We take the security of personal data and other confidential information very seriously and are committed to complying with applicable data protection legislation and medical confidentiality guidelines.
Personal data is any information that can be used, either by itself or together with other information, to identify an individual. We treat all information we hold about you as confidential information, whether it falls within the definition of personal data, or otherwise.
By submitting personal data to us and/or by using our website you give your consent that all personal data that you submit may be processed by us in the manner and for the purposes described below.
Who do we collect personal data from?
We collect personal data from the following categories of people:
- Patients and customers, and prospective patients and customers
- Referring professionals and other third parties involved in the provision of care, e.g. GPs, family members, psychologists, psychotherapists, paediatricians, solicitors, school, insurers, fee payers etc.
- Prospective referring professionals, e.g. doctors, psychologists, psychotherapists, speech and language therapists, solicitors and other professionals who may make enquiries about our services
- Any other professionals who may be involved in your care e.g. administrative staff.
What personal data do we collect?
As set out in further detail below, we process two categories of personal data about you (where this applies):
1. Standard personal data (for example, information we use to contact you, identify you or manage our relationship with you)
2. Special categories of data (for example, health information, information about your race, ethnic origin and religion that allows us to tailor your care)
When using our services, or considering using our services, we may ask for your contact details and other basic personal data including name, address, email, telephone number, date of birth, as well as medical records and other clinical, legal, financial and social information. This may be collected directly from you or passed to us by third parties who you have authorised to share this information with us, such as your GP, school, therapist, solicitor, or a family member.
Examples of clinical, legal, financial and social information we may request from you or third parties on your behalf include:
Official medical records from GPs or other professionals
Results of any investigations e.g. blood tests, scans etc.
Social services records
Family background, history, housing situation, details about your family life, social life, religious beliefs, sexual orientation, race and nationality etc.
When requesting further information through emailing us or calling us you may be asked to provide your name, email address, mailing address, phone number, relationship to the patient or prospective patient, or other details to enable us to respond to you, as well as basic information regarding your enquiry.
When dealing with prospective referring professionals, as well as basic contact details, we may request your job title and area of specialism.
What legal ground(s) do we rely on?
We have to identify which legal grounds we are relying on when we process personal data. Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.
We do not process any special category data without your explicit consent unless we have a legal obligation to do so or there is a vital interest in us doing so because someone’s life is at risk.
We follow General Medical Council’s guidelines on confidentiality and sharing information.
Please read the following documents for the details.
There are exceptions to this confidentiality, where disclosure is mandatory when anyone is at risk.
Legal compliance – if the law requires us to, we may need to collect and process your personal information. For example, we can pass on details of people involved in criminal activity to law enforcement.
Legitimate interest – in specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests, including managing all aspects of our relationship with you, to help us improve our services, and in order to exercise our rights or handle claims.
How do we use your information?
We may use the information we collect in the following ways:
- To provide highly bespoke clinical and medico-legal services to our customers and patients, and support to families and carers.
- In order to deliver our services to the highest quality, we take a holistic approach and meet our patients and customer needs in a tailored and specific way, and this requires us to have sufficient background information about our patients and customers.
- To allow us to provide the specific services to you that we have been requested to provide.
- To request feedback about our services to enable us to improve and to better provide services to our patients and customers.
- To respond to customer/patient feedback or enquiries.
We do not send any marketing or promotional communications to customers or patients.
We never sell the data we hold to any third parties or use the data to help third parties market to you in any way.
How do we store and protect your information?
The medical records are stored electronically and encrypted in transit and at rest. Any paper records including consent forms, letters, outside medical records, will be scanned and disposed off appropriately.
Who do we share your personal data with?
As part of the services we provide, we may be required to share certain personal data with third parties, for example:
- Patients’/customers’ data may be shared with GPs as part of the prospective or on-going provision of medical care.
- Patients’/customers’ data may be shared with solicitors are part of legal proceedings regarding your health or medico-legal care.
- Patients’/customers’ data may be shared with external healthcare providers, e.g. for the purpose of carrying out blood tests.
- We may also release information when its release is appropriate to comply with the law, enforce our policies, or protect ours or others’ rights, property or safety.
How long do we keep your personal data for?
We are committed to our legal obligation to retain your personal data for only as long as is reasonably necessary. In some instances, we are required by law to retain certain personal data for a minimum period of time. We comply with the Information Governance Alliance recommendations.
Information Governance Alliance recommends to hold mental health records for a period of up to 20 years following the end of assessment and/or treatment. After this date, all data will be securely deleted unless requested otherwise.
With regards to prospective patients and customers, we may retain your contact details for up to two years as this is generally the maximum period during which an enquiry from a prospective patient/customer converts into an actual patient/customer.
How can you access and update your information?
The accuracy of your information is important to us. If you wish to review and/or correct the information that we hold about you at any time, please email us: firstname.lastname@example.org
You are entitled to review your medical record at any time, unless I feel that by viewing your records, your emotional or physical well-being will be jeopardized. If you wish to view your records, I recommend that we review them together to minimize any confusion or misinterpretation of medical terms.
last updated on 21.03.2021