconHearing loopp iconParking icon