How your information is used

We will use your records to:

  • Refer you to other healthcare providers when you need other service or tests
  • Share samples with laboratories for testing (like blood samples)
  • Share test results with hospitals or community services (like blood test results)
  • Allow out of hours or extended hours GPs to look at your health record when you are going to an appointment
  • Send prescriptions to a pharmacy
  • Patients are texted in relation to healthcare services
  • Samples are provided to the courier for delivery to pathology
  • Share reports with the coroner
  • Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital

Suffolk GP Federation has signed a Suffolk Wide Information Sharing Agreement which allows health and social care providers to agree a secure and lawful way to share your information.

Follow this link to see a list of the partners that we usually share with.

MyHealthBook COVID 19 Vaccination Service

GPs are in an ideal position to reach out to diverse communities and make sure that everyone can access the COVID vaccination programme. This means general practice will have an important role in a potential COVID-19 vaccination programme, alongside other providers.
In Suffolk, some practices have asked Suffolk GP Federation to deliver the services on their behalf.

Suffolk GP Federation are using a company called Synnova and a booking software called MyHealthBook to deliver the service.

Suffolk GP Federation can confirm that patient information will be managed in a secure and confidential manner and that we have put contracts in place with Synnova to ensure that data is secure, held in the UK and only used to deliver the vaccination programme, undertake audits to ensure the programme is working and is safe and to report on how we are delivering the service.

If you have any questions about the project, please contact our Data Protection Officer at

Our Nurses at Your GP Surgery

Suffolk GP Federation provide specialist nurses in areas such as mental health or medications. We have partnered with local GP practices to provide additional support and services, directly to patients at the surgery.

When we do this, we collaborate with the GP practices to make sure that we take care of your personal data. We make decisions jointly to ensure that each party knows how to respond to any information requests that you make or how to respond if something goes wrong.

Here is a list of the practices that we currently support with these services;

Burlington Road
Derby Road
Orchard Street / Dr Solway and Whale
Ivry Street
Two Rivers
Hawthorn Drive
Barrack Lane
Felixstowe Road

You can direct any information requests or queries to our Data Protection Officer at

What else do we do with your information?

Along with activities related directly to your care, we also use information in ways which allow us to check that care is safe and provide data for the improvement and planning of services.

  • Quality / payment / performance reports are provided to service commissioners
  • As part of clinical research – information that identifies you will be removed, unless you have consented to being identified
  • Undertaking clinical audits to ensure that care is safe and effective
  • Supporting staff training

Sharing when Required by Law

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.

Care Quality Commission Access to Health Records

CQC has powers under the Health and Social Care Act 2008 to access and use your health information where it is necessary to carry out their functions as a regulator.

This means that inspectors may ask to look at certain records to decide whether we are providing safe, good quality care.

More information about the CQC can be obtained on their website here


CCTV is in place in our practice locations.

It has been installed solely for the safety and security of our patients and staff, to prevent and deter crime.

Images are recorded 24 hours a day and stored on the hard drives of the recording devices that are situated in secure areas and only the practice managers and those delivering technical support services will have access to the system.

The CCTV only records images and does not record audio.

All CCTV recordings are stored on our recording devices for 28 days before being deleted.

There are signs in the practice telling you that CCTV is in place.

We will only ever share information with the relevant authorities in connection with the safety and security of patients and staff and will not share with any other third parties.

Visitors to the practice have the right to request to see images of themselves on CCTV as part of a request made under the privacy legislation. Like all subject access requests, it must be made in writing.

We have followed the CCTV guidelines produced by the Information Commissioners’ Office.

Case Finding

Sometimes your information will be used to identify whether you need particular support from us.

Those involved in your care might look at particular ‘indicators’ (such as particular conditions) and contact you or take action for healthcare purposes. For example, this might be to prevent you from having to visit accident and emergency by supporting you in your own home or in the community.

We will use automated technology to help us to identify people that might require support but ultimately, the decision about how or whether to provide extra support you is made by those involved in your care.

Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.

Our practices use Eclipse for case finding.

Information Technology

The practice will use third parties to provide services that involve your information such as;

  • Removal and destruction of confidential waste
  • Provision of clinical systems
  • Provision of connectively and servers

Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery).

We have contracts in place with these third parties that prevent them from using it in any other way than instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.

Offsite Record Storage

Suffolk GP Federation has selected an offsite storage facility; HomeStore to hold its medical records. Our Data Protection Officer has completed a security review to ensure that the records are held in line with national guidelines.

This includes ensuring that they have;

  • CCTV
  • Protection from fire and flood
  • Trusted staff
  • Alarms, locks and fences

HomeStore are unable to access any of the records within their facility and only Suffolk GP Federation staff can access or retrieve the records. If you have any questions or concerns – contact us.

Please visit this link to find out more about our sharing partners and providers.