Privacy and Personal Data Policy
We have made these updates to reflect the high standards established by the General Data Protection Regulation (GDPR), a set of laws passed in the European Union, which explains how an organisation will handle personal data.
Privacy and your personal data
This policy applies to information collected by us, or provided by you, during your appointment, via email, our website, or in any other way including over the phone.
All your personal data will be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part, and any other legislation relating to the protection of personal data.
The information we record during your consultations & treatment appointments
When you visit the clinic, you will provide personal information including your name, address, date of birth, contact details and medical history.
During your consultation, medical notes are taken. Prescriptions may be required, and a letter sent to your doctor or another specialist with your consent. This will form part of your medical records.
Prior to your appointment you will be asked to read and sign a consent and payment form which forms part of your medical records. Subsequent to your appointment we will record treatment outcomes which forms part of your medical records.
The information we record via our website
When you visit our website (via a computer, mobile or hand-held device) you may provide us with personal information including your name, email address and phone number.
This information is gathered when you request an appointment or email the practice.
The information we record via our emails
When you correspond with us by email, we may retain the content of your email as it may form part of your medical records.
How we receive information from third parties
All blood and pathology results are sent to us via secure websites. These form part of your medical records.
How we use your information
Your personal details and medical records are for legitimate purposes and ensure we are able to :
• Provide the best possible care
• Diagnose medical concerns, provide treatment plans and write prescriptions
• Write letters to third parties
• Confirm your appointment by text, email or phone
• To answer your questions by email or phone
You have a responsibility to inform us if any of your details such as name, address, contact numbers change, so our records are accurate and up to date for you.
We use data for audit purposes.
How we maintain confidentiality of your records
We are committed to protect your privacy and will only use information lawfully in accordance with the new General Data Protection Regulations 2018.
Every member of staff has a legal obligation to keep information about you confidential.
We work with an IT Specialist to maintain and protect our data.
How we share your information
We will only share your data with a third party with your consent
We do not sell our database to third parties.
How long we hold your information
As a medical practice we are required to hold medical records for ten years.
You have the right to withdraw your consent at any time by contacting us via email or letter. We will no longer contact you although medical records must be retained for ten years.
You have the right to request a copy of your medical records and this request must be put in writing and signed by the patient. We are required to respond to you within 30 days.
You have the right to have information updated or corrected if you feel it is inaccurate, incomplete or out of date. This request must be put in writing and signed by the patient.
The revised policy will be displayed on our website. Where necessary, you may be asked to sign the consent form again.
Objections & Complaints
Our Data Protection Officer is Dr Jan Toledano who responsible for ensuring the practice keeps your information secure and confidential and can be contacted on 0203 905 7580 or via firstname.lastname@example.org
Further complaints complain can be directed to the Information Commissioners Office (ICO) at www.ico.gov.uk or telephone 0303 123 1113.
The practice has a Records Management Policy in place.