General Data Protection Regulation (GDPR)
The GDPR became law on 25/5/2018
We hold your data subject to the principles of GDPR 2018
Lawful – your data will only be used in lawful relation to the healthcare needs that you have asked us to become involved with. We hold your data in order to provide healthcare, to communicate with other providers including your GP, and also for billing purposes.
Fair – Your data will be used in a way that you might reasonably expect.
Transparent – We are open and honest, and comply with the transparency obligations of your right to be informed.
Purpose – Your data will be retained only where it is essential for your healthcare needs.
Data Minimisation – Only the minimum dataset required for your treatment will be retained. Data will also be retained for billing purposes.
Accuracy – We periodically review the data that we hold and delete any data that we don’t need.
Storage limitation - We will retain your data for the recommended minimum of 8 years following completion of treatment.
Integrity and Confidentiality – your data will be held on a password protected server. All communications will be via AES 256 bit or equivalent encrypted email services. We will notify you within one month in case of any data breech. All devices used to access your data will be password protected and equipped with a remote erasure facility.
Accountability – We remain accountable for the security and use of the data that we hold. You have the right to request an electronic copy of your data without charge. You may also request that any inaccuracies in your data are corrected or that we delete our records entirely relating to you (whilst allowing us to store your data is not a contractual obligation of your receiving treatment. It may not be possible to provide some or all aspects of your care without the retention of data.)
Data will only be held with your consent. Your data may be passed to debt collection agencies in certain circumstances, but you will always be pre-warned about this and given a chance to respond.
You have the following rights (amongst others) in relation to your data
The right to be informed about the collection of your data and to be asked for your consent. (Where we already hold data about you under the existing Data Protection Act, we will not request new consent, but do undertake to hold existing data to the standard expected under the new regulatory framework of the GDPR.)
The right of access to your data. Requests can be made verbally or in writing, and we will respond within one month. There is no charge in most circumstances.
The right to have inaccurate personal data rectified.
The right to have your records erased.
The right to restrict or to object to the way in which your records are processed.
The right of portability of data that you have provided to us, in order to move to another provider for example.
The right to complain to the ICO if you think that there is a problem with the way your data are being handled. (www.ico.org.uk)
We are registered with the Information Controller’s Office
Any enquiries about your data can be submitted to us via this website.
What data do we hold?
Demographics (name, age, gender, address, telephone and email addresses, marital status, spouse, next of kin, religion)
Referral letters from GP and other specialists.
Clinic letters and operation notes resulting from your treatment.
MDT minutes and clinical notes from referring hospitals.
Reports of investigations (scans, blood tests, pathology reports.)
Clinic letters and other reports from other specialists involved in your care.
We keep a register of GDPR related consent and also a log of communications to third parties which would allow us to track and correct and inaccurate data that had been transmitted.