As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
OpenSAFELY
NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.
Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data.
This means identifiers are removed and replaced with a pseudonym.Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.
Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
Here you can find additional information about OpenSAFELY.
Automated Data Processing and Use of AI
a) Use of automated systems
We use secure clinical IT systems that may automatically process data to support healthcare delivery, including:
- Flagging abnormal results
- Clinical risk alerts
- Appointment prioritisation
- Administrative efficiency
These systems support staff decision‑making but do not replace clinical judgement.
b) Use of Artificial Intelligence (AI)
We may use AI‑enabled tools to support healthcare and service improvement, such as:
- Clinical decision‑support systems
- Risk stratification and population health tools
- Digital triage and symptom assessment tools
- Service planning and demand forecasting
Key safeguards:
- AI tools are used as decision support only
- Final clinical decisions are always made by qualified healthcare professionals
- AI systems are carefully assessed for safety, bias, and accuracy
- Processing complies with NHS, ICO, and UK GDPR requirements
c) Automated decision‑making
We do not make decisions about your care solely by automated means that have legal or significant effects on you without appropriate human oversight.
You have the right to:
- Request human review of automated processing
- Challenge or seek explanation of decisions involving automation
Patient and Third Party Privacy Notice
Cumbria Health is a controller of personal data and takes steps to safeguard any personal data provided to us. Please view our privacy notice for further information, this details how we process your personal data, it can be accessed on the Cumbria Health website (https://cumbriahealth.co.uk/), or a paper copy can be requested from the receptionist or the Cumbria Health office by phoning 01228 514830 Monday to Friday 8am to 6:30pm.
Contacting us
If you have any questions or feedback about this privacy statement, or if you would like us to stop processing your information, please do not hesitate to get in touch.
Cumbria Health, 4 Wavell Dr, Rosehill Industrial Estate, Carlisle CA1 2SE
Tel: 01228 514830
