Patient Privacy and Fair Processing Notice
Basingstoke Wellness - Information Governance
Basingstoke Wellness Ltd
The Information Commissioners Office
Data Protection Officer
General Data Protection Regulation
Everyone is affected by confidentiality: Every day, the service collects, stores, and uses large amounts of personal data, such as medical or personal records, which may be on paper or on a computer.
We take your personal information and confidentiality seriously, and we are committed to taking appropriate measures to ensure it is held securely and only accessed by those with a need to know.
The managing director is in charge of managing our Information Governance and GDPR compliance obligations on a daily basis.
IF YOU HAVE A QUESTION, HOW CAN YOU CONTACT US?
Clinic Data Protection Officer
2 Cross Street Basingstoke
HOW DO I SUBMIT A COMPLAINT?
We take pride in the care we provide, so you can be confident that if you need to make a complaint or raise an issue about the quality of services you have received, a manager will be in touch with you as soon as possible to see how we can assist.
2 Cross Street
HOW DO WE COLLECT DATA FROM YOU?
We collect information in several ways:
Emails, web chat, and client conversations
Consultations Forms (digital and on paper) (digital and on paper)
WHY DO WE COLLECT DATA ABOUT YOU?
Client records, which can be kept on paper or on a computer, help to ensure that you receive the best possible care.
They may include: your name, address, date of birth, next of kin, GP practice, ethnicity, and contact information;
We have had contact with you, such as appointments or clinic visits;
Notes and reports on your medical condition, treatment, and care;
Relevant information from people who care about you and are familiar with you, such as health or social care professionals, relatives, or carers;
WHAT IS THE LEGAL FOUNDATION FOR PROCESSING PERSONAL AND HEALTHCARE DATA?
The primary reason for collecting and processing your personal data is to provide direct care, and we process the majority of this data under GDPR Article 6 (1) (e) and Article 9 (1) (h) (GDPR).
WHAT DO WE DO WITH YOUR PERSONAL INFORMATION?
In general, your records are used to direct, manage, and deliver your care so that employees involved in your care have accurate and up-to-date information to assess your health and determine the best course of action for you.
DO I HAVE TO SHARE MY DATA?
Some of your information must be disclosed to us in order for us to fulfil our legal obligations as a healthcare provider, but the majority of it is to ensure that you receive safe and effective care.
Basic contact information, your date of birth, and any relevant healthcare information that may affect your treatment or the safety of our staff are all required disclosures.
Please consider all health-related questions mandatory, as our clinicians will usually require this information to ensure that your treatment is appropriate and that your diagnosis is correct.
You can always ask for clarification on why your data is needed and how it will be used in response to any request we make of you, and there is no need to be embarrassed because our clinicians have seen a wide range of conditions over the years.
Failure to notify us of certain information may result in an incorrect treatment that is at best ineffective and, in some cases, harmful. Failure to disclose accurate information about recent sun exposure, for example, during laser treatment may result in burns or complications, when the appropriate course of action may be to ask you to return when your skin has returned to its normal colour. Failure to disclose blood thinner information during microneedling may result in difficulty stopping the bleeding and an increased risk of complications.
Please be aware that failure to disclose personal data required for accurate diagnosis or safe and effective treatment may result in us being unable to provide you with any further care or treatment at the clinic.
The clinicians involved in your care and the clinic manager make all treatment decisions. We reserve the right to refuse treatment for any reason, including concerns about the accuracy of the information provided, concerns about your physical or mental well-being, concerns about the necessity of the procedure, or simply because the clinician does not feel comfortable performing the procedure on the day. At all times, your safety will be our top priority.
HOW WILL WE COLLECT YOUR INFORMATION?
The majority of the information we have on file for you came directly from you in the form of verbal questions and written forms.
We will keep your information limited to your health when taking notes, but please be aware that we may occasionally capture other relevant information that you share with us.
For example, if you tell a receptionist that you are going on vacation for a while, we may make a note of it in a phone note to ensure that we do not book you a follow-up appointment while you are away.
Please keep in mind that any information you share with us will be kept strictly confidential for the purposes of direct care, and access will be limited to those involved in providing or administering your care. If you have disclosed any information to us that you do not want us to record in your notes, please make it clear to us that this information should be excluded from your notes.
Here's a quick rundown of how we might gather information from you:
Consultation: Based on what you have discussed with the clinician, our clinicians may take notes during or after your consultation. These notes may contain personal information about your health or care, as well as professional opinions about your diagnosis or treatment options.
Consent Forms: You can give consent for treatment either verbally or in writing, but we will often ask you to sign a written consent form to ensure that you understand the risks and nature of the treatment you are receiving. During your consultation, your clinician will thoroughly explain your diagnosis and treatment options, and the consent form confirms that you understand this information.
Telephone Notes and Conversations: Details of any phone conversations we have with you may be recorded by our administrative team or clinicians. This is to assist us in providing the best possible care.
Emails and letters: Any correspondence between the Organisation and you will be considered part of your medical record in most cases.
Patient Surveys: We may ask you to complete a satisfaction survey from time to time in order to provide feedback on the services we provide.
WHEN DO WE SHARE YOUR INFORMATION?
We share information about you with others who are directly involved in your care, as well as with others who are indirectly involved in your care, as described below.
RECORDING OF CALLS
Telephone calls to the service may be recorded for the following reasons: to prevent crime or misuse; to ensure that employees follow Organization procedures;
To ensure quality assurance; training, monitoring, and service enhancement are all part of the process.
AUTOMATED VOICE REMINDERS AND SMS TEXT MESSAGING
We send your appointment details via SMS text message to your phone number(s), and we also send automated reminder calls a few days before the appointment.
Most of our patients appreciate these reminders, and we know they help reduce missed appointments, but if you do not want to receive them, please let us know.
VIDEO / MEDICAL PHOTOGRAPHY
To provide the best possible care for our patients, we may occasionally request your permission to photograph your skin problem in order to discuss your treatment with other consultants and skin specialists via email.
We will never use or disclose any of your information for marketing purposes or to third parties without your explicit and express consent.
We may occasionally ask for permission to photograph or film your treatment for marketing or patient education purposes; however, if this is the case, you will be asked for your explicit and unambiguous consent to allow us to share your photographs, and you are completely free to object without affecting the care you receive.
HOW TO GET TO YOUR RECORDS
You have the right to obtain a copy of any information held about you. This is referred to as a Subject Access Request (SAR). A SAR allows patients to request information on how we use and share their data, as well as specifics on what information we have.
A subject access request, on the other hand, goes beyond this, and an individual is entitled to be:
informed if any personal data is being processed;
Given a description of the personal data, the reasons for processing it, and whether it will be shared with any other organisations or individuals;
Given an electronic or paper copy of their personal data;
Given information about the data's source (where this is available).
Requests must be made in writing to the DPO at the clinic where you were seen, and must be accompanied by proof of identity (see the section below). This is to ensure that your records and information are only released with your express permission and that we keep all of your information confidential.
We will then provide you with your information within one month of receiving: your written request;
Evidence of your identity; authority to act on someone else's behalf (if applicable);
An indication of what information you are looking for so that the service can find it quickly.
CONFIRMING YOUR IDENTITY IN ORDER TO REQUEST SUBJECT ACCESS
To avoid sending personal data about one person to another, either accidentally or through deception, we must be confident that we know the full identity of the requester and that they have the necessary authority to receive the information. As a result, we will request sufficient information to determine whether the person making the request is the individual to whom the personal data pertains (or a person authorised to make a SAR on their behalf).
YOUR RIGHT TO DATA TRANSMISSION
Wherever possible, we support the right to data portability. You have the right to a copy of your information in a portable format, either electronic or paper-based, under GDPR. We will typically provide your information in Adobe PDF document format, or as a simple paper printout.
Please notify us if you require your records or any information we have on file for you in an alternate or specific format, and we will do our best to accommodate your request. We will provide you with your information for free.
YOUR RIGHT TO REMOVE
If you want us to delete some of the information we have on file for you, please contact our DPO, and we will consider your request.
We cannot guarantee that all requests will be met because we have some legal responsibilities that may require us to keep your data, but if the erasure can be performed without jeopardising our legal obligations, we will gladly consider it.
Please keep in mind that we may need to keep some of your records on file in order to establish, exercise, or defend legal claims.
YOUR RIGHT TO INFORMATION IN DIFFERENT FORMATS
If you require information in an alternative format due to a disability during your interactions with us, please notify a receptionist. We will gladly provide large print or audio versions of any documents used in the service. Consent forms; prices; treatment or patient information; correspondence or pathology results are some examples.
RETENTION OF DATA
Unless otherwise specified, any information you share with us will be treated as part of your medical record. We will keep your information for 7 years from the date treatment has concluded, before reviewing and destroying if it is no longer needed.
ACCURACY OF DATA
Please notify us if you believe any information we have on file for you is incorrect.
HOW WE WILL NOTIFY YOU IN THE EVENT OF A DATA BREACH
In accordance with the GDPR, if a data breach occurs and your data is compromised as a result of the breach, we will promptly notify you of the nature of the breach and which data may have been compromised. We take data security very seriously and work hard to ensure that your data is always secure. We have detailed risk assessments, policies, procedures, and technical measures in place to protect your data, and if a data breach occurs, we will notify the ICO in accordance with our breach policies and GDPR legislation.
STATEMENT ABOUT EQUALITY
This Policy is part of the Organisation's commitment to fostering a positive culture of respect for all employees and service users. The goal is to identify, eliminate, or reduce discrimination based on protected characteristics (race, disability, gender, sexual orientation, age, religious or other belief, marriage and civil partnership, gender reassignment, and pregnancy and maternity), as well as to promote positive behaviour and value the diversity of all individuals and communities. This Policy and its impact on equality have been examined as part of its development, and no disadvantages have been identified.