In the process of providing your treatment and oral care, I will only be asking for the relevant information about you and your medical history, relating to your medical treatment. I must only use that personal data in accordance with all applicable laws and guidance. This privacy notice deals with the necessary personal information that I hold, why I need to hold it, what I do with it and when it can be appropriately removed from my records. I may also be using your personal data in the context of carrying out an assessment of your condition as part of a medico-legal claim against another healthcare provider or independent third party.
Information that I may collect
- I may collect the following information from you:
- Personal details such as your name, date of birth, National Insurance number, NHS number, telephone details (including mobile numbers) and email address/es
- Clinical records taken during consultations / ward rounds etc
- Medical history / dental history
- Images taken in relation to your treatment (Xrays, CT/MRI scans)
- Treatment plans and appropriate written Consent
- Dates of appointments
- Details of any complaints you may have made / are intending to make, and the outcome of these complaints
- Correspondence with other Healthcare Professionals involved in your care/treatment
- Financial data in relation to billing, for example credit card details, insurance policy information, the amounts you have paid, and other payment details relating to treatment that I alone have provided
- Emergency Contact Details, including next of kin
I am responsible for keeping secure the information about you that I hold. I will ensure that my clinical practice complies with data protection requirements, to the extent that I will collect, use, store and dispose of your personal information responsibly. I will ensure that my practice strictly adheres to the Caldicott principles of data collection and dissemination:
- Justify the purpose(s)
Every single proposed use or transfer of patient identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed, by an appropriate guardian.
- Don't use patient identifiable information unless it is necessary
Patient identifiable information items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).
- Use the minimum necessary patient-identifiable information
Where use of patient identifiable information is considered to be essential, the inclusion of each individual item of information should be considered and justified so that the minimum amount of identifiable information is transferred or accessible as is necessary for a given function to be carried out.
- Access to patient identifiable information should be on a strict need-to-know basis
Only those individuals who need access to patient identifiable information should have access to it, and they should only have access to the information items that they need to see. This may mean introducing access controls or splitting information flows where one information flow is used for several purposes.
- Everyone with access to patient identifiable information should be aware of their responsibilities
Action should be taken to ensure that those handling patient identifiable information - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality.
- Understand and comply with the law
Every use of patient identifiable information must be lawful. Someone in each organisation handling patient information should be responsible for ensuring that the organisation complies with legal requirements.
- The duty to share information can be as important as the duty to protect patient confidentiality
Professionals should in the patient's interest share information within this framework. Official policies should support them doing so.
How do I collect your information?
I may collect personal information from a number of different sources including, but not limited to:
- Other Hospitals, both NHS and private healthcare providers
- Mental Health Providers
- Commissioners of Healthcare services
- Other clinicians – Consultant Surgeons/Physicians/Radiologists
How will I communicate with you?
I will check with you at the initial consultation, which method of communication you prefer to be contacted by. I may communicate with you by telephone/mobile, SMS, encrypted email and /or post if that is your preference.
How will I use your information?
At your request, so that we can enter into a contractual agreement, I will provide you with the necessary care and treatment that you need, provided I receive uptodate and accurate information about you and your medical problem.
Note that failure to provide your information further to a contractual requirement with me, may mean that I will be unable to fulfill the doctor-patient relationship and hence be unable to facilitate the provision of your healthcare accordingly.
I may also use your information for medical research purposes or audit. By carrying out audits, I can identify improvements in my own clinical practice, which can be beneficial to future treatments. You are perfectly entitled to object to my using your personal data in this regard, and I would need to refrain from doing such audit/research.
On occasion, patients may raise queries or even complaints, with me and third part independent providers and I take those communications very seriously. I will endeavour to resolve said complaints fully, in the shortest time possible, and in the most appropriate way, but this will require the use of your personal data in order to rectify such a complaint.
I will keep your medical records for 10 years after the date of your last visit and they will be destroyed / permanently deleted from any computer system that I use in order to keep your records safe.
Access to your health records and information that I keep and other rights
It is your legal right to be able to access the information that I hold about you and it is also your right to receive any copies of this information. You should submit your request to the relevant Hospital where you were treated, in writing or by email. You will not be charged for copies of your information.
You can also request me to:
correct any information that you believe is inaccurate or incorrect. If I have disclosed that information to a third party, then I will be legally obliged to let them know about such changes
stop using your information, if you are unhappy with your treatment at any time
Erase information that I hold about you
If you have reservations about any of the above information:
If you are concerned about how your data / personal information is being collated, stored, used, or disseminated, you should discuss the matter with me through the Hospital where you were initially seen. If you do not feel comfortable with discussing any issues you have directly with me, then you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilslow, Cheshire SK9 5AF (0303 123 1113 or 01625 524510)