Why I need your Personal Data
In order to provide a health service to you, I will require your permission to record and process your contact
details, demographic details and health details. I need this information in order to provide your medical care as
well as being able to contact you regarding your treatment and your invoices.
What I do with your Data
Your demographic details are used for the purpose of communicating with you and for deciding the most
appropriate treatment for you.
Where and how I keep your Personal Data
All personal data held in a secure storage area. Electronic data is protected by the use of access control, data
encryption and a robust network security regime. Paper documents that include personal information are kept
securely locked away.
How long will I keep your Personal Data
I am required to keep medical records for the amount of time specified in the Department of Health (2006)
Records Management: NHS code of practice. With some exceptions, medical records for adults will be stored
for a minimum of eight years. Medical records for patients seen, while under the age of 17, will be kept until
they are 25 years old. Medical records of patients 17 years old will be kept until their 26th birthday.
Who I share your Personal Data with
- If necessary, I will share your information with:
- your GP
- other healthcare professionals and organisations such as laboratories involved in your care
- your medical insurance company and our debt collection agency if necessary
- I will not share any of your information without a lawful reason to do so unless I consider it to be in the best
interest of a child or vulnerable adult. In this instance when there are concerns re a child or vulnerable adult’s
safety and wellbeing personal data will be shared on a need to know basis. The process of sharing will always
be as secure as possible. Information is not shared with organisations outside the European Economic Area.
Your rights regarding your Personal Data
The General Data Protection Regulation allows you the following rights:
- The right to be informed about what personal data is kept.
- The right to access a copy of your personal information.
- The right to rectification of your personal data.
- The right to have your data erased. This right is not absolute and will only apply I am able to do so without breaking other laws that I am required to abide by.
- The right to restrict the processing of your data.
- The right to data portability.
- The right to object to the processing of your personal data.
- Rights related to automated decision making including profiling.
Reporting concerns regarding management of your Data
I am registered with the Information Commissioner’s Office (ICO) as a data controller.
You have a right to make a complaint to the ICO at any time.