How we use your personal information
What is personal data?
Personal data is information relating to an identified or identifiable person. Examples include an individual’s name, age, address, date of birth, gender and contact details. Personal data may also contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health.
Therapists in this clinic who provide you with care maintain records about your health and any treatment or care you have received. These records are used to help to provide you with the best possible healthcare.
Our records may be electronic, on paper or a mixture of both, and we ensure that your information is kept confidential and secure.
Personal data we collect
Records this Practice hold about you may include the following information;
Details about you, such as your name, address, carers, legal representatives and emergency contact details.
Any contact the clinic has had with you, such as appointments, clinic visits, emergency appointments, etc.
Notes and reports about your health
Details about your treatment and care
Results of investigations such as laboratory tests, x-rays, etc.
Relevant information from other health professionals, relatives or those who care for you
Why do we need your personal data?
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the practice. Information may be used within the practice for clinical audit to monitor the quality of the service provided.
Sometimes your information may be requested to be used for research purposes – the practice will always gain your consent before releasing the information for this purpose.
The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests and apply irrespective of the form in which records are held.
We will retain your medical records at the end of any contractual agreement for 8 years from your last visit. This data will be retained for the protection of our patients and practitioners by providing a history of the healthcare you received.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
Data Protection Act 1998 and General Data Protection Regulation 2018
Health and Social Care Professions Council (HCPC) Code and Rules
Every practitioner or member of staff who works in this practice has a legal obligation to keep information about you confidential. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on.
Who might we share your data with?
We may have to share your information, subject to strict agreements on how it will be used, with the following organisations;
NHS Trusts / Foundation Trusts
Independent Contractors such as those who provide imaging services (e.g. MRI, X-Ray)
You will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen when this is required.
Access to personal information
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
The right to be informed about the personal data being processed;
The right of access to your personal data;
The right to object to the processing of your personal data;
The right to restrict the processing of your personal data;
The right to rectification of your personal data;
The right to erasure of your personal data;
The right to data portability (to receive an electronic copy of your personal data);
Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
In order to request this, you need to do the following:
Your request must be made in writing to your Therapist
You will need to give adequate information (for example full name, address, date of birth, and details of your request) so that your identity can be verified, and your records located.
Protecting your data
Record holders are under a legal and ethical obligation to maintain records safely and securely. We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our practice and with authorised third parties.
DATA PRIVACY REPRESENTATIVE
To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Representative. The Data Privacy Representative is Ian Ford, who may be contacted at: Mirage Health and Wellbeing, Lake House, 1 East Lake, Bognor Regis, West Sussex, PO21 1FY
Objections / Complaints
Should you have any concerns about how your information is managed at the practice, please contact the Clinic Director. Ian Ford
If you are still unhappy following a review by the practice, you have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure and confidential is:
Ian Ford (whoever is registered with the ICO for Mirage)
How to contact us
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact our Data Privacy Representative at Mirage Health and Wellbeing, Lake House, 1, East Lake, Bognor Regis, West Sussex, PO21 1FY or by telephoning: 01243 820330