Privacy Statement

This privacy statement is designed to advise you on how we handle and use your information.

The Healthcare Team at Perth & Scone Medical Group strives to ensure that your medical information is kept safe and secure and is only used for the purposes in which was intended to be used. The practice conforms to the current legislation on GDPR (General Data Protection Regulations) 2018.

This privacy statement is designed to advise you on how we handle and use your information. If you need further information, please do not hesitate to contact the practice manager at Taymount Surgery on 01738 627117. See also our policies and procedures.

How we record and use your data

From 2005, all information is now recorded in electronic format. From this time, all clinical contacts at the practice have been recorded on a secure computer record on the practice clinical system. We also have an electronic system to handle and store medical correspondence sent to and received from secondary care and other appropriate agencies around your medical care.

We may also use your information within the practice to check, review and endeavor to maintain or improve upon the quality of the care that we provide to you and our patient population in its entirety.

Sharing of your data

We may share relevant and appropriate information from your medical record with other health & social care bodies or other organisations who involved in your medical care when this is appropriate. This will be carried out strictly in line with current legislation. For example, your GP will share some information about your medical history when they refer you to a specialist in a hospital or your GP will send details about your medication to your chosen pharmacy.

Healthcare staff working in A&E and Out of Hours care may also have access to some of your information. For example, it is important that staff who are treating you in an emergency situation know if you have any allergic reactions. This will involve the use of an Emergency Care Summary (ECS) or eKIS (electronic Key Information Summary).

Each patient in Scotland will have an Emergency Care Summary (ECS) on their records, which contains some basic information about your health, e.g. recently prescribed medication and drug allergies. However, if you do not wish information to be shared in this manner, you can opt out. The reception staff at the surgery can arrange this for you.

Furthermore, some patients may also have an eKIS (electronic Key Information Summary) in place. This summary will contain the information already held in the ECS Summary but may also include some additional relevant information around your medical history as well as information about your wishes for your care.

An eKIS is of particular use to healthcare professions external to the practice team if you have a complex medical history or are frequently admitted to hospital. Your consent is required to share this information and it will have been discussed fully with your GP or healthcare professional prior to the sharing of any information.

If you wish to see what information is shared for you on your Emergency Care Summary or Electronic Key Information Summary, practice staff can help you with this. You also have the right to have any mistakes or errors corrected.

Other important information

How your information is used to provide you with healthcare:

NHS Care:

  • All patients who receive NHS care are registered on a national database
  • This database holds your name, address, date of birth and CHI Number but it does not hold information about the care you receive
  • The database is held by NHS National Services Scotland, a national organisation which has legal responsibilities to collect NHS data. However, they do not hold any patient specific medical information about you

Health Promotion

  • We use our clinical system to identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital
  • This means that the practice can offer our patients additional care or support as early as possible.
  • Staff at the practice may also perform searches of our own database to assist the delivery of national health promotion campaigns (e.g. winter immunizations such as Influenza or Shingles Vaccinations)
  • This process may involve linking information from your GP record with information from other health or social care services involved in your care
  • Information which identifies you will only be seen by appropriate staff at this practice
  • National screening programmes such as Breast Screening, Bowel Cancer Screening, Cervical Cancer Screening


  • Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm
  • These circumstances are rare and it can be done without your consent

We are required by law to provide you with the following information about how we handle your information.

Data Controller contact details Joint data controllers:
  • NHS Tayside Board
  • Perth & Scone Medical group, 1 Taymount Terrace, Perth, PH1 1NU
Data Protection Officer contact details TBC
Purpose of the processing
  • To give direct health or social care to individual patients.
  • For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
  • To check and review the quality of care. (This is called audit and clinical governance).
Lawful basis for processing

These purposes are supported under the following sections of the GDPR:

  • Article 6(1)(e) "...necessary for the performance of a task carried out in the public interest or in the exercise of official authority..."; and
  • Article 9(2)(h) "necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services..."

Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.

Recipient or categories of recipients of the processed data

The data will be shared with:

  • healthcare professionals and staff in this surgery;
  • local hospitals;
  • out of hours services;
  • diagnostic and treatment centres;
  • or other organisations involved in the provision of direct care to individual patients.
Rights to object
  • You have the right to object to information being shared between those who are providing you with direct care.
  • You should be aware though that this may affect the care you receive - please speak to the practice.
  • You are not able to object to your name, address and other demographic information being sent to NHS National Services Scotland.
  • This is necessary if you wish to be registered to receive NHS care.
  • You are not able to object when information is legitimately shared for safeguarding reasons.
  • In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
Right to access and correct
  • You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our 'subject access request' policy.
  • We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention period GP medical records will be kept in line with the law and national guidance.
Right to complain You have the right to complain to the Information Commissioner's Office. If you wish to complain follow go to or call the helpline 0303 123 1113
Data we get from other organisations

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens.

This means your GP medical record is kept up-to-date when you receive care from other parts of the health service.