Southdowns Private Healthcare is responsible for all Personal Information held both electronically and in paper records.
Types of Information We Collect
We may collect information from you which can be used to identify you (“Personal Information and sensitive data”), such as
- Your name, address, your date of birth and contact details
- Medical insurance membership and authorisation codes
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments and telephone calls
- Referrals, communications regarding your care in other organisations
- Notes and reports about your health
- Details about your treatment and care
- Details about any medication you are taking
- Results of investigations such as laboratory tests, x-rays etc.
Information will be collected:
* When you register at the clinic.
* Throughout your treatment with us.
* When your personal information changes or are updated (for example change of address)
* If you submit an enquiry to us via email or phone and you have consented to having your details stored.
We may also get information from a third party whom books an appointment on your behalf, such as family members, insurance companies, GP’s and Consultants, (e.g. referrals, medical reports, updates after appointments or procedures/surgery, consultant/GP appointments).
In some instances, it may be necessary for us to contact third party providers to supplement the personal information you give us (e.g., validate your private medical insurance information with an insurance company, when processing invoices) to help us maintain the accuracy of your data and provide you with a better service.
What we do with your information
We hold personal details including medical information and we use this information to obtain details relevant to your treatment and for medical and internal record keeping; this information will only be kept as long as necessary to comply with UK law and professional bodies.
We do not sell your information to third parties. And only share your personal information with third parties (i.e. insurance companies, GP’s & Consultants) when required and with your consent/knowledge.
Southdowns Private healthcare does not engage in any direct marketing, profiling or use any automated decision-making tools.
The confidentiality of your personal information is of the utmost importance to us and we comply with confidentiality guidelines issued by professional bodies and:
- Data Protection Act 1998
- General Data Protection Regulation 2016
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
We may use your Personal Information, for the following purposes:
Your personal information is used to ensure you receive the best possible care from our doctors and team members. It enables the team to see previous treatments, medications and enables them to make informed decisions about future decisions about your care. It helps the doctors to see lists of previous treatments and any special considerations which need to be taken into account when care is provided.
We will not share any of your personal data with any third parties for any purposes except under the following limited circumstances.
Invoicing & Insurance Companies: When processing insurance claims, on your behalf your name, address, date of birth & insurance policy details will need to be provided to your insurance company to enable them to progress the claim, this may be communicated via telephone or email.
Appointment Reminders & Clinic News: We may use your information to send confirmation & reminder emails for your appointments and for any correspondence regarding your treatment.
We may contact you from time to time, regarding clinic news and information about our services.
We may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
Requests from third parties. (e.g. solicitors if there is a personal injury claim) we will only photocopy your medical records and provide electronic records on request providing we have written authorisation from you
We may contract with third parties to supply services on our behalf. These may include payment processing, delivery, and marketing. In some cases, those third parties may require access to some of your personal data and we will take steps to ensure that your personal data is handled safely, securely and in accordance with your rights, our obligations, and the third party’s obligations under the law.
How Long do we keep your data?
In accordance with and as permitted by applicable law and regulations, we will retain your information for as long as necessary to serve you, to maintain your account for as long as your account is needed to operate our business. We will retain and use your information as required by applicable regulation and information management policies to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, and complete any outstanding transactions and for the detection and prevention of fraud.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. GP records should be retained until 10 years after the patient’s death or after the patient has permanently left the country, unless they remain in the European Union. Electronic patient records must not be destroyed or deleted for the foreseeable future. For more information, see the records management code of practice: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016
Where we keep your data safe
have put in place procedural & electronic processes intended to safeguard and secure your information. All staff have a legal duty to respect the confidential information we hold, and access to this information is restricted to those who have a reasonable need to access it. We use a clinical notes software which requires transfer of your data out of the EEA.
This software is fully GDPR compliant and we retain a data processing agreement with them to confirm this. Please forward any data processing information requests to firstname.lastname@example.org
SECURITY OF YOUR INFORMATION.
Keeping your Information safe is important to us.
We provide reasonable and appropriate security measures in connection with securing personal information we collect, for example:
* Constantly work to update our security practices to implement accepted best methods to protect your Personal Information and review our security procedures carefully.
* Comply with applicable laws and security standards.
* Securely transmit your sensitive Personal Information.
* Train our staff and require them to safeguard your data.
* Transmit, store, protect, and access all cardholder information in compliance with the Payment Card Industry’s Data Security Standards.
YOUR INDIVIDUAL RIGHTS
Your Access Rights
Accessing Your Personal Information: You have the right to access the personal data which we hold on you free of charge and we will provide this information within one month of receipt of request. If the request for data is complex or numerous we reserve the right to extend this period by a further two months.
Updating Your Personal Information
In connection with your right to manage your personal information you provide to us, you may update, change or correct any of your information.
You have many rights relating to your personal data including:
- The right to access the personal data we hold about you.
- The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it.
- The right to request that we delete your data or stop processing it – in some instances such as where we no longer need it, we can delete your personal data.
- The right to stop direct marketing – You have the absolute right to stop our use of your personal data for direct marketing purposes. In this instance we must always comply with your request.
- The right to withdraw your consent – Whenever you have given us your consent to use your personal data, you have the right to change your mind and tell us.
- Please note there may be instances where we refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to.
How to Contact Us
If you have questions or comments about this Privacy Statement, please contact in writing to:
Southdowns Private healthcare, 97 Havant Road, Emsworth, Hampshire. PO10 7LF
Changes to our Privacy Statements
Current version updated 22.05.18
From time to time we may change or update our Privacy Statements. We reserve the right to make changes or updates at any time. Our up to date Privacy statement will be displayed on our website.