Harley Street Dermatology Clinic – Privacy Notice
In line with the new data privacy law, which took effect on 25 May 2018, we continue to safeguard your information and meet the new requirements. The new law is based on the EU General Data Protection Regulation (GDPR) and it gives you more rights and control over how companies use your personal details.
We take our data protection responsibilities very seriously so you will know:
- what details we're collecting
- why we're collecting them
- how we'll use them
- who we will share them with
- when we'll delete them
We have developed this Privacy Notice to make sure you can easily see when, how, and why we use your personal information.
We are committed to protecting your privacy when dealing with your personal information. This privacy notice provides details about the information we collect about you, how we use it and how we protect it. It also provides information about your rights.
Harley Street Dermatology Clinic (HSDC) is registered with the Information Commissioner’s Office, registration number ZA298605.
In this privacy notice, ‘we’, 'us’ and ‘our’ mean HSDC.
HSDC is the Data Controller of the data it holds about its patients and staff. HSDC, Ten Harley Street, Time Etc, are Data Processors and are responsible to ensure our data is collected and stored in compliance with GDPR.
This privacy notice applies to anyone who interacts with us about our services (‘you’, ‘your’), in any way (for example, by email, through our website, by phone and through a consultation with HSDC, including completion of a patient information form in advance of the consultation).
This privacy notice applies to you if you ask us about or use our services. It describes how we handle your information, regardless of the way you contact us.
HSDC needs to keep a record of the care you receive to ensure that:
- Professionals involved in your care have accurate and up-to-date information.
- We have all the information necessary for assessing your needs and providing excellent care.
- Your concerns can be properly investigated if you raise a complaint.
- Accurate information about you is available if you need a different healthcare professional.
We have a duty to:
- Maintain full and accurate records of the care we provide to you.
- Ensure that your records are confidential, secure and accurate.
- Provide a copy at your request that is an accessible format. Your record may include some or all of the following:
- Your name, address and date of birth;
- Contact we have had with you, such as appointments;
- Notes and reports on your health
- Details of treatment and care, images and test results (if relevant to your case)
- Information on medicines, side effects and allergies (if relevant to your case)
- Relevant information from people who care for you, such as health professionals (if relevant)
How you can help us to keep your health record accurate:
- Let us know when you change address, telephone number or name.
- Tell us if any information in your record is incorrect.
- Give your consent so that we can share information about you with other health professionals to make sure you receive the right health care (such consent may be given directly to the doctor or other HSDC staff during the consultation whether verbally or in writing).
- Tell us if you change your mind about how we share the information in your record.
- Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). However, although our own systems are secure, it may be possible to intercept your email when it is being sent over the internet. Be aware also that if you share your computer, others may read your emails.
- You can use email as a method to contact staff in relation to a query or to ask about an appointment.
- Do not give more personal information than we need to process your request.
- Do not ask us to send you medical details that you would not want seen by other people.
- If you have an urgent question or feel unwell after going home after treatment contact an emergency service e.g. 111 NHS emergency service or 999 for life threatening conditions by telephone, do NOT email.
How your records are kept
Our guiding principle is that we hold your records in strict confidence.
HSDC abides by the law and observes good practice in maintaining confidentiality.
HSDC is also registered with the Care Quality Commission (CQC). This means that we are subject to ongoing inspection and regulation by the CQC. This includes checks by the CQC that we are observing all necessary and statutory guidelines for use of your data.
Information about you and the services you receive may be held in numerous formats and will be kept for the specific retention periods outlined by the relevant professional bodies.
How we collect personal information
We collect personal information from you and from third parties (where you have instructed us to contact such third party, notably your GP, other health care provider or insurance provider).
Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.
We collect personal information from you:
- through your contact with us, including by phone, by email, and through a face to face or skype clinical and/or cosmetic consultation with HSDC, including completion of a patient information and other form in advance of or as part of the consultation.
We also collect information from other people and organisations. For all our patients, we may collect information from:
- a family member, or someone else acting on your behalf;
- doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers, with your consent;
- any service providers who work with us in relation to your appointment and consultation, including for diagnostic services and providing treatments, referred health care providers, pharmacies and administrators to book appointments with HSDC.
- those paying for services we provide to you, including insurers.
Categories of personal information
We process two categories of personal information about you and (where this applies) your dependants:
- standard personal information (for example, information we use to contact you, identify you or manage our relationship with you); and
- special categories of information (for example, health information, information about your race, ethnic origin and religion that allows us to tailor your care).
Standard personal information includes:
- contact information, such as your name, address, email address and phone numbers;
- the country you live in, your age, your date of birth;
- financial details, such as details about your payments
Special category information includes:
- information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you, and referrals from your existing insurance provider, quotes and records of medical services you have received); and
- information about your race, ethnic origin and religion (we may get this information from your medical preferences to allow us to provide care that is tailored to your needs).
What we use your personal information for
We process your personal information for the purposes set out in this privacy notice.
We use your records to:
- Ensure that any treatment or advisory services we provide to you are based on accurate information.
- Send a letter about your care to your GP or other health professional at the end of your treatment, unless you tell us not to do so.
- Work effectively with other services providing you with treatment or advice.
- Monitor the quality of our care and help us to understand the outcomes of care.
- Investigate any concerns or complaints you or your family have about your health care.
- Provide information that is needed for financial transactions in relation to payment for treatment, such as billing. For private patients this may include details shared with your insurance company. If you have any concerns about this, please contact your insurance provider.
We have also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing). We normally process standard personal information if this is necessary to provide the clinical and/or cosmetic services to you, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies.
We process special category information about you because:
- it is necessary for the purposes of diagnosis and/or treatment - medical diagnosis, to provide health care or treatment, to ensure effective cosmetic treatment; and/or
- we have your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on having your permission.
We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you and to help us improve our services and products.
Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
- to manage our relationship with you;
- to provide healthcare/clinic and/or cosmetic services to you;
- to keep our records up to date;
- to show you information that is of interest to you, based on our understanding of your preferences;
- to monitor how well we are meeting our clinical and non-clinical performance expectations.
Sharing your information
We share your information with people acting on your behalf (doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers, with your consent) and with others who help us provide services to you (for example, health-care providers and medical-assistance providers, any service providers who work with us in relation to your appointment and consultation, including for diagnostic services and supplying treatments, referred health care providers, pharmacies and administrators to book appointments with HSDC, and suppliers who help deliver products on our behalf). In addition, those paying for the products or services we provide to you, including insurers. Further, organisations that carry out patient surveys on our behalf.
If we share your personal information, we will make sure appropriate protection is in place to protect your personal information in line with data-protection laws.
To make sure you receive all the care and treatment you need, we may need to share the information in your health record with other staff and organisations. This could include:
- Other healthcare professionals, such as doctors, pharmacists, and pathology and radiology staff involved in the analysis and reporting of diagnostic tests;
- Other hospitals and private sector organisations involved in your care;
- Local authority departments;
- Voluntary organisations providing on-going support;
- Administrative support staff.
Please note that anyone who receives information from us also has a legal duty to keep it confidential.
We may also share information that identifies you where:
- You ask us to do so;
- We ask for specific permission and you agree to this;
- We are required to do this by law.
Sometimes we have a legal duty to provide information about people; examples are reporting some infectious diseases, and when a court order instructs us to do so. Records may also be shared without the patient's consent in exceptional situations, such as to safeguard adults or children.
The Care Quality Commission is the independent regulator of health care and they also protect the interests of people whose rights are restricted under the Mental Health Act. They may routinely inspect our premises to quality check information we hold and the services we provide in line with the Health & Social Care Acts. This is designed to ensure that patients using services are protected and receive the care, treatment and support they need. These inspectors have the authority to access personal information without the permission of patients.
How long we keep your personal information
We keep your personal information in line with periods calculated using the following criteria.
- How long you have been a patient with us, the types of services you have received.
- How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
- Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, and to withdraw permission you have given us to use your information.
You have the following rights (certain exceptions apply).
- Right of access: the right to make a written request for details of your personal information and a copy of that personal information
- Right to rectification: the right to have inaccurate information about you corrected or removed
- Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased
- Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
- Right to object: the right to object to processing of your personal information
- Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
- Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. We will let you know if we will no longer be able to provide you the clinical and/or cosmetic service as a result of this withdrawal of consent.
Please note: your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
We reserve the right to update or change our Privacy Notice at any time and you should check this Privacy Notice periodically. Your continued use of the Service after we post any modifications to the Privacy Notice on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Notice.
If you have any further questions or complaints about this Privacy Notice, or if anything is not clear, please let us know.