At London Cartilage Clinic, we protect your privacy and take our responsibilities under data protection legislation seriously.
User Provided Information
Personal information provided to London Cartilage Clinic by you will only be used for the purposes stated when the information is requested, such as creating a self-referral. Information received by external referrers, such as your GP or another healthcare professional, related to you will be treated similarly.
The personal data we collect includes
- Personal details such as full name, date of birth, gender, marital status, ethnicity
- Address and contact details including e-mail address and phone numbers
- Emergency contact details and next of kin
- National Health Number
- Details of other healthcare professionals involved in your care
- Financial information as part of our billing system
- Details of your private medical insurance
We also collect details related to your medical care such as
Details about your current and past medical and mental health history including treatments by other clinicians
Medical records of past treatments and investigations
Imaging such as ultrasound, x-ray and MRI reports, images and videos
We also collect information directly from you through our Patient Reported Outcome Measures (PROMS) questionnaires.
Please be assured that personal information will not be sold to third parties, or provided to direct marketing companies or other such organisations without your express permission. Personal information collected and/or processed by London Cartilage Clinic is held in accordance with the provisions of the General Data Protection Regulation (GDPR) 2018.
How we store information collected
Information which you provide to us will be stored either on our secure servers or our Medical Management System, whose servers are hosted in London who complies with all EU privacy regulations including GDPR. Personal data is kept as long as necessary to comply with legal and regulatory requirements in line with the Information Governance Alliance Records Management Code of Practice for Health and Social Care 2016.
We work hard to protect London Cartilage Clinic, our systems and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems and data.
We restrict access to personal information to London Cartilage Clinic employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
We encrypt any sensitive data that needs to be provided outside of London Cartilage Clinic for both agents and patients.
Accessing and updating your personal information
The General Data Protection Regulation 2018 gives you the right to access information held about you. We aim to provide you with access to your personal information. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate – unless we have to keep that information for legitimate business or legal purposes.
To do so, please contact our Data Protection Officer using email: firstname.lastname@example.org
USE OF PeRSONAL DATA
Personal data will be used for the following
Arranging appointments, investigations, procedures and surgery
Ensuring that you are receiving the appropriate care
In response to queries, complaints and concerns
Quality assurance by evaluating your treatment and outcomes
Processing invoices and payment
Disclosure to another healthcare professional for further treatment e.g. physiotherapy or to the referring clinician
Please note: we may be legally obliged to disclose your personal information to third parties if we are under a duty to disclose or share such information as necessary in order to prevent and detect crime, protect public funds and make sure the personal information is accurate. These third parties include government departments, local authorities and some private sector organisations, but this will only be in the exceptional circumstances listed above.
Compliance and cooperation with regulatory authorities
MAKING A COMPLAINT
If you are unhappy with the way we have dealt with a request from you with regards to GDPR or if you think we have not complied with our legal obligations, you can make a complaint to the Information Commissioner’s Office (ICO). We would appreciate you informing the Data Protection Officer of the issue and allowing them to address the complaint before contacting the ICO. Making a complaint will not affect any other legal right. More information can be found on the ICO website: www.ico.org.uk
Contact Details for the ICO:
Information Commissioner’s Office
Telephone: 0303123113 or 01625457549