top of page
Patient Information

Privacy Notice


This privacy notice explains why Dacorum Healthcare Providers Ltd collects information about you, how we keep it safe and confidential and how that information may be used.


What is a Privacy Notice?

A privacy notice is a statement that describes how Dacorum Healthcare Providers Ltd collects, uses, retains and discloses personal information. This can also be called a privacy statement or fair processing notice.


Who are Dacorum Healthcare Providers?

Dacorum Healthcare Providers Ltd is a GP-shareholding company, established to provide local health services for patients. Local GP Practices in Dacorum Locality joined in a GP Federation to improve patient care and provide services for patients in the local and wider area.


We provide several health services: Extended Access GP, Nurse and Phlebotomy appointments, including Paediatric clinics, a Holistic Nursing Service and a Primary Care Nursing Service.


Privacy Notice Information

Dacorum Healthcare Providers Ltd lawfully relies upon Article 6(1)(e) “Official Authority” and upon Article 9(2)(h) “Health & Social Care” of the GDPR Act to process personal data.


To ensure that we process your personal data fairly and lawfully we are required to inform you:

•             Why we need your data

We require your data to fulfil your direct medical care. Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation.

•             How your data will be used

We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as outcomes of assessments.

•             Who your data will be shared with

Your data will be shared with those involved directly in your medical care and within the boundaries of statutory discloses of information.

You have the right to be informed about the collection and use of your health and personal data. This is a key transparency legal requirement under the Data Protection Act 2018 (DPA) and the General Data Protection Regulations 2018 (GDPR).


Personal data that we may process includes:

•             Health treatment or care you have received previously or else-where (e.g. NHS Hospital Trust, GP Surgery, Out of Hours GP Centre, A&E, Walk in clinic, etc.).

These records help to provide you with the best possible healthcare.


•             Details about you, such as your address and next of kin, emergency contacts

•             Your home telephone number, mobile phone number, email address

•             Any previous contact the service has had with you, such as appointments etc.


How we keep your information confidential and safe:


All your NHS health records are kept either digitally/electronically or in a secured paper format. Our electronic records database is hosted by EMIS Health Ltd, who is acting as a data processor, and all information is stored on their secure servers in Leeds and is protected by appropriate security and

access is restricted to authorised personnel.


We also make sure that data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed. We only contact you regarding matters of medical care, such as appointment reminders.


Your data rights:

As a “data subject”, you have the following rights:

•             Right to be informed (Articles 13 and 14)

•             Right of Access (Article 15) – to request a Subject Access Request of all the data and information held on you by Dacorum Healthcare Providers Ltd.

•             Right of Rectification (Article 16) – to request to have inaccurate or incomplete personal data updated.

•             Right of Erasure (Article 17) – to request to have data erased from our records

•             Right to Restrict Processing (Article 18) – to request processing cease in a certain way

•             Right to Data Portability (Article 20) – right to request a copy of data in paper or electronic copy

•             Right to Object (Article 21) – right to object to use of data

•             Right not to be subject to automated decision-making (Article 22) - right to have human intervention in data processing


Data fair processing activities that DHPL may perform:

General information sharing for direct medical care

•             Routine

•             Emergencies

•             Specific referrals

Access to your GP record

•             Clinical staff

•             Clinical lead auditors

NHS Data Sharing databases

•             The National Summary Care Record (SCR) - Core/Basic

•             The National Summary Care Record (SCR) - Enriched

•             EMIS Web data sharing

•             My Care Record

Statutory Disclosures of information

•             CQC

•             The Courts

•             DVLA

•             GMC

•             Health Service Ombudsman

•             HMRC

•             Medical Defence Organisation

•             NHS Counter Fraud

•             NHS Digital

o             The National Diabetes Audit (NDA)

o             Individual GP level data (IGPLD)

o             Female Genital Mutilation data (FGM)

•             Police

•             Public Health

•             Safeguarding

o             Children’s Services

o             s47/s45 Adult SAB


Permissive Disclosures of information

Only with your explicit consent, Dacorum Healthcare Providers Ltd can release information about you, from your GP record, to relevant organisations.


These may include:

•             Your employer

•             Insurance companies

•             Solicitors

Data Processors

•             EMIS Health Ltd (our electronic GP records database)

•             Docman Ltd

•             Dacorum Healthcare Providers Ltd (clinical audits; pseudonymised and anonymised data)

•             Local Authorities (Hertfordshire County Council Social Services)

•             Herts Valleys CCG (anonymised and pseudonymised data)

•             NHS England (anonymised data)


•             Pharmacy collection of FP10 prescriptions

Communicating with our patients

•             SMS/Text messages

•             Email (medical purposes)/Email (non-medical purposes)

•             Letter (written correspondence)

The following section outlines the management of the fair processing of this notice, contact details and other access to information legislation.


Complaints about how we process your personal information

In the first instance, you should contact us:


In writing:                                                 

Dacorum Healthcare Providers Ltd

16 Sovereign Park

Cleveland Way

Hemel Hempstead



By email:    


By telephone:

01442 269881


Please contact us if you have any questions about our privacy notice or the information that we hold about you.


Our opening hours are: 9am to 5pm Monday to Friday.


Changes to our fair processing notice

We keep our privacy notice under regular review, and we will place any updates on our website This notice was last updated on 7/02/2020.


Data Protection Notification

Dacorum Healthcare Providers Ltd is a ‘data processor’ under the DPA and the GDPR. The GP remains the ‘data controller’ of the GP Practice record. We have notified the Information Commissioner’s Office (ICO) that we process personal data.

Our Data Protection Officer is Tom Kerr


For independent advice about data protection, privacy, and data sharing issues, or if you wish to express your right to lodge a complaint directly to the ICO, please contact:


Information Commissioner’s Office

Wycliffe House

Water Lane




Tel: 0303 123 1113


bottom of page