Important information about our data management policies

Privacy Notice for Bath Pain Management

 

1. Introduction

 

This notice is designed to inform you of the type of information that we collect and hold about you in the course of providing you with private medical care.  It will also tell you what we do with the information we collect, how we will look after it and with whom we might share it.  It covers information we collect directly from you or which we may receive from other individuals or organisations.

This Privacy Notice also sets out your rights in respect of your personal information, and how to exercise them. You can, for instance, seek access to your medical information, object to particular ways your information may be used and you can request rectification of any information which is inaccurate or the deletion of information which is no longer required (subject to certain exceptions).

This Privacy Notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation as needed.  If you would like further information about any of the matters in this Privacy Notice or have any other questions about how we collect, store or use your personal information, please contact us using the details below.

 

If you would like this notice in another format, such as Braille, audiotape, large print or another language, please contact me, again, using the contact details on our website and correspondence.

 

2. Who we are and what we do

 

In this Privacy Notice the use of “we “us” or “ours” refers to your treating clinician [Dr Andrew Souter or Dr Michael Coupe] and will also include the actions of any Medical Secretary or other staff acting under our instruction including Dr Kate Souter and Mrs Delia Foster.

 

Under the terms of the EU General Data Protection Regulation (GDPR), we are known as a “Data Controllers” and “Data Processors”.  This means that we are legally responsible for ensuring that all personal information that we process about you is done in compliance with data protection laws.  All Data Controllers must notify the Information Commissioner’s Office of all personal information processing activities. Our registration numbers are:

  • Dr Andrew Souter   Z2826028

  • Dr Michael Coupe   ZA348201

  • Mrs Delia Foster      A8345425

  • Dr Kate Souter         Z1095125

 

Our entries can be found in the Data Protection Register on the Information Commissioner’s Office website.

 

3. How to contact us regarding date protection issues

 

If you have any queries or concerns about how we handle your personal information or about the content of this Privacy Notice, please contact via:

 

  • Telephone:  07592 268876

  • E-mail:  bathpainmanagement@gmail.com

  • Post:  Bath Pain Management BMI Bath Clinic Claverton Down Road BATH BA2 7BR

 

4. How we work

 

We will provide your treatment from Circle Bath, Peasedown St John and/or BMI Bath Clinic, Bath, consequently, there may be occasions when it is necessary for Circle Bath, Peasedown St John and/or BMI Bath Clinic, Bath to also process your personal data (for example, when admitting you to the hospital for treatment or when arranging nursing or additional care and treatment).Your information will only be processed as required by the Data Protection laws of the UK.Where this does become necessary, Circle Bath, Peasedown St John and/or BMI Bath Clinic, Bath will become a joint Data Controller in respect of your personal information and they will provide you with a copy of their own Privacy Notice at that point, which sets out how they will manage your personal information.

 

5. Personal Information we hold about you

 

When we refer to “personal data” in this policy, this refers to information that can or has the potential to identify you as an individual.  When we refer to ‘processing’ your personal information, this covers any use of your personal information, including but not limited to accessing, storing and disseminating information.  We may also use “special categories of personal information” about you, which could include information relating to your physical and mental health.

 

When you request treatment from either Dr Souter or Dr Coupe and become a patient, the personal information we may then need to hold about you may include the following:

 

  • Name

  • Contact details, such as postal address, email address and telephone numbers

  • Financial information, such as credit card details used to pay us

  • Occupation

  • NHS Number

  • Family details including next of kin

  • GP and referral details

  • Visual images, for example CCTV images as part of building security

  • Responses to surveys or questionnaires

  • Correspondence relating to a complaint or claim

  • Your specific information requirements

 

Special categories of information relating to your medical treatment must be handled even more sensitively than your personal information. The special categories of personal information we may hold and process about you may include the following:

 

  • Details of your current or former physical or mental health. This may include information about any healthcare you have received (both from either Dr Souter or Dr Coupe directly and other healthcare providers such as your GP or hospitals (private and/or NHS)) and details of medicines previously and currently taken.

  • Details of other services you have received from us

  • Details of your lifestyle and social circumstances

  • Details of your nationality, race and/or ethnicity

  • Details of your religion

  • Details of any genetic data or biometric data relating to you

  • Data concerning your sex life and/or sexual orientation.

 

6. How we collect your information

 

There are a number of ways in which we may collect your personal information.  It may be collected directly from you when:

 

  • You enter into a contract with either Dr Souter or Dr Coupe for the provision of healthcare services

  • You use those services

  • You correspond with Dr Souter, Dr Coupe, Dr Kate Souter, Mrs Delia Foster or Bath Pain Management by letter, email, telephone or social media

  • You complete enquiry forms on Bath Pain Management website.

 

In order to provide you with the best treatment possible, we may need to collect your medical records including information about any diagnosis, clinic and hospital visits and medicines administered.  This information may be provided by other individuals and organisations, including:

 

  • GPs

  • Hospitals, both NHS and private

  • Commissioners of healthcare services

  • Other Private providers of healthcare (including their medical secretaries).

 

Information about you may also be provided to Dr Souter and/or Dr Coupe from other sources as relevant to your treatment.  These third parties may include:

 

  • Your insurance policy provider

  • Your current or former employer

  • Your family

  • External medical experts

  • NHS health service bodies

  • Credit reference agencies

  • Debt collection agencies

  • Government agencies, including the Ministry of Defence, the Home Office and HMRC.

 

7. How we will protect your privacy

 

We are committed to protecting your privacy and will only process personal information in accordance with the EU General Data Protection Regulation, the Human Rights Act 1998 and the common law duty of confidentiality.

 

All information that we hold about you will be held securely and confidentially.  We use clear administrative and technical controls to do this.  Both Dr Souter and Dr Coupe and any staff working for Bath Pain Management have undertaken appropriate levels of Information Governance training to ensure that we have the correct skills and understanding to look after any information you provide to the highest standards of confidentiality and security.  Additionally, all staff at Circle Bath and BMI Bath Clinic and any contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.

 

We will only ever use the minimum amount of information necessary about you to provide you with treatment and healthcare.  Wherever possible, we will use information that does not directly identify you, however, where it is necessary for either Dr Souter or Dr Coupe to know or use personal information about you, this will only be done where there is an appropriate legal justification for doing so. 

 

Where our staff or the staff of Circle Bath and BMI Bath Clinic need to access your clinical record (for example, the Bath Pain Management secretary will need to see your record in the process of typing up correspondence or where medical queries are being followed up) they will only access the necessary information and will follow the strictest rules of confidentiality and data protection.    

 

Dr Souter and/or Dr Coupe will not divulge your record to any other patients or family members, except in the case of children under 12, where applicable, unless you give them permission to do so.  Some patients do prefer a family member or friend to act on their behalf. If you wish for someone else to act on your behalf please let us know and we will make arrangements with you for this to take place.  You can withdraw this consent at any time but you must let us know immediately if you no longer wish for us to discuss your health with the nominated person.

 

8. How we will communicate with you

 

Dr Souter and/or Dr Coupe need to communicate with you in order to provide you with healthcare services.  Dr Souter and/or Dr Coupe or our secretary and/or administrator, may contact you by telephone, SMS, email, and/or post.

 

In order to provide you with timely updates and reminders in relation to your healthcare, we may communicate with you by telephone, SMS and/or email (where you have provided us with your telephone number and/or email address).

 

To provide you with your medical information (including test results and other clinical updates) and/or invoicing information, we may communicate with you by email where you have provided your email address and where you have agreed to this form of communication for medical matters.

 

If you have stated a preference to be communicated with about your health care or treatment via a particular method, we will not be relying on your consent to process your data in this way.  As set out in Schedule 1 below, the processing of your personal data for these purposes is justified on the basis that it is necessary to fulfil our contract with you for the provision of healthcare services.

 

9. Surveys and Marketing

 

Currently we do not undertake surveys or marketing. However if in the future if this changes where you provide us with your mobile number or your email address we may use one or both of these to contact you regarding patient surveys for the purpose of improving our service and monitoring patient outcomes.  We will only contact you in this way if you have provided your consent for us to do so. You have a right to decide not to consent to such contact and it will not affect your care should you choose to do so.  You will be able to withhold consent from receiving such requests at any time without having to give a reason.

 

10. With whom we share your information

 

In certain situations, we may share data about relevant aspects of your healthcare record with other clinicians or with third parties such as Circle Bath or BMI Bath Clinic and/or your Medical Insurance Provider.

 

Specifically, we may disclose your information to the third parties listed below for the purposes described in Schedule 1 of this Privacy Notice. They may include:

 

  • A doctor, nurse  or any other healthcare professional involved in your treatment

  • Other members of Circle Bath and/or BMI Bath Clinic staff involved in the delivery of your care, such as receptionists and porters

  • Emergency contacts, for example your next of kin or carer

  • NHS organisations

  • Other private sector healthcare providers

  • Your GP

  • Another private provider of medical care or treatment to you (including their medical secretaries)

  • Third parties who assist in the administration of your healthcare, such as insurance companies

  • The Private Healthcare Information Network (See Schedule 1 for more details on this)

  • National and other professional research and audit programmes, as detailed in Schedule 1

  • Government bodies, including the Ministry of Defence, the Home Office and HMRC

  • Regulators of healthcare such as the Care Quality Commission

  • The police and other third parties where reasonably necessary for the prevention or detection of crime

  • Our insurers

  • Debt collection agencies

  • Credit referencing agencies

  • Any third party services providers such as IT suppliers

  • Selected third parties in connection with any sale, transfer or disposal of our business

  • Anyone else with whom you ask us to communicate.

 

We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax and telephone.

 

In order to help us run an efficient and cost effective business, we engage certain third party companies to help me manage certain business functions [e.g. accountants].  We do not share patient’s personal data with these third parties.

 

We will not otherwise share, sell or distribute any of your personal information to any third party without your consent, unless required by law. Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with the requirements of the EU General Data Protection Act.

 

You may wish us to share health information held about you with others for purposes other than your care. This could include with insurance companies, a medical report for a mortgage, life insurance, for immigration purposes, with a solicitor representing you in a personal injury claim.  In such cases this will only be done with your signed and explicit consent. We will only share the minimum agreed information.

 

11. International data transfers

 

We may store or process information that we collect about you in countries outside the European Economic Area ("EEA"). Under the EU General Data Protection Regulation (GDPR), companies transferring information outside of the EEA must ensure that such transfers are subject to appropriate safeguards to ensure an adequate level of data protection.  Where we make a transfer of your personal information to a country outside the EEA, we will take the required steps to ensure that your personal information is protected.

 

We may transfer your personal data outside of the EEA to the following specific types of third party:

 

  • Data storage/backup

 

Where we do use such organizations, we have undertaken a privacy impact assessment to ensure this process is safe and meets data protection requirements under the relevant laws.

 

If you would like further information regarding the steps we take to safeguard your personal information, please contact us as outlined in Section 3.

 

12. How long we will keep your personal information

 

We will only keep your personal information for as long as reasonably necessary to undertake your care and to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which your personal information will be stored, please contact us as outlined in Section 3.

 

13. For what purposes we will use your information

 

We may 'process' your information for a number of different purposes.  The law requires us to have a legal justification for processing your data. The particular justification will depend on the proposed use of your data.  When the information we process is classed as “special category of personal information”, we must have a specific additional legal justification in order to process your data.

 

We will rely on the following legal justifications for processing your personal data:

 

  • Taking steps at your request so that you can enter into a contract with Dr Souter and/or Dr Coupe to receive treatment and/or healthcare services.

  • For the purposes of providing you with healthcare pursuant to a contract between us.

  • We have an appropriate business need to process your personal information and such business need does not cause harm to you.   Under the law this is called a ‘legitimate interest’.

  • We have a legal or regulatory obligation to use such personal information.

  • We need to use your personal information to establish, exercise or defend our legal

rights.

  • You have provided your consent to our use of your personal information.

 

You will find details of the legal justifications for each of our processing activities in Schedule 1 of this Privacy Notice.

 

14. What rights you have under the law with regard to your personal information

 

Under data protection law you have certain rights in relation to the personal information that we hold about you. These include the right to know what information we hold about you and how it is used.  You may exercise these rights at any time by contacting us as outlined in Section 3. 

 

There will not usually be a charge for handling a request to exercise your rights.  If we cannot comply with your request to exercise your rights we will usually tell you why.   There are some special rules about how these rights apply to health information as set out in the relevant legislation.

 

If you make a large number of requests or it is clear that it is not reasonable for us to comply with a request then we do not have to respond or we can charge you for responding.

 

Your rights include:

 

  • The right to access your personal information

You are entitled to a copy of the personal information we hold about you and details about how we use it.  Please note that in some cases we may not be able to fully comply with your request, for example if your request involves the personal data of another person and it would not be fair to that person to provide it to you. 

 

  • The right to restriction of processing

In some circumstances, you can ask us to suspend the use of your personal data.  Sometimes we won’t be able to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.

 

  • The right to data portability

You can ask us to transfer your personal information to you or to another individual or organisation. The information must be transferred in an electronic format.

 

  • The right to object to processing

You can ask to us to stop processing your information where we are relying on legitimate interests as the legal ground for processing (when we refer to ‘legitimate interests’, this means that we have an appropriate business need to process your personal information and this business need does not cause harm to you).

 

  • The right not to be subject to automatic decisions

You have a right to not be subject decisions that are made about you by computer alone.  We do not carry out any automated decision-making in relation to your treatment.

 

  • The right to withdraw consent

In some cases we need your consent in order to use your personal information to

comply with data protection legislation.   Schedule 1 sets out instances where we will rely on your consent for the purpose of processing your personal information.  You have the right to withdraw your consent at any time. You can do this by contacting us as outlined in Section 3. 

 

  • The right to complain to the Information Commissioner's Office

You can complain to the Information Commissioner's Office if you are unhappy with the way that we have managed any of your rights above, or if you think we have not complied with our legal obligations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/.  Making a complaint will not affect any other legal rights or remedies that you have.

 

15. When this Privacy Notice will be updated

We may update this Privacy Notice from time to time to ensure that it remains accurate. If these changes result from any material difference to the manner in which we process your personal data then we will provide you with an updated copy of the Policy. This Privacy Notice was last updated on 25 May 2018.

 

16. How you may make a complaint or enquiry

 

We aim to meet the highest standards when collecting and using personal information.  For this reason, we take any complaints we receive very seriously.  We encourage you to bring concerns to our attention if you think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.  You can contact us regarding any complaints or questions as outlined in Section 3.