Your Data & Privacy
At Parkgrove Medical Centre, we are committed to protecting your privacy and handling your personal data with the highest standards of care and security. We fully comply with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and NHS data protection standards.
Your medical records are stored securely and only accessed by authorised healthcare professionals involved in your care.
We maintain strict confidentiality protocols and only share your information when necessary for your treatment or with your explicit consent.
We are open about how we collect, use, and store your data. You have the right to access your medical records at any time.
Parkgrove Medical Centre holds the following types of personal data about you:
- Basic personal information: Name, date of birth, address, contact details, NHS number, next of kin details
- Medical history: Current and past illnesses, diagnoses, treatments, medications, allergies, test results, hospital letters, referrals
- Consultation notes: Records of appointments, phone calls, and home visits with healthcare professionals
- Administrative data: Appointment bookings, prescription requests, and correspondence
- Special category data: Information about your physical and mental health, which receives additional legal protection
We process your personal data for the following purposes:
Direct Patient Care
To provide you with high-quality healthcare, including diagnosis, treatment, ongoing care, and referrals to specialists. This is our primary legal basis for processing your data.
Healthcare Management
To manage appointments, prescriptions, test results, and coordinate care with other NHS services such as hospitals and community health teams.
Public Health & Research
Anonymous or pseudonymised data may be used for medical research, disease surveillance, service improvement, and population health initiatives. This helps improve healthcare for everyone.
Legal & Regulatory Requirements
We may be required to share information with NHS Scotland, Public Health Scotland, or other regulatory bodies for audit, safeguarding, or legal purposes.
Right of Access
You can request a copy of your medical records free of charge. We will respond within one month. Contact our reception team to submit a Subject Access Request (SAR).
Right to Rectification
If you believe any information in your records is inaccurate or incomplete, you can request corrections. Clinical information will be reviewed by a healthcare professional.
Right to Restrict Processing
You can ask us to limit how we use your data in certain circumstances, though this may affect the care we can provide.
Right to Object
You can object to your data being used for research or planning purposes. This is called a "Type 1 Opt-Out" and will not affect your individual care.
Right to Complain
If you have concerns about how we handle your data, you can contact the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.
We only share your personal information when it is necessary for your care or required by law. Data may be shared with:
- NHS Scotland services: Hospitals, community health teams, out-of-hours services, NHS 24, Scottish Ambulance Service
- Healthcare professionals: Specialists, consultants, pharmacists, physiotherapists, and other clinicians involved in your treatment
- Public Health Scotland: For disease surveillance, vaccination programmes, and health improvement initiatives
- Social care services: When coordinating care for vulnerable patients (with appropriate consent or legal basis)
- Third-party providers: IT systems, appointment booking platforms, and clinical software suppliers (all bound by strict data protection agreements)
- Legal authorities: Police, courts, or safeguarding teams when legally required or to protect vulnerable individuals
All data sharing is governed by strict NHS information governance standards and data protection laws.
The National Data Opt-Out allows you to control whether your confidential patient information is used for research and planning purposes beyond your individual care.
If you opt out, your confidential patient information will still be used to support your individual care, but will not be used for research or planning purposes (unless required by law).
To register your choice, visit nhs.uk/your-nhs-data-matters or call 0300 303 5678.
We take data security extremely seriously and have robust measures in place:
- All electronic records are encrypted and stored on secure NHS-approved systems
- Access to patient records is restricted to authorised staff only, logged and audited
- Paper records are kept in locked cabinets in secure areas
- Staff receive regular training on data protection and confidentiality
- We use secure NHS email systems for sharing patient information with other healthcare providers
- Our IT systems are regularly updated and tested for vulnerabilities
- We have incident response procedures in case of any data breach
Medical records are retained in accordance with NHS Scotland Records Management Code of Practice:
- GP records are retained for a minimum of 10 years after a patient's death or permanent departure from the practice
- Records for children are retained until the patient's 25th birthday or 10 years after death, whichever is longer
- Mental health records may be retained for up to 20 years
When records are no longer needed, they are securely destroyed in accordance with NHS guidelines.
If you have any questions about how we handle your personal data, wish to exercise your rights, or want to make a Subject Access Request, please contact our practice:
Email: enquiries@parkgrovemc.scot.nhs.uk
Phone: 0131 312 6600
Address: 22B Parkgrove Terrace, Edinburgh, EH4 7NX
Our Data Protection Officer is responsible for ensuring compliance with data protection legislation. For formal data protection enquiries, please mark your correspondence "For the attention of the Data Protection Officer".