Data Protection: Privacy Notice for Patients
My responsibility
As your consultant I am obliged to keep medical records and communicate with other healthcare professionals including but not confined to your general practitioner, nursing staff, physiotherapists and other hospital doctors. I also have an obligation to protect your data.
I act as a data controller. In order to invoice, interact with insurers and fulfill my obligations with HMRC, and I need to share your data (including name, date of birth, email, address and telephone numbers) with my secretaries, an invoicing company and my accountancy firm. The details are outlined below:
Invoices: Medserv
Accountants: Magnes Accountants
The details regarding your medical conditions are confined to investigations, procedures undertaken at University Hospital Coventry and Warwickshire, Spire Southbank, Warwickshire Nuffield or BMI Meriden Hospitals and dates of attendance for consultation or surgery only. This information will only be shared by me and my team with the people / companies mentioned above for the purposes of invoicing you, insurance companies or other health care providers. This will only be done by email or post and through a password protected database.
Details of your name, address and telephone numbers are provided only to my invoicing and accountancy firm. This will only be done by email and held on a password protected database in order to comply with HMRC audit purposes. This will only be kept for a reasonable period following your ongoing care.
In order to comply with General Data Protection Regulation (GDPR) https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/, I need to make you aware of the use of your data for these purposes and seek your consent to do so.
By giving me your email address, you are consenting for me to use this address for correspondence about your requests for treatment, your medical history and any other information that you provide. Some patients request pre and post operative photographs, which are also sent to you by email, if you wish.
Your responsibility
You acknowledge that you have understood the need to share your data for the purposes outlined above, that you have a right to request what data is held about you and that you have a right to withdraw your consent to share this data at any time.