Saltdean and Rottingdean Medical Practice

Grand Ocean, Longridge Avenue, Saltdean, Brighton, BN2 8BU

Telephone: 01273 305723

Sorry, we're currently closed. Please call NHS 111

Our Practice Area covers Saltdean, Rottingdean, Woodingdean, and Ovingdean  //   The Surgery Phone Lines are Closed between 1pm and 2pm daily //   

Practice Policies

Confidentiality & Medical Records

The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

  • To provide further medical treatment for you e.g. from district nurses and hospital services.
  • To help you get other services e.g. from the social work department. This requires your consent.
  • When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.

If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff. 

All our staff are bound by the same rules of confidentiality as the Doctors and Nurses. We can only give any medical information including test results to the patient themselves unless we have in writing permission to do otherwise.

In line with Department of Health guidelines, the Caldicott report and Data Protection Act we wish to advise you how we handle information held on patients. Everyone in the NHS has a legal duty to keep information about you confidential. You have a right to access your health records.

Freedom of Information

Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.

Access to Records

In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.

Privacy Notice – Direct Care (routine care and referrals).

Please read this Privacy Notice to learn how the Practice will use Patient Identifiable Data according  to the New General Data Protection Regulations (GDPR).  It describes the requirements of General Practice, what data is collected and your options for opting out of the collection if you choose:

Direct Care    Emergencies   National Screening    Payments    Summary Care

CQC    Digital   Public Health   Research    Risk    Safeguarding


We make every effort to give the best service possible to everyone who attends our practice.

However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.

To pursue a complaint please contact the practice manager who will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from reception.

Violence Policy

The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.


Saltdean & Rottingdean Medical Practice uses a mailing company called Docmail to handle some mailings to patients. Typically this is for bulk mailings such as the invitations to attend the flu clinics where it is difficult to accommodate the administrative work involved without affecting our ability to serve patients. This is permissible under guidance from both the Information Commissioner’s Office (ICO) and the Department of Health (DoH) subject to the provisions of the Data Protection Act

Please find below some more information about Docmail and how we work with them to ensure that we protect our patients’ personal data at all times.

1.1 What is Docmail

Docmail is provided by CFH Docmail Ltd a secure print and mailing company which provides print and mailing services for Local Government, GPs, Dentists, Medical Practices, Schools, Exam Boards and Banks etc. throughout the UK.

The system can be found online at and requires a secure user name and password for us to log on and upload our letters and address lists to create the printed output for despatch to Royal Mail. The system allows us to upload a letter template and mailing data for the patients we want to write to via a secure web portal.

1.2 The Data Protection Act (1998) (DPA)

Saltdean and Rottingdean Medical Practice and Docmail are both fully compliant with the Data Protection Act .

The Information Commissioners Office issued guidance in February 2012 for organisations that outsource some of its data processing to a third party. The Data Protection Act allows outsourcing to take place but stipulates certain conditions that must be met for it to be compliant.

An organisation that processes personal data is required to handle personal data in accordance with the data protection principles. A data controller may choose to use another organisation to process personal data on its behalf – a data processor.

The data controller remains responsible for ensuring its processing complies with the DPA, whether it processes in-house or engages a data processor.

Where a data processor is used the data controller must ensure that suitable security arrangements are in place in order to comply with the seventh data protection principle, details are available on the ICO website.

Saltdean & Rottingdean Medical Practice has strictly adhered to this guidance in setting up the partnership with Docmail.

• Saltdean & Rottingdean Medical Practice remains the data controller and as such has the responsibility for ensuring compliance with the provisions of the Act. We are not able to pass on those responsibilities to Docmail whose role is that of a data processor.

• There is a written contract between Saltdean & Rottingdean Medical Practice and CFH – Total Document Management Ltd in addition to the standard terms of business that are published on the Docmail website.

• That contract stipulates that Docmail can only act in accordance with instructions from Saltdean & Rottingdean Medical Practice  i.e. they can only print and mail letters in accordance with data provided by us. They are not able to do anything else with that data.

• The contract also creates a legal requirement for Docmail to act in accordance with the seventh principal of the Data Protection Act.

• The Partners of Saltdean & Rottingdean Medical Practice have satisfied themselves that Docmail have provided sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out.

• The partners have taken, and will continue to take, reasonable steps to ensure that Docmail are compliant with these security measures.

• No data will pass outside of the European Union

1.3 Connecting For Health

Docmail has achieved a 100% rating in the Department of Health’s Information Governance Toolkit Assessment for 2014-2015 and we meet with the terms and conditions of the DH Information Governance Assurance Statement. This assessment is publicly available and can be viewed here

1.4 Other Approvals

Docmail is also approved by the following:

• Government Procurement Service for Hybrid Mail – which allows all government organisations to use Docmail.

• 67 Primary Care Trusts for Medical Studies have approved the use of Docmail. 500,000 medical studies packs were sent in 2011 across 200 surgeries

• Caldicott Guardian across a number areas have approved the use of Docmail when asked

• Ethics Committees have approved the use of Docmail by surgeries for use in medical studies

1.5 Accreditations & Security Policies

In addition to the credentials listed above, I have been supplied with Docmail’s Corporate Policies and certifications as detailed below..

• ISO 27001:2005 Information Security Management System Certificate

• CFH Site Security Policy

• CFH Information Technology Security Policy

• Information Security Policy

1.6 Process

The data file provided to Docmail will only contain enough data to enable them to fulfil the contract. This means that it will include name and address details and, where appropriate, the date and time of an appointment as well as the name of the clinician you will be seeing or the name of a clinic you will be attending eg Flu Clinic or NHS Health Check. We will of course exercise the same discretion in writing the letters as we would if we were printing and posting them at the surgery.

The letters will be delivered to your address by Royal Mail in the normal way. The letters will carry the Docmail logo and the return address on the reverse side. This address does not identify the letter as having come from a doctor’s surgery.

Docmail delete the personal data 28 days after the mailing.

If you have any questions or require further information about this please ask to speak to the Practice Manager.

DPA Seventh Principle

Schedule 1 of the Data Protection Act (1998) lists eight principles of data protection. The seventh principle is of particular importance where an organisation uses a third party to process data.

The seventh data protection principle provides that:

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

The Information Commissioner’s Office provides the following guidance to organisations seeking to use a third party to process data on its behalf.

“Where a data controller chooses to use a data processor, paragraphs 11 & 12 of Schedule 2, DPA introduces additional obligations on the data controller as follows:

11. Where processing of personal data is carried out by a data processor on behalf of a data controller, the data controller must in order to comply with the seventh principle –

a. choose a data processor providing sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out, and

b. take reasonable steps to ensure compliance with those measures.

12. Where processing of personal data is carried out by a data processor on behalf of a data controller, the data controller is not to be regarded as complying with the seventh principle unless –

a. the processing is carried out under a contract –

i. which is made or evidenced in writing, and

ii. under which the data processor is to act only on instructions from the data controller, and

b. the contract requires the data processor to comply with obligations equivalent to those imposed on a data controller by the seventh principle.”


Opening Times

  • Monday
    08:00am to 06:00pm
    Phone Lines Until 18:30
  • Tuesday
    08:00am to 06:00pm
    Phone Lines Until 18:30
  • Wednesday
    08:00am to 06:00pm
    Phone Lines Until 18:30
  • Thursday
    08:00am to 06:00pm
    Phone Lines Until 18:30
  • Friday
    08:00am to 06:00pm
    Phone Lines Until 18:30
  • Saturday
  • Sunday
NHS A-Z Conditions
Find Local Services
Live Well