We are well-established GP Practices. Our General Practitioners and allied healthcare professionals provide primary medical care services to our practice population and are supported by our administrative and managerial team in providing care for patients.
This privacy notice explains how we as a data controller use any personal information we collect about you as a patient of health care services provided by Warrington Innovation Network PCN.
This privacy notice explains in detail why we use your personal data which we, the GP practice (Data Controller), collects and processes about you. A Data Controller determines how the data will be processed and used and who this data will be shared with. We are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This notice also explains how we handle that data and keep it safe.
Caldicott Guardian
The Primary Care Network has a Caldicott Guardian. A Caldicott Guardian is a senior person within a health or social care organisation, preferably a health professional, who makes sure that the personal information about those who use its services is used legally, ethically and appropriately, and that confidentiality is maintained. The Caldicott Guardian for Warrington Innovation Network PCN is:
Dr Dan Bunstone (PCN Clinical Director)
Data Protection Officer (DPO)
Under the UK GDPR all public bodies must nominate a Data Protection Officer. The DPO is responsible for advising on compliance, training and awareness and is the main point of contact with the Information Commissioner’s Office (ICO).
The DPO for Warrington Innovation Network is: Camilla Bhondoo IG@midmerseyda.nhs.uk
We will continually review and update this privacy notice to reflect changes in our services and to comply with changes in the law. When such changes occur, we will revise the last updated date as documented in the version status in the header of this document.
We are here to provide care and treatment to you as our patients. In order to do this, the Primary Care Network in laison with your registered GP practice keeps personal demographic data about you in your electronic medical record such as your name, address, date of birth, telephone numbers, email address, NHS Number etc and your health and care information. Information is needed so we can provide you with the best possible health and care. We also use your data to:
- Confirm your identity to provide these services and those of your family / carers
- Understand your needs to provide the services that you request
- Obtain your opinion on our services (with consent)
- Prevent and detect fraud and corruption in the use of public funds
- Make sure we meet our statutory obligations, including those related to diversity and equalities
- Adhere to a legal requirement that will allow us to use or provide information (e.g. a formal Court Order or legislation, investigations)
We use the following types of information / data:
Personal Data
This contains details that identify individuals even from one data item or a combination of data items. The following are demographic data items that are considered identifiable such as name, address, NHS Number, full postcode, date of birth. Under UK GDPR, this now includes location data and online identifiers.
Special categories of data (previously known as sensitive data)
This is personal data consisting of information as to: race, ethnic origin, political opinions, health, religious beliefs, trade union membership, sexual life and previous criminal convictions. Under UK GDPR, this now includes biometric data and genetic data.
Personal Confidential Data (PCD)
This term came from the Caldicott review undertaken in 2013 and describes personal information about identified or identifiable individuals, which should be kept private or secret. It includes personal data and special categories of data but it is adapted to include dead as well as living people and ‘confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’.
Pseudonymised Data or Coded Data
Individual-level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity. When data has been pseudonymised it still retains a level of detail in the replaced data by use of a key / code or pseudonym that should allow tracking back of the data to its original state.
Anonymised Data
This is data about individuals but with all identifying details removed. Data can be considered anonymised when it does not allow identification of the individuals to whom it relates, and it is not possible that any individual could be identified from the data by any further processing of that data or by processing it together with other information which is available or likely to be available.
Aggregated Data
This is statistical information about multiple individuals that has been combined to show general trends or values without identifying individuals within the data.
Use of AI-Assisted Documentation Software
We use an AI-powered tool called Surgery Intellect (powered by TORTUS) to assist clinicians with documentation during consultations. This voice-enabled assistant listens to and transcribes both face-to-face and telephone consultations in real time. It supports accurate clinical coding, generates structured summaries, referrals, and notes, which are then added to your electronic record—always with clinician review and approval first.
Key points about the use of Surgery Intellect and your privacy:
- Purpose: It helps reduce clinician workload so we can focus more fully on your care delivery
- Data Protection & Compliance: The system meets NHS and UK regulatory standards, including:
- GDPR
- Cyber Essentials Plus
- NHS Digital Technology Assessment Criteria (DTAC)
- Clinical safety standards (DCB0129)
- MHRA Class I Medical Device status
- Privacy and Security: No consultation audio or notes are retained outside of your secure medical record. Data is handled in compliance with the highest standards of confidentiality and data governance
- Clinical Oversight: All summaries, coding, and documentation are reviewed and verified by your clinician before being added to your record.
Further InformationFor more details about Surgery Intellect and its data protection standards, please visit the provider’s website: https://www.x-on.co.uk/surgery-intellect/
As always, our priority is to maintain accuracy, confidentiality, and the highest quality of care through the use of trusted digital tools.
Notice on recording
Phone Call Recording – Call recording occurs either in relation to patient care or may be stored to provide an accurate and objective record for the protection of staff and patients alike as it may be used in cases of legal defence or prosecution.
Video Communications – Changes in the provision of healthcare outside of the usual methods this is delivered has been instituted in many NHS organisations. For this purpose video consultations may sometimes be recorded to provide an accurate record of the healthcare provided.
While the recording of these consultations proceeds under the Legal Basis’ noted elsewhere in this privacy notice, service users may be asked for their consent to continue with a recorded consultation. Please be aware that this consent does not form the Legal Basis for which this data is processed but is requested to allow service use
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation.
These records help to provide you with the best possible healthcare and help us to protect your safety.
We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide.
In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form. The records will include both personal and special categories of data about your health and wellbeing.
We may collect the following types of personal information:
- Your name, address, email address, telephone number and other contact information
- Gender, NHS Number and date of birth and sexual orientation
- Details of family members and next of kin details
- Health (Medical) information, including information relating to your sex life
- Details of any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments and telephone calls.
- Results of investigations such as laboratory tests or x-rays
- Biometric data
- Genetic information
We may use your personal information in the following ways:
- To help us assess your needs and identify and provide you with the health and social care that you require
- To determine the best location to provide the care you require
- To comply with our legal and regulatory obligations
- To help us monitor and manage our services
- To support medical research
Text (SMS) messages
If you have provided your mobile telephone number, we may use this to send automatic appointment reminders, links to self book appointments, requests to complete surveys or to make you aware of services provided by the surgery/PCN that we feel will be to your benefit.
If you do not wish to receive these text messages, please let the reception team of your practice know.
Call recording
Recordings of calls made and received by the surgeries and PCN staff may be used to support the learning and development of our staff and to improve the service we provide to our patients.
They may also be used when reviewing incidents, compliments or complaints.
Call recordings will be managed in the same way as all other personal information processed by us and in line with current data protection legislation.
CCTV footage
Your surgery may use Close Circuit Television (CCTV) to record images within public areas of the practice for the safety and security of our patients and staff.
CCTV footage is managed in the same way as all other personal data processed by us and in line with current legislation.
Data processors
We may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how they will handle patient information and ensures they treat any information in line with the General Data Protection Regulation, confidentiality, privacy law, and any other laws that apply.
We may share your personal information with other health and social care professionals and members of their care teams to support your ongoing health and or social care and achieve the best possible outcome for you.
If your surgery is a member of Warrington Innovation Network Primary Care Network (PCN) you may be contacted by or treated by one of the other practices within the PCN. In order to support and provide healthcare services to you, they will require access to your patient record.