Privacy

PRIVACY NOTICE

The European General Data Protection Regulation (GDPR) came into force on May 25th, 2018 and is now Law. It has changed how businesses and public-sector organisations handle the information of customers.

Consultants as data controllers are required to provide patients with a notice that sets out how their data is collected and used. This is called a Privacy Notice (PN)

This privacy notice explains why we collect information about you, how that information may be used and how we keep it safe and confidential.

Why we collect information about you

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received. These records help to provide you with the best possible healthcare.

We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health.

  1. What information is being collected?

a) Dr Brull will record your name, date of birth, address, email address, telephone number, employment, details of other individuals involved in your care and clinical information related to your current and past medical problems. 

  1. Who is collecting data?

a) Practice staff will record basic demographic and contact information on a registration form in order to contact you if required. Dr Brull as the Clinician involved in your care will collect this and all relevant medical information. 

  1. How is it collected?

a) The information is recorded as a written document (medical record). 

  1. Why is data being collected?

a) It is collected in order to provide a contemporary record of your medical care should it need to be referred to in the future in order to ensure good clinical care. 

  1. How will data be used?

a) It will be used as part of your medical record and as a means of managing your medical condition as part of the medical record. 

  1. Who will data be shared with?

a) For clinical care, the information will be shared with your permission (implied for GP and other practitioner referrals) with the referring clinician and other clinicians directly involved in your care. Your information will not be shared with third parties without your explicit consent.

b) Dr Brull does not routinely pass on data. Medical records are stored confidentially in line with General Medical Council guidelines. 

  1. What will be the effect of this on the individuals concerned?

The intended effect is to facilitate high standard clinical care. It is not thought that the intended use of this information is likely to cause individuals to object or complain.

  1. Access to your health information

You have a right to access or view information that Dr Brull holds about you and to have it amended or removed should it be inaccurate.  

  1. Objections / Complaints

If you have any concerns about how your data are managed or shred then please contact Dr Brull directly. If you are still unhappy despite further discussion you have the a right to lodge a complaint with the Information Commissioner www.informationcommissioner.gov.uk

DATA PROTECTION CODE OF PRACTICE

Our data protection code of practice lays out our procedures that ensure Dr Brull and Practice Employees comply with The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) 

DATA INVENTORY

Consultants, as data controllers, are required to maintain an up to date, written data inventory.

WHAT THE DATA INVENTORY COVERS:

  1. Types of data that are stored

a) Identifiable clinic letters and medical records relating to patients detailing clinical care and medical history. 

  1. Why data are stored

a) This information is stored in order to facilitate ongoing clinical care of patients.

  1. Where and how the data types are stored

a) The information is initially documented on paper then scanned and uploaded to a password protected cloud-based server for which Dr Brull has sole access.

b) Paper records are stored securely in a locked filing cabinet. Current files are uploaded then paper records are confidentially disposed of.

c) Dr Brull may email data on request, using an email client with end to end encryption (secure emails from nhs.net or using EGRESS). They have their own GDPR policy for data protection and are separately registered with the ICO.

Please note emails from your personal email to enquiries@privatecardiologist.co.uk may not be encrypted by your provider. 

  1. How the data and storage devices are secured.

a) PDF files are uploaded to a GDPR compliant password protected cloud-based server (Dropbox for Business).

b) The files are accessed by Dr Brull by logging on securely to the cloud-based server via a password protected personal device (tablet, laptop). 

RECORD OF PROCESSING

Consultants, as data controllers, are required to maintain an up to date record of data processing:

  1. How and why data is collected and processed

a) The data is collected in written format and documented in paper or electronic format (PDF) by Dr Brull and may be sent on to Dr Brull’s practice management staff using a secure email account. Other third parties may include: a separately employed medical secretary, Private or NHS medical professionals (GPs and other clinicians), Solicitors (in medicolegal cases), transcription services and billing companies (each have their own processes in place to ensure confidentiality). 

Dr DAVID BRULL PRIVATE PRACTICE

Centre of Human Health and Performance
76 Harley Street
London W1G 7HH

Telephone: 020 7637 7677
Facsimile:  020 7631 4476

Practice Manager: Jo Parman
Clinicmanager@chhp.com

020 7637 7677

 

Hospital of St John & St Elizabeth
60 Grove End Road
London NW8 9NH
Telephone:  020 7806 4080
Facsimile:   020 7806 4081

999 Medical Centre
999 Finchley Road
London NW11 7HB

Telephone:  020 8455 9939
Facsimile:   020 8455 9989

NHS PRACTICE

The Whittington Hospital
Highgate Hill
London N19 5NF

Telephone: 020 7272 3070
Facsimile:  020 7288 5010