This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.


The surgery will be closed for bank holiday on Mondays May 7th and 28th 2018.  For urgent problems that cannot wait until the practice opens the next morning, dial 111. For anything life threatening, call 999.  Many thanks.

We Can Text You!

We are using our text messaging service more and more, to invite you for a review, blood test or let you know if a GP would like to see you. You can also you use it to cancel appointments, decline or accept services and let us know if we are doing a good job! Please make sure we have your up to date contact details. You can do this via this website or EMIS access if you are registered. Alternatively, call us and let us know.

Cancel Your Appointment!

Every week a large number of patients fail to attend booked appointments. Please let us know as soon as possible if you can’t keep your appointment then we can give it to someone else! We offer a text messaging service which has the option to cancel an appointment so please make sure we have your up to date contact details.

Out of Hours 

When the surgery is closed if you have an urgent problem that cannot wait until we are open again, please call 111. For anything life threatening call 999.

Fair Processing Notice


Who we are and what we do

Gosport Medical Centre is responsible for providing Primary care services for the local population of Gosport, Hampshire. .


Your Information, Your rights


Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the Data Protection Act 2018 and the EU General Data Protection Regulation(GDPR)


The following notice reminds you of your rights in respect of the above legislation and how we as your GP practice will use your information for lawful purpose, in order to deliver your care and the effective management of the local system.


This notice reflects how we use your information for:


  • The management of patient records;
  • Communication concerning your clinical, social and supported care;
  • Ensuring the quality of your care and the best clinical outcomes are achieved through clinical audit and retrospective review;
  • Participation in health and social care research;and
  • The management and clinical planning of services to ensure that appropriate care is in place for our patients today and in the future.


Data Controller


As your registered GP practice, our GP’s are the data controller for any personal data that we hold about you.

Data Protection Officer(DPO)

Data protection officers are responsible for ensuring that the practice complies and implements the data protection policy. Our DPO is practice manager Suzanne Ayles at the moment but this may change in the future.


What information do we collect and use?


As a GP practice we hold collect and hold the following types of information from you or about you from a third party engaged in the delivery of your care.


  • Personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified from the data. This includes, but is not limited to name, date of birth, address, postcode, NHS number and next of kin; 

    • ‘Special category/sensitive data’ such as medical history, medication, treatment you have received and where, clinical notes, hospital letters, test results, referrals, care arrangements, social care status, ethnic origin, communications from you including concerns or complaints. 

    Your healthcare records contain information about your health and any treatment or care you have received previously (e.g. from a hospital clinic, same day access clinic, community care provider, mental health provider, walk in centres, social services). These records may be electronic, a paper record or a mixture of both. We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.


    Why do we collect this information?


    The NHS Act 2006 and Health and Social Care Act 2012 invests statutory functions on GP practices to promote and provide primary health services in England, improve quality of services, reduce inequalities, conduct research, review performance of services and deliver education and training. To do this we will need to process your information in accordance with current data protection legislation to:


    • Protect your vital interests;
    • Pursue our legitimate interests as a provider of medical care, particularly where the individual is a child or a vulnerable adult;
    • Perform tasks in the public’s interest;
    • Deliver preventative medicine, medical diagnosis, medical research; and
    • Manage the health and social care system and services.


    What do we use your personal information for?


    • For your direct care needs and to ensure you receive the best possible care;
    • To respond to queries from you or health care providers directly involved in your care;
    • To identify whether you are at risk of a future, unplanned hospital admission;
    • To support and effectively manage a long term condition;
    • For clinical audit to monitor the quality of service provided;
    • To understand the local population needs and plan for future requirements. This is known as ‘Risk Stratification for Commissioning’;


    How is this information collected?


    Your information is collected electronically using secure NHS email or a secure electronic document transfer system using an NHS encrypted network connection. In addition, physical information in paper form will be sent to the practice. This information will be stored within your GP electronic record or within your physical medical record.


    Who will we share your information with?


    Who will we share your information with?


    In order to deliver, coordinate and improve your health and social care, we may share information with the following organisations:


    • Local GP practices in order to deliver extended primary care services
    • Portsmouth Hospitals NHS trust (QA hospital, Gosport War Memorial hospital, St Mary’s hospital and Petersfield Hospital)
    • NHS 111 and the out of hours services
    • Local social services and community care services such as district nurses, palliative care nurses, counsellors, health visitors
    • Voluntary support organisations commissioned to provide services by Fareham and Gosport CCG
    • Product services commissioned by the CCG such as the continence and stoma service
    • Fareham and Gosport CCG


    Your information will only be shared if it appropriate for the provision of your care or to satisfy our statutory function and legal obligations.


    We do not share information that identifies you unless we have a fair and lawful basis, such as:


    • You have given us permission; consented;
    • We need to act to protect children and vulnerable adults;
    • When a formal court order has been served upon us;
    • When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
    • Emergency planning reasons such as for protecting the health and safety of others;
    • When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals;

    Your information will not be transferred outside the European Union.

    We may share anonymised, pseudonymised and aggregated statistical information with other organisations for the purpose of improving local services, research, audit and public health; for example understanding how health conditions spread across our local area compared to other areas.


    Who do we receive information from?


    Whilst we share your information with the above organisations, we may also receive information from them to ensure your medical records are kept up to date and so that your GP can provide the best care.


    We also receive data from NHS Digital (as directed by the Department of Health) such as the uptake of flu vaccinations and disease prevalence in order to assist us to improve community primary care.


    How do we maintain confidentiality of your records?


    We are committed to protecting your privacy and will only use information that has been collected lawfully.


    Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential and only share for the purpose of providing direct health care.


    We ensure that access to your personal data is limited to appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal reason for access.


    We maintain our duty of confidentiality by conducting annual training and regular review of policies and protocols.


    Information is not held longer than necessary and is held in accordance with the Records Management Code of Practice for Health and Social Care 2016.

    We have a clear desk policy which means that at all patient identifiable data should be locked away at the end of the day.


    All paper records are stored in lockable cupboards and kept in an office with a code locked door.


    All faxes are received in a safe haven area where only staff access is allowed.


    All patient information transferred by email is done an NHS mail email account. This has the highest security standards.






















     Using your information



    In order to support your care, health professionals maintain records about you. We take great care to ensure your information is kept securely, that it is up to date, it is accurate and used appropriately.  All of our Practice staff are fully trained to understand their legal and professional obligations to protect your information and will only look at your information if they need to.  They will only look at what they need to in order to do things like book you an appointment, give general health advice, provide you with care and if necessary refer you to other services.



     What kind of information do we use?


    As a General Practice we hold information about our patients and staff including medical records, complaints and concerns, and personnel records. The information they contain include;


    • Your name, address, your date of birth, your NHS number and contact details.
    • Next of kin.
    • What treatment you have received and where you received it – consultation information.
    • Results of investigations, like laboratory tests, x-rays etc.
    • Referrals, communications regarding your care in other organisations.
    • Communications from you including concerns or complaints you have raised about your health care provision.


    What do we use your Personal Confidential Data for?


    The areas where we regularly use your personal confidential information include:


    • For your direct care needs.
    • Responding to your queries, compliments or concerns.
    • Where there is a provision permitting the use of confidential personal information under specific conditions, for example to understand the local population needs and plan for future requirements, which is known as “Risk Stratification for commissioning"


     We may share your information with other organisations


    We may share pseudonymised, anonymised and aggregated statistical information with other organisations for the purpose of improving local services, research, audit and public health;  for example understanding how health conditions spread across our local area compared to other areas.


    We do not share information that identifies you unless we have a fair and lawful basis such as:

    • You have given us permission; consented;
    • We need to act to protect children and vulnerable adults;
    • When a formal court order has been served upon us;
    • When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
    • Emergency Planning reasons such as for protecting the health and safety of others;
    • When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals;
    • To check the quality and efficiency of the health services we provide;
    • Prepare performance reports on the services we provide;
    • Work out what illnesses people may have in the future, so we can plan and prioritise services and ensure these meet the needs of patients in the future.

    The law provides some NHS bodies, particularly NHS Digital, (formally the Health and Social Care Information Centre) ways of collecting and using patient data that cannot identify a person, to help Commissioners to design and procure the combination of services that best suit the population they serve.

    A full list of details including the legal basis, any Data Processor involvement and the purposes for processing information can be found in Appendix A.

    What safeguards are in place to ensure data that identifies you (patients) is secure?

    We only use information that may identify you in accordance with the 2018 General Data Protection Regulations. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful. Below is a link to the patient guide, please highlight the link and then right click and open:

    Within the health sector, we also have to follow the common law duty of confidence, which means that where provide identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare.

    Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee and NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

    The NHS Digital Code of Practice on Confidential Information applies to all of our staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All staff are expected to make sure information is kept confidential and receive annual training on how to do this. This is monitored by the practice.

    We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it).

    We ensure external organisations that process data and support us are legally and contractually bound to operate and proven security arrangements are in place where data that could or does identify a person are processed.

    The practice has a senior member of staff responsible for protecting the confidentiality of patient information. This person is called the Caldicott Guardian. The contact details of our Caldicott Guardian are as follows:

    Caldicott Guardian – Dr Bozena Gorecka, GP. Surgery number 02392 583302.        

    You have a right to opt out of data sharing and processing at any point. Please speak to a member of staff if you wish to do so, or have any questions.


    The NHS Constitution states ‘You have a right to request that your personal confidential information is not used beyond your own care and treatment and to have your objections considered’. For further information please visit:


    Your GP surgery and NHS Digital takes the responsibility for looking after care information very seriously. Please follow the NHS Digital links on How we look after information for more detailed documentation.

    NHS England recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties. Follow the links on the How we use your information page for more details.

    Gaining access to the data we hold about you

    If you wish to have sight of your of your own personal health care records you can apply for access via EMIS online services. With this service you will be able to see your medication, allergies, test results and coded information from consultations and outpatient appointments. You will not have access to any documents sent in by a third party, ie outpatient clinics, hospital discharge summaries and would need to apply, in writing, to the Practice manager, the hospital or any other NHS Organisation which has provided your health care.

    • View this or request copies of the records by making a subject access request.
    • Request information is corrected.
    • Have the information updated where it is no longer accurate.
    • Ask us to stop processing information about you where we are not required to do so by law.

    Everyone has the right to see, or have a copy of information that is held about them. If you want to access data not available in your online record you must make the request in writing to the Practice Manager. Under special circumstances, some information may be withheld. If you wish to have a copy of the information we hold about you.. 


    You can do this by writing to us at:


    Gosport Medical Centre, Bury Road, Gosport, Hants. PO12 3AQ



    What is the right to know?


    The Freedom of Information Act 2000 (FOIA) gives people a general right of access to information held by or on behalf of public authorities, promoting a culture of openness and accountability across the public sector. You can request any information that the practice holds, that does not fall under an exemption.  You may not ask for information that is covered by the Data Protection Act under FOIA. However you can request this under a Subject Access Request – see section above ‘Gaining access to the data we hold about you’. 


    Your request must be in writing and can be either posted or emailed to:



    Postal requests should be directed to:


    Gosport Medical Centre, Bury Road, Gosport, Hants. PO12 3AQ


    Information Commissioners Office


    For independent advice about data protection, privacy, data sharing issues and your rights you can contact:


    Information Commissioner’s Office

    Wycliffe House,

    Water Lane,



    SK9 5AF


    Telephone: 0303 123 1113 (local rate) or 01625 545 745


    Email: or Visit the ICO website. 


    Complaints or questions


    We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. The practice complaints contact details are found below;


    Gosport Medical Centre, Bury Road, Gosport, Hants. PO12 3AQ  02392 583302

    Links to other websites


    This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.


    Changes to this privacy notice


    We keep our privacy notice under regular review. This Fair Processing notice was last updated in September 2017.


    Definitions of information/data:


    • Data Processor – An organisation or body that processors, reviews, updates or amends, or stores information about individuals


    • Personal Confidential Information – this term describes personal information or data about identified or identifiable individuals, which should be kept private or secret. For the purposes of this notice ‘personal’ includes the Data Protection Act definition of personal data, but it is adapted to include deceased as well as living people. ‘Confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’ and is adapted to include ‘sensitive’ as defined in the Data Protection Act.


    • Pseudonymised – this is data that has undergone a technical process that replaces your identifiable information such as NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identity of the individual patient to those working with the data


    • Anonymised – this is data about individuals but with identifying details removed so that there is little or no risk of the individual being re-identified


    • Aggregated – anonymised information that is grouped together so that it doesn’t identify individuals


     Appendix A

    Who we share your information with and why



    Clinical Commissioning Group

    Purpose – Anonymous information is shared to plan and design care services within the locality

    Legal Basis – non identifiable data only


    Data Processor – Fareham & Gosport & SE Hants CCG

    Individual Funding Requests – The CSU

    Purpose – We may need to share your information with the IFR team for the funding of treatment that is not normally covered in the standard contract


    Legal Basis – The clinical professional who first identifies that you may need the treatment will explain to you the information that is needed to be collected and processed in order to assess your needs and commission your care; they will gain your explicit consent to share this.


    Data processor – We ask NHS South, Central and West Commissioning Support Unit (CSU) to do this on our behalf.

    Summary Care Records


    Purpose – Limited Personal identifiable data is shared with the Summary Care Record to help with emergency doctors and nurses help you when you contact them when the surgery is closed.


    Legal Basis – This is for your direct care and in an emergency – you can opt out of your record being shared


    Data Processor – Central NHS database

    Care and Health Information Exchange (CHIE)

    Purpose – Is a local combined electronic health record. It brings together information in your health records from different parts of the NHS to assist with your direct care – you may opt out of having your information shared on this system. 


    Legal Basis – This service is for provision of health, social care or treatment and in order for treatment to be safe, knowledge of a patients medical history is required. - you can opt in or out at any point. 


    Data Processor – Local NHS organisation

     Care and Health Information Analytics (CHIA)

     Purpose - This is a database which holds pseudonymised information, which means no patients can be identified. This information is received from the CHIE and it is used to look at trends in health, to improve future care, to shape NHS services and support medical research.

    Legal basis - This database collection enables our CCG and local authorities to provide good health and social care, which is a duty in law. You can opt in or out at any point.

    Data Processor - South Central and West Commissioning Support unit

    Other GP practices within Fareham & Gosport and SE Hants CCG in relation to the GP Extended Access Service (GPEAS)


    Purpose -   We will enable other GP’s and staff in other GP practices to have access to your medical record to allow you to receive acute medical care within that service.


    Legal Basis – This service is for your direct care and is fully consented, permission to share your medical record will be gained prior to an appointment being made in the service and again once you are in the consultation.


    Data processor – Your registered surgery will continue to be responsible for your full medical record

    Pharmacists from the CCG

    Purpose – to provide monitoring and advice in line with the national directive for prescribing. Anonymous data is collected by the CCG.


    Legal Basis – direct care


    Data Processor – Fareham & Gosport and SE Hants CCG

    MASH – Multi Agency Safeguarding Board - Safeguarding Children

    Safeguarding Adults

    Purpose – We share information with health and social care authorities for safeguarding issues


    Legal Basis - Because of public Interest issues, e.g. to protect the safety and welfare of Safeguarding we will rely on a statutory basis rather than consent to share information for this use. See section on 'fair and lawful' basis.


    Data Processor –Multi Agency Safeguarding Authorities.

    Risk Stratification

    Purpose – Risk stratification is a process for identifying and managing patients who are at high risk of emergency hospital admission.


    Risk stratification tools use various combinations of historic information about patients, for example, age, gender, diagnoses and patterns of hospital attendance and admission and primary care data collected from GP practice record systems.


    GPs will be able to identify which of their patients are at risk in order to offer a preventative service to them.


    Legal Basis - Risk stratification has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority


    NHS England encourages GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable hospital admissions and to promote quality improvement in GP practices.


    Data Processors – NHS South, Central and West Commissioning Support Unit (CSU) to assist us with providing Risk Stratification tools.


    Data Processing activities for Risk Stratification – The GP practice instructs its GP IT system supplier to provide primary care data identifiable by your NHS Number.


    Opting Out - If you do not wish information about you to be included in our risk stratification programme, please contact the GP Practice. They can add a code to your records that will stop your information from being used for this purpose.  Further information about risk stratification is available from:

    Quality monitoring, concerns and serious incidents

    Purpose – We need to ensure that the health services you receive are safe, effective and of excellent quality.   Sometimes concerns are raised about the care provided or an incident has happened that we need to investigate.  You may not have made a complaint to us directly but the health care professional looking after you may decide that we need to know in order to help make improvements.


    Legal Basis – The health care professional raising the concern or reporting the incident should make every attempt to talk to you about this and gain your consent to share information about you with us. Sometimes they can do this without telling us who you are.  We have a statutory duty under the Health and Social Care Act 2012, Part 1, Section 26, in securing continuous improvement in the quality of services provided.


    Data processor – We share your information with health care professionals that may include details of the care you have received and any concerns about that care. In order to look into these concerns we may need to talk to other organisations such as Fareham & Gosport and SE Hants CCG as well as other Public bodies and Government agencies such as NHS Improvement, the Care Quality Commission, NHS England as well as the Providers of your care.

    Commissioning, planning, contract monitoring and evaluation

    Purpose – We share aggregated, anonymous, patient data about services we have provided.


    Legal Basis - Our legal basis for collecting and processing information for this purpose is statutory.   We set our reporting requirements as part of our contracts with NHS service providers and do not ask them to give us identifiable data about you. 


    If patient level data was required for clarity and extensive evaluation of a service, consent will be gained for the surgery to share this information.


    Data Processor – Various organisations, CCG, third party organisations commissioned by the NHS to perform actuarial services, NHS England. 

    National Registries

    National Registries (such as the Learning Disabilities Register) have statutory permission under Section 251 of the NHS Act 2006, to collect and hold service user identifiable information without the need to seek informed consent from each individual service user.

    Surveys and asking for your feedback

    Purpose - Sometimes we may offer you the opportunity to take part in a survey that the practice is running. We will not generally ask you to give us any personal confidential information as part of any survey.


    Legal Basis – you are under no obligation to take part and where you do, we consider your participation as consent to hold and use the responses you give us.


    Data Processor –  eg Survey Monkey


    Purpose - To support research oriented proposals and activities in our commissioning system


    Legal Basis - Your consent will be obtained by the organisation holding your records before identifiable information about you is disclosed for any research. If this is not possible then the organisation wishing to use your information will need to seek formal approval from The Independent Group Advising on the Release of Data (IGARD)  

    Other organisations who provide support services for us

    Purpose - The Practice may use the services of additional organisations (other than those listed above), who will provide additional expertise to support the Practice.


    Legal Basis - We have entered into contracts with other organisations to provide some services for us or on our behalf.


    Continence and Stoma Service – for direct care in providing continence/stoma products and monitoring.

    i-Talk Counselling service


    Dementia Friendly


    District Nurses


    Health Visitors

    Palliative Nurses

    Clinical Waste


     Purpose -  To enable healthcare professionals working for Gosport medical centre to provide the necessary information to another healthcare professional or organisation, when a referral for further treatment is needed. This also applies when specialists ring the surgery to discuss on going care or when healthcare professionals within the medical centre need to contact other healthcare professionals to discuss a patients on going treatment.

    Legal Basis - This is for direct care and provision of health. Your consent will be sought by the GP/nurse at the point of decision to refer on. You can object to your information being shared but your GP/nurse may not be able to refer you without it.

    If a patient objects but lacks capacity to make an informed decision, it may be in their best interest to continue with the disclosure in order to complete the referral safely.


    Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website