How we use and share your information to help you
Effective Date: 26 February 2020
For the purposes of data protection law we will be a data controller of your personal information. As a data controller we will make the decision as to how and why your personal information is used, and means that we have a duty to ensure your rights are protected. We are registered with the UK Information Commissioner’s Office.
Phone: 0333 200 3338
Post: Ghosh Medical Group, Rodney Street, Liverpool, L1 9ED
How we collect your personal information
We collect your personal information in the following ways:
- When you complete forms such as new patient forms
- When you give us information during a medical consultation
- When you contact us including over the telephone, through our website, by post or by email
We may receive your personal information from third parties in the following ways:
- If you have been referred to us for treatment by another medical professional, the medical professional that refers you to us
- Other healthcare professionals involved in your care
- Other referral agencies such as advertisements
Keeping a record of your care
We need to keep a record of your health and any treatment or care you receive from us to ensure that:
- Professionals involved in your care have accurate and up-to-date information
- We have all the information necessary for assessing your needs and providing excellent care
- Your concerns can be properly investigated if you raise a complaint
- Accurate information about you is available if you:
- Move to another area
- Need to use another service
- See a different healthcare professional.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- We can comply with our legal obligations
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal details change.
Your record may include some or all of the following:
- Your name, address, telephone numbers, email address and date of birth
- Any contact we have had with you, such as appointments, correspondence etc.
- Notes and reports on your health
- Details of your treatment and care
- Results of investigations such as laboratory tests, x-rays, photographs etc.
- Information on medicines, side effects and allergies
- Relevant information from people who care for you or know you well, such as health professionals and relatives.
- The staff who see you may also add notes on their professional opinion.
If you wish us to, and it is practical, we will discuss and agree with you what we are going to enter on your record and show you what we have recorded.
How we will contact you
Unless you have given an additional consent, we will not contact you for purposes other than:
- To arrange your medical appointment
- To give you any necessary instructions as to what you need to do before you visit us
- Follow up of care (including notifying you of test results)
- Collecting your views about your contact with us including the care and treatment you receive
- Settlement of any account that may be due, if appropriate
- Complaints and concerns handling.
We take your privacy seriously so please let us know how you want us to contact you.
If you provide a mobile phone number: we may ring, leave a message or text you, so tell us if you do not want us to do so.
If you provide a landline: we may ring or leave a message, so tell us if you do not want us to do so.
Please read all the points below before providing us with your email address
If you provide us with your email address: we may use it to send certain health information, unless you have told us not to do so.
Please note that:
- Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). However, although our own systems are secure, it may be possible to intercept your email when it is being sent over the internet.
- Be aware also that if you share your computer with others they may be able to read your emails.
- If you email to contact us in relation to a query or to ask about an appointment, do not give more personal information than we need to process your request.
- Do not ask us to email you medical details that you would not want seen by other people.
- If you have an urgent question or feel unwell after going home after treatment contact an emergency service e.g. 111 NHS emergency service or 999 for life threatening conditions by telephone, do NOT email.
Keeping your records safe
Our guiding principle is that we hold your records in strict confidence. We abide by the law and observe good practice in maintaining confidentiality and appropriate information security.
Your personal information may be processed electronically, on paper or a mixture of both. We employ a variety of physical, technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases (including medical records, images and details of prescriptions) are stored on secure computer systems and we control who has access to them (using both physical and electronic means including firewalls and password protection). Our staff receive data protection training and we have data protection procedures which our staff are required to follow when handling your personal information.
We have a Caldicott Guardian who is responsible for protecting the confidentiality of patient information and making sure that information is only shared where it is appropriate.
How long your records are kept for
Information about you will be kept for the retention periods outlined by the Department of Health. Records are securely destroyed after the time periods set by the Department of Health.
How your records are used
We use your records to:
- Ensure that any treatment or advisory services we provide to you are based on accurate information.
- Send a letter about your care to your GP or other health professional at the end of your treatment, unless you tell us not to do so.
- Work effectively with other services providing you with treatment or advice.
- Monitor the quality of our care and help us to understand the outcomes of care.
- Investigate any concerns or complaints you or your family have about your health care.
- Provide information that is needed for financial transactions in relation to payment for treatment, such as billing. For private patients this may include details shared with your insurance company. If you have any concerns about this, please contact your insurer.
In addition we may use your records in anonymised form (i.e. with your name and other details that could identify you removed) to:
- Monitor and improve the quality of care received by patients
- Protect the health of the general public, for example we may share anonymous and aggregated patient information with organisations such as the National Institute for Clinical Excellence and the Cancer Registry for research or statistical purposes
- Train and educate our staff.
Sharing your personal information
We will not share your personal information with any unrelated third parties except:
- where we have your permission;
- where required in order to perform the obligations on us under any contract we enter into with you;
- to our professional advisers for the purposes of obtaining professional advice or establishing, exercising or defending legal rights (for instance lawyers and insurers);
- to our suppliers (for instance suppliers that provide us with IT services);
- where we are required by law and to law enforcement agencies, government entities, tax authorities or regulatory bodies (including for example reporting some infectious diseases or when a court order instructs us to do so).
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third party service providers to use your personal information for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will not share your personal information with third parties for marketing or market research without your explicit consent.
Sharing your personal information where necessary for your care and treatment
To make sure you receive all the care and treatment you need, we may need to share the information in your health record with other organisations. These other organisations could include:
- Other healthcare professionals, such as doctors, pharmacists, and pathology and radiology staff involved in the analysis and reporting of diagnostic tests
- Other hospitals and private sector organisations involved in your care
- Local authority departments
- Our regulators including the Care Quality Commission and the Department of Health
- Voluntary organisations providing on-going support
- Your insurers, if your treatment is being paid for through private medical insurance
You can object to your personal information being shared with other healthcare providers or carers, please tell the team looking after you. Not sharing your information may affect the care that can be provided to you; we will tell you at the time if this is the case.
Sharing personal information with your family and friends
We will not share information with your family or friends unless you ask us to do so. If you do ask us to keep a family member or friend informed we will only share information with those you have named and we will share information on a need to know basis only. Sometimes this means refusing to disclose information about you to someone who feels they should know about your treatment and progress. Please make your family and friends aware of this.
We are registered with the Care Quality Commission (CQC). The Care Quality Commission is the independent regulator of health care and they also protect the interests of people whose rights are restricted under the Mental Health Act. They routinely inspect our premises to quality check information we hold, to check that we are observing all necessary and statutory guidelines for use of your data and the services we provide in line with the Health & Social Care Acts. This is designed to ensure that patients using services are protected and receive the care, treatment and support they need. These inspectors have the authority to access personal information without the permission of patients.
Where will we keep your personal information?
We will usually keep your personal information within the European Economic Area (EEA). If we or one of our third party service providers or subcontractors (such as our IT service providers) need to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with relevant data protection law, are in place.
If you have ongoing care and treatment outside the EEA, we may send your personal information to those providing that ongoing care and treatment. If you wish, we can give you the documents so that you have physical control over this information.
Please contact us if you would like further information about how we protect your personal information when transferring it out of the EEA.
Your legal rights
You have the right to:
- request access to your personal information;
- require us to correct any incomplete, inaccurate or out of date personal information which we hold about you;
- withdraw your consent (if we are relying on consent as our lawful basis for using your personal information);
- require the erasure of your personal information (although there may be legal reasons why we can’t comply with your request but we will tell you at the time if they apply);
- require us to restrict processing of your personal information, in certain circumstances;
- request the transfer of your personal information to you or a third party, in a structured, commonly used and machine-readable format and/or transmit that personal information to a third party, in certain situations; and
- object to our continued processing of your personal information where we are relying on a legitimate interest, in certain situations (although there may be legal reasons why we can’t comply with your request but we will tell you at the time if they apply).
We will always try to respond to your request to your satisfaction however there may be situations where we are unable to do so (for example if we are required by law to keep your personal information).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Obtaining a copy of your record
If you wish to apply for access to the information we hold about you. Please note:
- You should send your request in writing to Ghosh Medical Ltd by post to Ghosh Medical Group, Rodney Street, Liverpool, L1 9ED United Kingdom or by email to email@example.com.
- You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth, Ghosh Medical Ltd unique identifier number (if known).
- We may need to request specific information from you to help us confirm your identity (for example your NHS number, passport or driving licence). This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
- We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.
Ghosh Medical Limited
Registered office address: The Barns 5 Village Road, Oxton Village, Prenton, England, CH43 5SR
Company number: 07855106
Registered in: England and Wales
- A convenient and effective way for you to access private health care services when you need it.
- We can tailor your treatment to your needs
- A range of finance and payment options available
- We offer a friendly, trustworthy and above-all-else familiar service.