How we use cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work more efficiently, and sometimes provide useful information to the owners of the site.
There are some cookies necessary to this site functioning, such as interacting with our accessibility toolbar. These cookies will usually remove themselves when you close your browsing session. More information can be found in the ‘Necessary cookies’ section.
We use some additional cookies, such as Google Analytics, to help us gather information and improve the website. You have the option to deny use of these cookies; more information can be found in the ‘Additional cookies’ section.
In order to help us to improve the content, format and structure of this website we record and analyse how visitors use the using Google Analytics.
You can read Google’s extensive information on data practices in Google Analytics.
You can opt-out of Google Analytics on our website by denying additional cookies or by using the Google Analytics Opt-out Browser Add-on.
| Cookie | Purpose | Expiry |
|---|---|---|
| _ga | Distinguishes user for Google Analytics. | 2 years |
| _gid | Distinguishes user for Google Analytics. | 1 day |
| _gat | Throttles request rate for Google Analytics. | 1 minute |
| _ga_{ID} | Persists session state for newer versions of Google Analytics. | 2 years |
| _gat_gtag_UA_{ID} | Persists session state for older versions of Google Analytics. | 1 minute |
| __utma | Distinguishes user and session for Google Analytics. | 2 years |
| __utmb | Determines new session or visit for Google Analytics | 30 minutes |
| __utmc | Determines new session or visit for Google Analytics. | End of browsing session |
| __utmz | Stores traffic source for Google Analytics. | 6 months |
The following necessary cookies allow the functions within our accessibility toolbar to work optimally.
| Cookie | Purpose | Expiry |
|---|---|---|
| accessibility-controls | Records option regarding additional cookies. | End of browsing session |
| saveFontSize | Allows the website (CMS) to record if the user’s font size selection. | End of browsing session |
| contrast-mode | Allows the website (CMS) to record the user’s contrast mode selection. | End of browsing session |
| googtrans | Allows the language of page content to be changed and records the language selected. | End of browsing session |
| Cookie | Purpose | Expiry |
|---|---|---|
| cookieconsent_status | Persistently records your option regarding additional cookies. | 1 year |
K2 PCN's have a Zero Tolerance Policy to abusive or aggressive behaviour.
As an employer we have a duty of care for the health and safety of all our staff. They come to work to care for others and it is important for all members of the public and our staff to be treated with courtesy and respect.
The PCN's will not tolerate aggressive or violent behaviour towards our staff or members of the public.
Anyone giving verbal abuse to members of staff or other patients will be sent a letter from the PCN Manager, advising that this behaviour will not be tolerated and may result in being removed from the practice list.
K2 Federation will not tolerate any form of discrimination or harassment of our staff by any visitor. Any visitor who expresses any form of discrimination against, or harassment of, any member of our staff will be required to leave our premises immediately. If the visitor is a patient of any of the K2 GP Practices, they may also, at the discretion of the K2 management, be removed from the Practice list if any such behaviour occurs.
Privacy Notice for General Practice Patients
How We Use Your Personal Information
This fair processing notice explains why our GP Practices collect information about you and how that information may be used.
Our health care professionals, who provide you with care, maintain records about your health and any treatment or care you have received previously (e.g. from NHS Trust, GP Surgery, Walk-in clinic, etc.).
These records help us to provide you with the best possible healthcare.
- NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.
- Records which our GP Practices hold about you may include the following information:
- Details about you, such as your address, contact details, date of birth, carer, legal representative, emergency contact details.
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations such as laboratory tests, x-rays etc.
- Relevant information from other health professionals, relatives or those who care for you
- To ensure you receive the best possible care, your records are used to facilitate the care you receive.
Information held about you may be used to help protect the health of the public in general and to help us manage the NHS. Information may be used within the GP practices for clinical audit to monitor the quality of the services provided.
We may monitor, record, store and use any telephone, email or other communication with you in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our services
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.
_______________________________________
Covid-19 Planning and Research Data
This PCN is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital. This transparency notice supplements our main practice privacy notice.
The health and social care system is facing significant pressures due to the coronavirus (COVID-19) outbreak. Health and care information is essential to deliver care to individuals, to support health, social care and other public services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the coronavirus outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations. This PNC is supporting vital coronavirus planning and research by sharing your data with NHS Digital, the national safe haven for health and social care data in England.
For more information on how your data is being processed to support vital coronavirus (COVID-19) planning and research, please see our Practice Covid-19 Privacy Notice and the NHS Digital Website.
_______________________________________
In the Lincolnshire region a population health management programme has been introduced. The programme will combine de-identified information from GP practices, community service providers, hospitals and other health and care providers to allow a comprehensive picture of health and care needs to be identified and services planned according to need.
For more information please read the Privacy Notice.
Why LGBTQIA+?
“LGBT” is one of the most commonly used acronyms, and so shows up in far more searches. However, it’s far from comprehensive and excludes a number of identities: as such, we use “LGBTQIA+” to promote active inclusion.
For alternatives, MOGAI (Minority orientations, gender alignments and identities) is rapidly gaining recognition, and quiltbag is a popular term in the community.
Some basic terms:
Queer: an umbrella term, or an identity in its own right – it can refer to gender or sexuality or both.
NOTE: due to its use as a slur, this word should not be used to define others, unless they have explicitly stated it is okay.
Questioning/unsure/undecided: someone still questioning their gender identity and/or sexuality.
Some people may question if they are straight or not, or if they are transgender, whilst others may be certain that they are transgender and/or non-heterosexual, but may not be certain where exactly under the LGBTQIA+ umbrella their identity lies. Many young people may question their gender or sexuality, and it is important that their identities – fixed or not – are treated as valid and not as ‘just a phase’.
Gay: someone solely attracted to people of the same gender as themselves.
Whilst typically applied to men, the term can be used by/about anyone who is solely attracted to people of the same gender as themselves.
Lesbian: a woman who is solely attracted to other women.
In addition to homophobia, many lesbians find themselves the targets of what has been termed ‘lesbophobia’: an intersection of misogyny, sexism and homophobia. This includes resentment and harassment over being unavailable to men, sexual objectification and being seen as titillation, and in some cases even ‘corrective’ rape.
Bisexual: someone attracted to people of more than one gender.
Pansexual: someone attracted to people of all genders.
There is some overlap between bi and pan and many people identify as both.
There is a common fallacy that bisexual means ‘attracted to men and women’ – as a whole, this is not the case, though it may apply to an individual’s attraction. Robyn Och’s definition is widely accepted: “same and other genders”. Whilst ‘bi’ CAN mean a person is only attracted to two genders, it is important to note that this does not automatically mean the two binary genders.
Non-monosexual (people attracted to people of more than one gender) people can struggle to find a space in LGB communities, as bi/panphobia can lead to discrimination on both sides.
Asexual: someone not sexually attracted to others.
Aromantic: someone not romantically attracted to others.
Some asexuals may identify as homoromantic, heteroromantic, biromantic or panromantic, indicating their romantic attractions. Others may identify as aromantic; conversely, someone may identify as [x]sexual whilst being aromantic: having no romantic attraction to others. Others may experience grey-asexuality, where they rarely experience sexual attraction to other people; some may experience demisexuality, where sexual attraction is only felt if there is an existing emotional bond.
Asexuality does not necessarily mean celibate: it is a descriptor of a sexual orientation, not of behaviours.
Intersex: someone born with characteristics which are considered both typically male and typically female.
Gender is assigned at birth typically based on what genitalia a person has. However, what doctors consider typically male or female has a number of other characteristics, including karotype (containing genetic coding; considered the ‘sex chromosomes’ and typically – though not always – being XX or XY); genital and reproductive systems arrangement, including gametes (whether someone produces sperm or ova); natural hormone levels, which control many secondarysex characteristics such as weight distribution, breast tissue growth, body and facial hair, and muscle mass.
Someone who is intersex has a mix of characteristics which don’t fit the typical definitions of male and female. These characteristics may be evident at birth or become so later in life, at puberty or when trying to conceive. For some, the characteristics may not be evident at all.
Transgender: someone who does not identify as the gender they were assigned at birth.
Transsexual as a term is now usually considered outdated and should be avoided.
Trans = across from
Cis = on the same side
So transgender = does not identify as the same gender as was assigned at birth
Cisgender = identifies as the same gender as was assigned at birth
Can be binary (male or female) or non-binary (neither male nor female, or both).
Non-binary: a person who does not identify as (solely) male or female. It can be an umbrella term, or an identity in its own right.
Some common non-binary terms (this is by no means an exhaustive list):
- Androgyne – An androgynous gender, which may be neutral, mixed or something else.
- Agender – Being genderless, or without gender; lacking in gendered traits.
- Genderqueer – A non-binary gender, which expresses sitting outside societal gender norms.
- Demiboy/ demigirl – Feeling partially of one binary gender (male or female) and partially of some other sort of gender.
- Bigender – Experiencing two different gender identities, either at the same time, or moving between the two.
- Neutrois – A neutral gender identity, often lacking in gendered traits.
- Genderfluid – Moving between two or more different gender identities.
- Pangender – Identifying as all genders.
Some non-binary people may use “he” or “she” pronouns. Others may use “they”, “xe”, “ze”, “co” – or many more. Simply ask, and use accordingly.
A privacy notice is a statement that discloses some or all of the ways in which the practice gathers, uses, discloses and manages a patient’s data. It fulfills a legal requirement to protect a patient’s privacy.
Why do we need one?
To ensure compliance with the General Data Protection Regulation (GDPR), The PCN must ensure that information is provided to patients about how their personal data is processed in a manner which is:
Concise, transparent, intelligible and easily accessible;
Written in clear and plain language, particularly if addressed to a child; and
Free of charge
What is the GDPR?
The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region approach data privacy. The GPDR comes into effect on 25 May 2018.
How do we communicate our privacy notice?
The practice privacy notice is displayed on our website, through signage in the waiting room in our Practices, and in writing during patient registration. Our Pracitces will:
Inform patients how their data will be used and for what purpose
Allow patients to opt out of sharing their data, should they so wish
What information do we collect about you?
We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.
How do we use your information?
Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.
Maintaining Confidentiality
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO).
Risk Stratification
Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.
Invoice Validation
Your information may be shared if you have received treatment, to determine which Clinical Commissioning Group (CCG) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
Opt-Outs
You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering a Type 1 opt-out, preventing your information from being shared outside this practice.
Accessing Your Records
You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception at your GP Surgery for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.
What to Do if You Have Any Questions
Should you have any questions about our privacy policy or the information we hold about you, you can:
Contact the PCN Manager on agem.
Complaints
In the event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit Information Commissioner's Office (ICO) and select ‘Raising a concern’.
We regularly review our privacy policy and any updates will be published on our website.
K2 Healthcare Ltd (K2) Privacy Notice
1. Background
K2’s primary purpose is to provide the best care possible for you. In order to do this, we need to collect, store and share information about you.
This privacy notice is designed to explain what happens to any personal data that you give us or any information concerning you that is collected by other organisations, for instance, if you attend an Accident and Emergency department. This includes how your data is held and/or processed by us.
This notice includes:
- Who we are and how we use your information
- The kinds of information we hold and how we process them
- The legal grounds for processing your personal data, including when it is shared with others
- What to do if your personal information changes
- The length of time that your information is stored and retained by us
- Information about your rights under the 2018 Data Protection Act incorporating the UK General Data Protection Regulations (GDPR)
- Information about what to do if you have a query or problem
Under the 2018 Data Protection Act incorporating the UK General Data Protection Regulation (GDPR) K2 is known as the Data Controller. As such, we are responsible for keeping your data up to date and accurate, as well as storing it safely and sharing it securely. If you have a problem or a question regarding your data, please contact our Data Protection Officer at agem.
2. Why we hold and process your data
We hold and process your personal data in order to provide you with direct care. Together with anonymised and pseudonymised patient data (in other words, data that cannot be used to identify you) your personal data is also used to:
- Improve the quality and standard of care that we and other organisations provide;
- Evaluate existing services;
- Developing preventative treatment of illness and disease;
- Monitoring standards of patient safety
- Act in the public interest as legally directed – for instance, in times of pandemic
You also have a choice over whether you wish to use your confidential data – i.e. data that CAN be traced back to you for purposes of:
- Researching and developing new treatments.
- Planning future services in the locality.
If you are content with this, then you do not need to do anything. If you are not sure or wish to opt out, please see section on Opting-Out of Research and Planning below.
3. Who do we share information with?
As a Federation of GP Practices we cannot provide all your treatments and services ourselves, so we need to delegate this responsibility to others across our organisation, within your practice and with other organisations such as pharmacies or hospitals. K2 also pools resources with other primary care organisations in the area. Such services may be provided as part of our local Primary Care Network (PCN) or in conjunction with other PCNs and our partners in secondary health care and in social care. These will include, but are not limited to, United Lincolnshire Hospitals Trust (ULHT), Lincolnshire Community Healthcare Services (LCHS), Lincolnshire Partnership NHS Foundation Trust (LPFT), Lincolnshire Integrated Care System, Neighbourhood Team, K2 Healthcare, K2 GP Practices, Thrive Tribe Ltd and other commercial providers.
As such, if your care requires treatment outside of our Services, we will exchange with those providing such care and treatment whatever information may be necessary to provide you with safe, high-quality care. K2 also delivers services and treatment to our patients as part of, and in association with local primary care networks and beyond.
Once you have seen any outside care provider, they will normally send details of the care they have provided you with to your Practice, so that we can understand and support your health and treatment better and update your health care record.
The sharing of personal data, within K2 and with those other organisations involving our services, such as Primary Care Networks (PCNs) as well as secondary care organisations and social prescribing organisations is assumed and is allowed by law (including the Data Protection Act 2018). However, we will gladly discuss this with you in more detail, if you would like to know more. We keep a register of our Information Assets which also sets out a Record of Processing Activity. The majority of patient data processing and storage happens via our SystmOne and SystmOnline patient record systems.
We have an overriding responsibility to do what is in your best interests under the 2018 Data Protection Act ‘in performance of a public task’ (see legal bases in the summary below). The K2 team (clinicians, administration and reception staff) only access the information they need to allow them to perform their function and fulfil their roles. A list of the types of organisation we share with is provided below. This summary also contains details of your rights in relation to your data under the Act and how to exercise them.
We do also share anonymised data across our Primary Care Networks. This data is extracted by various secure data extraction tools, usually part of SystmOne, the system your GP uses to record clinical information.
K2 does NOT share your data with insurance companies or solicitors, except by your specific instruction or consent. Your data is NOT shared or sold for any marketing purpose.
4. Communication with Our Patients
K2 will use your contact details in order to inform you of progress in your treatment or to work with you in managing your health. Because we can communicate and get data to you more quickly and more securely, we prefer to use email and text messaging services. Please ensure that we always have your current, up to date, email address and mobile telephone number, so that we can do this. If you would prefer us NOT to communicate with you in these ways, please let us know.
If you have downloaded the NHS app (or other similar app), we may also use this to communicate with you and to update your referrals etc.
Communication with Our Patients Section of the privacy notice template.
“Sometimes we partner with other service providers in order to communicate with you such as Google and SurveyMonkey etc. Please be aware that these third parties will leave cookies to track your use of their services. Please check their cookie policies for details.”
5. Safeguarding and the Caldicott Guardian
K2 is dedicated to safeguarding all its patients, including children and vulnerable adults. This means that information will be shared in their best interests. Such decisions are the ultimate responsibility of our Caldicott Guardian. The Caldicott Guardian is the senior person responsible for protecting the confidentiality of people’s health and care information. The duty to share data for the benefit of individuals can be more important as the duty to protect patient confidentiality, and actions taken as a result of safeguarding concerns will override data protection. The K2 Caldicott Guardian is Catherine Dickinson, available at catherine.dickinson1@nhs.net. The decision of the Caldicott Guardian is final and there is no appeal process.
6. Medical Audits and Medicines Management
K2 will conduct audits of its services and treatment as well as reviews of medicines prescribed to its patients. Reviews of patient data are necessary to allow us to monitor, test and update our services and prescribing, to ensure that you receive the most appropriate and cost-effective treatments. These reviews may take the form of internal audits or those conducted by other commissioned healthcare organisations such as the local Medicine Management Team.
7. Automated Data Processing and Risk Stratification
Electronic tools of prediction, based upon algorithms and artificial intelligence, are used within the NHS to determine a patient’s future risks and treatment needs. Wherever we can, we want to prevent admissions to A&E and secondary care which would be otherwise necessary. Such preventative care may, for instance, use these tools to determine the risk and consequence of a future fall in an elderly patient.
However, under the 2018 Data Protection Act, you do have the right to opt out of having your data processed in such automated ways. If you wish to opt out, please contact the practice.
8. Research and Planning
K2 takes part in research that uses anonymised or pseudonymised data. This means that patient data cannot be traced back to individuals and is therefore no longer personal data under the 2018 Data Protection Act.
Anonymised or pseudonymised patient data held by K2 may also be used to evaluate present services that provide direct care or to plan future ones within K2 services or across the local area.
Sometimes, K2 is contacted to ask whether its patients would consider taking part in research on a particular condition. In all such cases, where the data used would identify individual patients, data can only be used where patients have given their consent and you will be contacted accordingly. Such research projects take place in secure research environments where data protection and data security keep patient data safe, but you have the right to choose not to have your personally identifiable data used in this way (see below).
9. Data Opt-Outs (The National Data Opt-out) and Your Right to Object.
You cannot opt-out of your data being shared for the purposes of providing you with direct care. You can exercise your right to object to a specific process involving your data. If you wish to do this for data processed at K2 practices then you must contact K2’s nominated Data Protection Officer through the following details:
E-mail:
In writing:
AGEM DPO
NHS Arden and Greater East Midlands Commissioning Support Unit
Westgate House
Market Street
Warwick
CV34 4DE
You can opt-out from having your confidential data (i.e. data that can identify you) being used for purposes beyond direct care, such as research and planning. To do this, you can check or change your preferences at www.
There are some situations where your data will be shared in addition to providing you with direct care. These include:
- Situations where data is needed in the “public interest”, e.g. in cases of epidemic where communicable diseases need to be diagnosed and the spread of their infection prevented or controlled;
- To monitor and deliver vaccination programmes
- To manage risks of infection from food or water supplies or the environment.
You can find out more about how your patient information is used at https://
K2 is compliant with the national data opt-out policy.
10. How is your information stored?
K2 stores the main patient record via contracted data processors in the cloud. The contracted processors for K2 are as follows.
For most clinical information, held on SystmOne and SystmOnline
The Phoenix Partnership (Leeds) Ltd, TPP House, 129 Low Lane, Horsforth, Leeds, LS18 5PX
For social prescribing and health & wellbeing information, held on Social Rx
Promatica Digital Solutions, The Pinnacle, Regus Office 15.05, 67 Albion Street, Leeds, LS1 5AA
11. How long is the information retained?
The medical record is retained at the patient’s practice for the lifetime of the patient, after which it is presently sent to Primary Care Services England (PCSE). If you move to another practice your records will be transferred to that practice.
| Data Controller | K2 Healthcare Ltd |
| Data Protection Officer |
Judith Jordan, Arden & GEM Head of Integrated Governance E-Mail: agem.dpo@nhs.net |
| Lawful Basis for Processing your personal information | Direct Care delivered to an individual patient, much of which is provided in our clinical services. After a patient agrees to a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialists, therapists, technicians etc. The information that is shared is to enable the other healthcare and social care professionals to provide the most appropriate advice, investigations, treatments, therapies and or care. |
| Lawful Basis for Processing your personal information | The processing of personal data in the delivery of direct care and for providers’ administrative purposes in K2 practices and in support of direct care elsewhere, is supported under the following Article 6 and 9 conditions of the GDPR: Article 6 (1) (c) – the processing is necessary for compliance with a legal obligation to which the controller (the practice is subject) and/or Article 6(1)(e) ‘…the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’. Health data is defined as a special kind of personal data and is also processed by K2 under Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services. The sharing of your personal data also takes place in accordance with the common law duty of confidentiality. Performance of this duty does not require consent from the patient where the proposed use of their data is either for individual care or in the public interest. |
| Recipient or categories of recipients of your personal data |
In accordance with the particular course of treatment, your data may be shared with health and care professionals and support staff in K2 practices and at hospitals, diagnostic and treatment centres who contribute to your personal care. These may include:
K2 practices are often part of Neighbourhood Multi-Disciplinary Teams based upon the Primary Care Network, designed to bring together a number of service providers to help patients with more than one need. |
| Your right to object | You have the right to object to some or all of the information being processed, which is detailed under Article 21. Exercising your right to object may well prevent the referral or course of treatment from going ahead. Please contact the Data Protection Officer on agem.dpo@nhs.net You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance. |
| Your right to access and correction | You have the right to access your data and to have any inaccuracies corrected. There is no right to have medical records deleted except when ordered by a court of Law. |
| How long do we hold your personal data for? | We retain your personal data in line with both national guidance and law, which can be found here: https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code/ |
| Your right to complain | If you have a question or wish to complain about the use of your data, please contact the Data Protection Officer at: agem.dpo@nhs.net The use of personal data is overseen by the Information Commissioners Office, often known as the ICO. You can call their helpline at 0303 123 1113 (local rate), 01625 545 745 (national rate) or you can write to them at - The ICO, Wycliffe House, Water Ln, Wilmslow SK9 5AF |