Practice Policies

CCTV Policy

CCTV in operation (live monitoring)

Images are being monitored live for staff safety, patient safety, premises security, and the prevention and detection of crime.

No recordings are made and no footage is retained.

This system is controlled by Eastfield Medical Practice.

 

For enquiries contact:

Practice Manager

Eastfield Medical Practice,

Eastfield Farm Road,

Penicuik, EH26 8EX.

Tel: 01968 675 576.

Call Recording Policy

To ensure high-quality care and maintain accurate records, we record all incoming and outgoing telephone calls at Eastfield Medical Practice. This policy is in place to:

  • Monitor and improve the quality of our service.
  • Ensure patient and staff safety.
  • Accurately document conversations for training and audit purposes.

Your Privacy

We are committed to protecting your privacy and complying with UK GDPR and the Data Protection Act 2018. For further details, please review our full Privacy Policy.

Questions?

If you have any questions regarding our call recording policy, please contact the Practice Manager at Eastfield Medical Practice, Eastfield Farm Road, Penicuik.

Zero Tolerance Policy

We are here to help. We will treat everyone with respect and ask the same in return.

We do not tolerate:

  • Violence or threats
  • Shouting, swearing or personal insults towards staff
  • Harassment or discriminatory behaviour

If behaviour is unacceptable, we may:

  • End the call or ask you to leave the premises
  • Restrict how you contact the practice (including written-only contact via the Practice Manager)
  • Report incidents to the police
  • Request removal from the practice list in serious cases

If you are upset or distressed, please tell us. We will do our best to help — but abusive behaviour is not acceptable.

Training Policy

GPs in Training

Our practice is approved to train fully qualified doctors who wish to specialise in general practice. Our GP registrar will have had 2-4 years of experience as a qualified hospital doctor working in various specialities. They consult patients on their own, under the mentorship of our trainer, Dr Burt and Dr Zealley. Occasionally we ask permission to video a consultation. You will always be asked in advance and are given the option not to take part, and this will not affect your care in any way. No recording will be taken without your consent and the camera will be switched off on request. These videos are used only for educational purposes with the doctor doing the consultation and are destroyed after use.

Dr Mike Wiles is currently the GP registrar at the practice.

 

Medical Students

Medical students are sometimes attached to the practice for a number of weeks as part of their training. If you do not wish a student to be present during your consultation, please inform the receptionist.

Chaperone Policy

Chaperones

You can ask for a chaperone for any appointment.

A chaperone is a trained member of staff who can be present during an examination to support you and help you feel comfortable. Chaperones are bound by confidentiality.

We will offer a chaperone for intimate examinations (for example breast, genital or rectal examinations). You can accept or decline, and you can change your mind at any time.

You may also ask for a friend or relative to be present for support (this is separate from a formal chaperone).

If you would like a chaperone, please tell reception when booking or speak to your clinician during the appointment. If a chaperone is not available, we will offer an alternative appointment time.

Confidentiality Policy

Everything you tell us at the practice is treated in confidence.

Our whole team — doctors, nurses and reception staff — follows strict confidentiality rules. That means we won’t share information about you with anyone outside your care without your permission.

If you’re under 16

You still have the same right to confidentiality. We won’t discuss your information with parents, family members, carers, or school staff unless you agree.

When might we share information without permission?

Very rarely, we may need to share information without your consent if we believe it is necessary to protect you or someone else from serious harm. If this ever arose, we would try to speak with you first wherever possible.

Questions or concerns

If you have any worries or questions about confidentiality, please ask a member of our team — we’re happy to explain.

Private space at reception

If you’d like to speak confidentially with a receptionist (or a member of the dispensary team), please let us know. We have a private side room available at reception for these conversations.

IT Policy

This practice is committed to preserving, as far as is practical, the security of data used by our information systems. This means that we will take all reasonable actions to;

Maintain the Confidentiality of all data within the practice by:

  • Ensuring that only authorised persons can gain access to our systems
  • Not disclosing information to anyone who has no right to see it

Maintain the integrity of all data within the practice by:

  • Taking care over input
  • Ensuring that all changes are reported and monitored
  • Checking that the correct record is on the screen before updating
  • Reporting all apparent errors and ensuring that they are resolved

Maintain the availability of all data by:

  • Ensuring that all equipment is protected from intruders
  • Ensuring that backups are taken at regular, predetermined intervals
  • Ensuring that contingency is provided for possible failure or equipment theft and that any such contingency plans are tested and kept up to date

Additionally we will take all reasonable measures to comply with our legal responsibilities under:

Disabled Access Policy

Disabled access and reasonable adjustments
We aim to provide an accessible service for all patients. If you have a disability or additional needs, we will make reasonable adjustments to help you access our services. Please tell us what would help - either when booking, before your appointment, or when you arrive.

 

Access to the building
There is access via the main entrance. A wheelchair is also available for use within the surgery - please ask at reception.

 

Hearing difficulties / communication support
If you may not hear your name being called, please let us know. We can add a confidential note to your record so staff are aware and can support you - for example, by using an alternative way to call you from the waiting room or coming to collect you where possible.

We also have a portable induction loop available. Please ask at reception if you would like to use this.

 

Keeping your information private
Any information you share about your needs will be treated confidentially and used only to help us provide you with appropriate support.

Data Protection Policy

In order to provide the right level of care, we are required to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.

Confidentiality and Personal Information

Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.

All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.

In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.

To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not, leave messages with others.

You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.

Click here to read out Data Protection Notice

Data Protection Notice for Children and Young People

Privacy Policy

Privacy Policy

 

1) About this Privacy Notice

Eastfield Medical Practice is committed to protecting your privacy and handling your personal information lawfully, fairly and transparently.

This notice explains:

  • what information we collect and hold about you
  • why we use it and the lawful basis for doing so
  • who we may share it with
  • how long we keep it
  • the rights you have and how to exercise them

This notice applies to patients and, where relevant, carers, guardians and authorised representatives. It covers information held in our clinical and administrative systems.

2) Who we are (Data Controller)

Data Controller: Eastfield Medical Practice
Address: Eastfield Farm Road, Penicuik, EH26 8EZ
Telephone: 01968 675 576
Website: www.eastfieldmedicalpractice.co.uk

Practice Privacy / Data Protection Lead: Practice Manager

If you have any questions about this notice or how we use your information, please contact the Practice Privacy / Data Protection Lead using the details above.

3) What information we collect

We may collect and use the following types of information:

A) Personal information

  • Name, date of birth, address and postcode
  • CHI number and/or other NHS identifiers
  • Telephone numbers and email address
  • Next of kin / emergency contact details
  • Communication needs, such as interpreter requirements or accessible formats

B) Health and care information (special category data)

  • Symptoms, diagnoses, medications and allergies
  • Test results, referrals, clinic letters and care plans
  • Vaccinations and long-term condition monitoring information
  • Information from other health and care providers involved in your care

C) Administrative information

  • Appointment details and attendance
  • Records of contact with the practice, such as telephone calls, messages and online forms
  • Complaints, incidents and feedback, where relevant

Where we get information from

Most information is collected from you directly. We may also receive information from other services involved in your care, such as NHS hospitals, community services, NHS 24, out-of-hours services and other GP practices. We may share information back with them where necessary to support safe and effective care.

Some information is needed so that we can identify you correctly, provide safe care, maintain accurate records and meet NHS and legal requirements. If you do not provide information that is required, this may affect our ability to provide services safely or fully.

4) Why we use your information

We use your information to:

  • provide direct care, including assessment, diagnosis, treatment, referrals and prescribing
  • maintain accurate clinical records to support safe ongoing care
  • manage and plan services, including appointment systems and communications
  • safeguard patients, including protecting children and adults at risk
  • meet legal and regulatory obligations, including responding to lawful requests and audits or inspections
  • improve quality and safety through reviews, learning events and clinical audit, using the minimum necessary information

5) Our lawful basis for using your information

A) UK GDPR Article 6 (lawful basis)

We usually process your personal information because it is necessary for:

  • Public task / official authority (Article 6(1)(e)) – delivering NHS primary medical services and operating the practice safely and effectively

We may also process information where necessary for:

  • Legal obligation (Article 6(1)(c)) – where the law requires it

B) UK GDPR Article 9 (health information – special category)

Health information is special category data. We process it because it is necessary for:

  • Health or social care (Article 9(2)(h)) – the provision and management of health care and health systems and services

We may also rely on other Article 9 conditions where appropriate, for example public health or safeguarding, always applying the minimum necessary approach.

C) Duty of confidentiality

In addition to data protection law, we are bound by a duty of confidentiality. Where information is confidential, we will only use or share it:

  • for your direct care
  • where you have given consent, where applicable
  • where there is another legal basis or overriding public interest
  • where disclosure is required by law

6) Who we share your information with (and why)

We share information only when necessary, and only the minimum required.

For your direct care

We may share relevant information with:

  • NHS hospitals and clinics
  • community services, such as district nursing and health visiting
  • other GP practices, for example if you move practice
  • NHS 24 and out-of-hours services
  • pharmacies and other contractors providing NHS services for your care

For health system management, safety and legal reasons

We may share information with:

  • NHS Lothian and other NHS bodies, where appropriate
  • public health organisations, where required for public health purposes
  • regulatory and oversight bodies, where legally required
  • police, courts or other agencies where required by law, or where there is a serious risk of harm and sharing is necessary and proportionate

If you would like more detail about specific sharing arrangements, please contact the Practice Privacy / Data Protection Lead.

7) Processors and third-party suppliers

We use trusted suppliers and service providers to help run the practice safely and effectively, for example providers of clinical systems, document management, telephony and website hosting.

These organisations process personal data on our instructions and must follow strict confidentiality, security and data protection requirements.

8) International transfers

We aim to keep patient information within the UK.

If any supplier transfers personal data outside the UK, we will ensure appropriate legal safeguards are in place, such as approved contractual protections and security requirements. Further information can be provided on request.

9) How long we keep your information (retention)

We keep records no longer than necessary and in line with NHS Scotland records management guidance and retention schedules.

Clinical records are retained in accordance with national retention requirements for GP records. If you would like more information about retention periods for specific types of record, please contact us.

10) Your rights

You have rights under UK GDPR. These include:

  • the right of access – to request a copy of your information
  • the right to rectification – to have inaccurate information corrected
  • the right to restriction – in certain circumstances
  • the right to object – in certain circumstances
  • the right to data portability – in limited circumstances
  • the right to erasure – in limited circumstances; in health care this right is restricted because we often need to keep records for legal, regulatory and patient safety reasons

Subject Access Requests (SARs)

You can ask for a copy of your information verbally or in writing.

We will respond within one month of verifying your identity and having enough information to process the request. This can be extended by up to a further two months for complex requests, and we will tell you if that applies.

Requests are usually free of charge. A reasonable fee may only apply in limited circumstances, for example if a request is manifestly unfounded or excessive.

To make a request, contact the Practice Privacy / Data Protection Lead at:

Eastfield Medical Practice
Eastfield Farm Road
Penicuik
EH26 8EZ

We may ask for identification to protect your confidentiality.

Right to object

You have the right to object to how we process your personal information in certain circumstances. This right is not absolute and will depend on the reason we are using your information.

11) How we keep your information safe

We use a combination of organisational and technical measures to protect information, including:

  • staff confidentiality obligations and training
  • role-based access controls
  • secure clinical systems
  • secure storage and disposal arrangements
  • incident management processes for suspected breaches

We do not make decisions about your care or your rights based solely on automated decision-making.

Some telephone calls to and from the practice may be recorded for service quality, staff safety, complaint handling and training purposes. Access to recordings is restricted to authorised staff and recordings are retained only for a limited period in line with our local arrangements.

12) CCTV

We use CCTV to support staff safety, patient safety, premises security and crime prevention. Cameras cover reception, corridors and external areas such as the car park and building perimeter. There is no CCTV in consultation rooms or toilets.

At present, our CCTV system operates as live viewing only. Recording and playback are not functional, so footage is not stored or retrievable for later viewing.

13) Clinical photography and video

In some situations, clinicians may need to take a photograph or video for direct clinical care, for example to document a condition or support a referral. We will explain why it is needed and will record your consent in your medical record where appropriate.

We do not use clinical images for publicity or social media. Any use beyond direct care, such as teaching or training, would require explicit consent and appropriate safeguards.

14) Complaints and concerns

If you have questions or concerns about how we use your information, please contact the Practice Privacy / Data Protection Lead first.

If you remain unhappy, you can contact:

NHS Lothian Data Protection Officer
Email: loth.dpo@nhs.scot
Telephone: 0131 465 5444

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection matters.

15) Changes to this notice

We may update this notice from time to time. The latest version will always be published on our website.

Page last reviewed: 07 May 2026
Page created: 20 November 2023