Information for patients
Information we may collect
We will collect:
Name, date of birth, address and contact details
Financial information (eg payment details used to make payment to us
Special category data – such as ethnicity, information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, healthcare received, sexual life, sexual orientation, biometric or genetic data.
Any data provided regarding another individual will only be done with that individuals permission.
How we collect information
Mainly this will be provided to us directly by you - when you register with us for care and attend appointments or remote consultations, complete any forms on our website, ask questions via social media, correspond by phone (including voicemail and call recording), email or letter, or take part in any marketing by us. Any documents you provide us with may be uploaded to your record with your permission (egimaging reports, consultant letters to your other care providers)
Information may come from a family member or caregiver.
At times we also receive medical information from your GP, consultant, other healthcare professionals or their administrators, either by referral or upon our request with your permission.
We may receive information directly from insurance providers, legal teams, NHS organisations.
How we communicate
Most communication will be via email, SMS, telephone (including voicemail) or letter.
At times we may respond to social media posts
We may ask you to participate in audits or surveys (often by email or sms)
Processing your data
We process your data when we have an agreement about undertaking your care.
We may need to liaise with other healthcare providers involved, or to be involved in your care. We may need to use personal data on occasions where queries or complaints arise
We will be clear about why we are asking for you data if not for any of the above purposes
Sharing your data
We may share your personal data with third parties such as:
any other healthcare professional involved in your care
support staff involved in your care, eg administrators
anyone that you ask us to communicate with eg. your next of kin or carer
Other private sector healthcare providers
third party administrators eg insurance companies
third parties acting for you eg solicitors
regulators such as Care Quality Commission
the police and other third parties for the prevention or detection of crime
debt collection agencies
third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers
selected third parties in connection with any sale, transfer or disposal our business. If you are a patient of a business that has been taken over by us, we will receive your personal information as part of the process. Where this happens, you will be informed of this prior to the transfer of data.
If we sell part of our business we will need to share your data with the new owner. The transfer of data (this could include your personal data along with health data medical notes) will be managed in secure manner, and minimise the disruption to current or previous patients,and to ensure that we and the new owner are able to fully comply with our legal obligations regarding the retention medical records and to ensure continuity of care.
If we share your personal data, we will make sure appropriate protection is in place to protect it in line with data protection laws.
How we protect your data
We look after your data using both technical and organisational measures to protect against unauthorised access, use or loss of your data. We do this by complying with the Data Protection Act 2018 and guidelines set out by our professional bodies. Access is strictly limited to those who have need to access it, and those accessing your data are bound by a duty of confidentiality.
As per our professional guidelines we hold your data for 8 years after your care with us is completed. If you are under 18 at the time of your care, we will hold your data for 8 years from your 18th birthday.
Any transfer of personal data will extend to what is necessary.
Your rights regarding your data
You have the right to know what personal data we hold about you and how it is used. We will use and hold your personal data in accordance with our obligations and these rights.
You may ask to exercise these rights at any time by contacting our management team You will not usually be charged for exercising your rights.
If we cannot meet your request, we will explain why.
If you make a large number of requests or it is not reasonable for us to meet a request then we do not have to respond. Alternatively, we can charge for responding.
The right to access your personal data
You have the right to request details and a copy of the personal data we hold about you and details about how we use it. We must confirm whether we have personal data about you, and we also need to provide you with a copy of your personal data.
We will usually provide you with your personal data in writing, unless you request otherwise. If you have made the request electronically (eg by email) the personal data will be provided to you electronically where possible.
In some cases we may not be able to fully comply with your request, for example if your request involves another person’s personal data and it would not be fair to that person to provide it to you.
The right to rectification
You have the right to have inaccurate personal data about you corrected or removed.
The right to erasure (“right to be forgotten”)
You have the right to request that we delete certain personal data we hold about you. However, there are exceptions to this right. For example, we can refuse to delete your personal data if we need to keep for tasks which are in the public interest, or for establishing, exercising or defending legal claims.
The right to restrict processing
You have the right to ask us to restrict our use your personal data. We do not have to comply with all requests to restrict our use of your personal data. For example, if we need to use it for tasks which are in the public interest or for establishing, exercising or defending legal claims.
The right to data portability
You have the right to ask us to transfer your personal data to you or to someone else in a format that can be read by computer.
The right to object to marketing
You have the right to ask us to stop sending you marketing messages at any time and we must comply with your request.
The right not to be subject to automatic decisions
You have the right to not be subject to automated decisions (i.e. decisions that are made about you by computer without any human input) in relation to your care or other processes that have a legal or similarly significant effect on you.
If you have been subject to an automated decision and do not agree with the outcome, you can challenge the decision by contacting our management team.
The right to withdraw consent
You have the right to withdraw any consent you have given us to use your personal data.
The right to object to other uses of your personal data
You have the right to object to us using your personal data in a particular way (such as sharing it with third parties), and we must stop using it in that way unless specific exceptions apply. This includes, for example, if it is necessary to defend a legal claim brought against us, or it is otherwise necessary for the purposes of your ongoing healthcare services.
The Information Commissioner's Office (“ICO”)
You can complain to the ICO if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.
More information can be found on the ICO website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.