Important information for patients
We are required by law to comply with GDPR (General Data Protection Regulations). As a consultant who is entrusted with your care I am responsible for ensuring that our systems are compliant with GDPR whilst fulfilling the General Medical Council’s and British Medical Association’s ethical and professional rules on confidentiality.
This privacy notice sets out details of the information that I, as a clinician responsible for your medical treatment (and my medical secretaries) may collect from you and how that information is used.
This privacy notice explains in detail:
- What personal data we collect about you
- Why we collect that personal data
- Who we share your personal data with
- How and why we might contact you and how you can change that
- How long we retain your personal data
- How we keep your personal data secure
- What rights you have in relation to your personal data
If you have any queries, comments or concerns about this privacy notice or the manner in which I have used or potentially will use your personal information then you should contact me directly and I would be very happy to discuss this further. Click here for full contact details
More information can be found on the Information Commissioner’s website https://ico.org.uk
This privacy notice will be updated from time to time to ensure that it remains accurate and up to date.
What personal data we collect about you
When we talk about “personal data” in this notice, we mean any information which could be used to identify you, either directly or indirectly when combined with any other information we may hold about you.
The personal data we hold about you will mainly relate to your medical treatment but is also likely to include other information such as financial data in relation to billing.
The personal data I hold about you may include:
- Contact details including postal address, telephone contact numbers, email address
- Financial information, such as insurance policy details
- Details of next of kin
- NHS number
- General Practitioner (GP) details
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us or receive any communication from us and please inform us directly of any changes as soon as possible.
As one of my patients I will also hold information relating to your medical treatment which is known as “special category of personal data” meaning it must be handled even more sensitively. This may include the following:
- Details of your current or former physical or mental health including information about healthcare you have received from other healthcare professionals or providers
- Details of services you have received from me
- Nationality, race and/or ethnicity
- Details of any genetic data or biometric data relating to you
- Data concerning your sex life and/or sexual orientation
- Notes and reports about your health, treatment and care
- Results of x-rays, scans and laboratory tests
- Relevant information from people who care for you and know you well such as health professionals and relatives
We may collect personal information and/or medical records from a number of different sources including but not limited to:
- Other hospitals, both NHS and private
- Mental health providers
- Commissioners of healthcare services
- Other clinicians including their secretaries
- Directly from you
- From relatives
Why we collect that personal data
Your data is confidential. We do not use your data for marketing, research or any purpose other than the provision of your medical care and associated services. We collect data:
- To set you up as my patient
- To provide you with healthcare and related services
- To ensure the doctors, nurses and other healthcare professionals involved in your care have accurate and up to date information
- To ensure appropriate information is available if you see another doctor, or are referred to a specialist or another part of the healthcare system to ensure you receive continuity of care
- To ensure your concerns can be properly investigated if a complaint or any concerns are raised
- To investigate patient queries, complaints and legal claims
- To ensure payment is received for the care you receive
- We may also need to use your information for the purposes of establishing, exercising or defending our legal rights
The legal justification I have for processing your data is “For the provision of healthcare and other related services”
Who we share your personal data with
Everyone working within healthcare has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
We will share information with the following main partner organisations:
- Hospitals and other medical professionals that are involved in your care
- Private insurers that are involved in your care
- Your NHS General Practitioner (GP) and where applicable a private GP service provider
- Administrative staff who support the hospital(s) or other medical professionals involved in your care
- Debt collection agencies (we only use debt collection agencies where we have exhausted every other method of securing payment for our services. We do not share special category personal information with debt collection agencies)
We will not share your personal information with anyone other than as detailed in this privacy notice without your explicit signed consent, this includes partners, other family members (including parents where the young adult is aged sixteen or over).
How and why we might contact you
We may communicate with you in a number of ways including by telephone, email and/or post.
If we contact you by telephone and you are not available we may leave a voicemail message including only sufficient details to enable you to identify who the call is from and how to call us back.
We may communicate with you by unencrypted email with updates and reminders in relation to your healthcare (including basic administrative information and appointment information) where you have provided us with an email address.
I will provide you with your medical information (including copies of clinical letters, test results and clinical updates) by post. I may also communicate your medical information by encrypted email where you have provided us with your email address and have expressed a preference for your medical information to be communicated to you in this manner.
You can update your communications preferences at any time by contacting us directly.
How long we retain your personal data
I will only keep your personal information for as long as is reasonably necessary to fulfil the relevant purposes set out in this privacy notice and in order to comply with my legal and regulatory obligations.
I follow NHS guidelines for the minimum amount of time I retain your medical records. The current NHS minimum retention guidelines for medical records are as follows:
- Adult health records not covered in any other section – 8 years from date of discharge or patient last seen
- Children’s health records – until 25th birthday or until 26th birthday if patient was seventeen when last seen or discharged
- Obstetric records, maternity records, antenatal and postnatal records – 25 years from date of discharge or patient last seen
- Long term illness or an illness that may reoccur – 30 years from date of discharge or patient last seen or 8 years after the patient has died
How we keep your personal data secure
We keep your personal data in paper form and in digital form.
Your paper notes are kept in locked cabinets in a locked office at the Nuffield Health Guildford Hospital and are only accessible by the appropriate staff. The paper notes of patients who have not been seen for a period of approximately four years are stored offsite in a fully compliant facility.
Computers and laptops are password protected and data stored on them is encrypted. Laptops are secured in a locked cabinet when not in use.
DGL Clanwilliam Health, a specialist private medical practice management system used by most UK based private medical practices, is fully GDPR compliant.
The computer based systems of the hospital(s) where you have your treatment are also fully compliant with GDPR.
What rights you have in relation to your Personal data
Under the data protection law you have certain rights in relation to the personal information I hold about you.
You may exercise these rights at any time by contacting me. There will not usually be a charge for exercising your rights. If I am unable to comply with your request we will tell you why.
Your rights include:
- The right to access your information – You are entitled to a copy of the personal information I hold about you and details about how I use it. This information will usually be provided in writing unless otherwise requested.
- Rectification – I take reasonable steps to ensure that the information I hold about you is accurate and complete. However if you do not believe this is the case you can ask me to update or amend it.
- Erasure – In some circumstances you have the right to request that I delete the personal information I hold about you. However, there are exceptions to this right and in certain circumstances I can refuse to delete the information in question.
- Restriction of Processing – In some circumstance you can request that I must “pause” our use of personal data if you ask me to do so although I do not have to comply with requests to restrict my use of your personal information if it is necessary to meet legal requirements.
You can complain to the information Commissioners office if you are unhappy with the way I have dealt with a request from you to exercise any of these rights or you think I have not complied with our legal obligations. More information about making a complaint can be found on the Information Commissioner’s website https://ico.org.uk
If you would like a PDF or paper copy of this document please make contact.