Privacy, medical records and how we use your information

How we use and protect your information

We take your privacy seriously. We follow data protection law and medical records legislation to make sure your personal information is used safely, fairly and appropriately.

This page explains how your information may be used to support your care, improve NHS services and meet our legal responsibilities.

It also includes links to our privacy notices and information about specific NHS programmes, including the Welsh GP Record and the National Diabetes Audit.

When your information may be shared

Identifiable information about you will only be shared in specific circumstances. This may include:

To provide further medical treatment, for example with district nurses or hospital services
To help you access other services, such as social services, where your consent is required
Where we have a duty to protect others, such as in child protection cases
Using anonymised information locally or nationally to help plan NHS services

Anonymised information cannot identify you.

If you do not want anonymised information to be used

Please contact the practice if you do not want anonymised information about you to be used for NHS planning purposes.

Welsh GP Record

The Welsh GP Record is a summary of important information from your full GP medical record.

It can be viewed by selected health professionals in Out of Hours services and some hospital or secondary care settings. This helps them give you safe and appropriate care, especially when the GP surgery is closed.

What the Welsh GP Record may include

Your name, address and contact details
Your current medication and medication prescribed within the last two years
Allergies or adverse reactions
Current conditions or diagnoses
Recent test results from the last year, such as blood tests or X-rays

It does not include private discussions you may have had with your GP.

National Diabetes Audit

The National Diabetes Audit helps the NHS understand and improve the quality of diabetes care in England and Wales.

If you have diabetes, a small amount of information from your GP record may be shared so the NHS can learn how diabetes care is being provided and how services can be improved.

What information is shared?

The National Diabetes Audit may collect:

Your NHS number
Your postcode
Your sex at birth
Your date of birth
Your GP practice code

Your name is not shared.

Why is this information used?

This information helps the NHS:

See how people with diabetes are being cared for
Understand what is working well
Find ways to improve diabetes care for everyone
Compare care across practices, clusters, health boards and Wales as a whole
Plan services and target resources where they are needed most

Reports produced from the audit do not identify individual patients.

Who uses the information?

Digital Health and Care Wales collects relevant information from GP systems and provides it securely to NHS England. NHS England analyses the data and produces National Diabetes Audit reports.

From 2026, Digital Health and Care Wales will also receive some patient-level data back from NHS England. This will help NHS Wales carry out analysis to improve diabetes care across Wales.

This information is used to improve diabetes services. It is not used to make decisions about your individual care and treatment.

Your rights

You can:

Ask to see information held about you
Ask for mistakes to be corrected
Ask questions about how your information is used
Ask your GP practice not to share your data for the purposes of the National Diabetes Audit

We hope you are happy for your information to be used to help improve diabetes care, but we respect your right to choose. Please contact the practice if you have any concerns or questions.

National Diabetes Audit privacy information

You can read the summary and detailed privacy information below.

National Diabetes Audit summary information National Diabetes Audit summary information, English and Welsh National Diabetes Audit detailed information National Diabetes Audit detailed information, English and Welsh

How we manage records

Records and Information Management are important parts of our Information Governance responsibilities.

Good records management means we have the right information available at the right time to support safe and effective care.

We manage records in line with legal requirements, including:

UK General Data Protection Regulation, also known as UK GDPR
Data Protection Act 2018
Freedom of Information Act 2000

These requirements apply to different types of records, including paper and electronic documents, emails, audio and video recordings, X-rays and CCTV footage.

View Information Governance guidance

Privacy notices and related information

You can read more about how information is used in the following privacy notices and related documents.

Cwmfelin Medical Centre Privacy Notice Cookies privacy information All Wales Diabetes Prevention Programme Privacy Notice National Exercise Referral Scheme information Flu Vaccination Programme 2025/26 Privacy Notice

Questions about your information?

If you have any questions about how your information is used, shared or stored, please contact the practice.