We need to collect personal information about your health to provide you with the best possible treatment. When you supply your personal details to this clinic they are stored and processed for 4 reasons (sections in bold are the relevant terms used in the Data Protection Act 2018, which includes the General Data Protection Regulation – GDPR. ie the law)
When you request a consultation and / or treatment and we agree to provide care that constitutes a contract. You can of course refuse to provide information but if you do refuse we would not be able to provide treatment
We have a legitimate interest in collecting that information because without it we couldn’t do our job effectively and safely
We also think it is important that we can contact you to confirm your appointments with us, and to update you on matters related to your medical care. This again constitutes a legitimate interest, but in this case it is your legitimate interest
Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters, and practice information details, for example of bank holiday opening and staff changes. You can withdraw this consent at any time - just let us know by a convenient method
We have a legal obligation to retain your records for 8 years after your most recent appointment (or in the case of minors until age 25). After this period of time you can ask us to delete your records if you wish. Otherwise we will retain your records indefinitely so we can refer to details of previous episodes if you need to see us at some future date.
Your records are stored electronically (“in the cloud”), using a specialist medical records service. This provider has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly. We also hold paper records for patients who we have seen prior to starting to use computer case notes in 2016. These are stored in a locked office.
We will never share your data with anyone who does not need access without your written consent. Only the following people / agencies will have routine access to your data:
Your practitioner(s) in order that they can provide you with treatment
The medical records service who store and process our files
Our reception staff because they organise our practitioners’ diaries and coordinate appointments and reminders (but do not have access to your medical history or sensitive personal information)
Other administrative staff, such as bookkeeper. Again admin staff will not have access to your medical notes, just essential contact details
We also use Mailchimp to coordinate our messages, so your name and email address may be saved on their server
We may need to communicate with your GP, consultant or other medical agencies if for example we feel there is a need refer you for another opinion or we feel you would benefit from further medical tests and investigations. We will discuss this with you before we contact your GP or other agencies
From time to time we may have to employ consultants to perform tasks which might give them access to your personal data (but not medical notes). We will ensure they are fully aware that they must treat that information as confidential and will ensure they sign a non- disclosure agreement.
You have the right to see what personal data of yours we hold. You can ask to correct any factual errors. Provided the legal minimum period has elapsed, you can ask us to delete your records.
We want to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
If you feel that we have mishandled your personal data in some way you have the right to complain. Complaints should be sent to the Data Controller. The contact details are:
Pure Health Data Controller: Christine Beckett
Tel: 07535 350252
Pure Health, 21 Priestgate, Barton-upon-Humber, North Lincs, DN18 5ET
If you are not satisfied with our response you have the right to raise the matter with the Information Commissioner’s Office (ICO):
ICO Wycliffe House, Water Lane, Wilmslow, SK9 5AF