AI Policy

How we use AI at our GP practice

We use Artificial Intelligence (AI) to support our team in delivering safe, efficient, and high-quality care. AI helps us improve services, but it does not replace the judgement of our clinicians.

What we use AI for

Administrative support

We use AI to help prioritise and route online requests, summarise information, and reduce paperwork. This allows clinicians to spend more time focusing on patient care.

Clinical decision support

AI may provide prompts, risk alerts, or relevant guidance to clinicians. These outputs are clearly identified and are always reviewed by a healthcare professional. They are not a substitute for clinical judgement.

Patient communications

AI may be used to improve the clarity and accessibility of non-clinical messages, such as appointment reminders. We do not use AI to make automated decisions about your care.

What data AI may process

• This may include basic identifiers (such as NHS number or age) and relevant health information needed for the specific task.
• We follow strict data minimisation principles, meaning we only use the information necessary.
• Access is controlled based on staff roles, and all activity is auditable.

Our legal basis (UK GDPR)

We process data in line with UK data protection laws:

• Article 6(1)(e) – Public Task: to provide NHS primary care services
• Article 9(2)(h) – Health or Social Care: for processing health data as part of direct care

If data is used for research or service improvement beyond direct care:

• We apply safeguards such as de-identification
• We use an appropriate legal basis (e.g. Article 9(2)(j)) or seek explicit consent where required
• We will not use your data for new purposes without informing you

Medical device and safety governance

• Where AI tools have a clinical or medical purpose (e.g. triage or decision support), they must meet UK regulatory requirements (e.g. UKCA/CE marking and MHRA registration).
• We follow national clinical safety standards (DCB0129 and DCB0160).
• Any AI-generated clinical information is reviewed by a clinician before being added to your record.
• Adverse incidents can be reported via the MHRA Yellow Card scheme.

Keeping your data secure

• All suppliers must meet NHS security standards, including the Data Security and Protection Toolkit and Cyber Essentials certification.
• Data is stored securely, and any transfers outside the UK use appropriate legal safeguards.
• We verify patient identity for online services and have clear processes for carers and authorised representatives.

Your choices and rights

You have important rights over your data:

• Transparency: We will be clear about when and how AI is used in your care
• Access and correction: You can request access to your records and ask for inaccuracies to be corrected
• Objection: You can object to certain types of data use, and we will consider your request in line with legal and safety requirements
• Opt-out for secondary use: You can opt out of your confidential data being used for planning and research via the National Data Opt-out (this does not affect your direct care)
• Concerns or complaints: Please contact the Practice Manager or Data Protection Officer. You also have the right to contact the Information Commissioner’s Office (ICO)

Sharing and retention of information

• AI systems used by the practice integrate with our clinical systems using recognised standards (such as SNOMED CT).
• Only relevant and necessary information is added to your medical record.
• We retain records in line with NHS Records Management guidance.
• System logs and technical data are kept only as long as necessary for security, monitoring, and audit purposes.

We are committed to using AI responsibly, safely, and transparently to support your care.