Alongside offering the best possible care, a medical practice has a duty to preserve patient confidentiality. A duty we take seriously, part of feeling safe when seeking treatment.
You are asked to provide personal information when joining the practice, so we can provide optimum health care for you. As far as the law and urgent treatment allow, we will protect your information.
Whether through emails, or telephone calls, or when meeting in person, your wishes on data confidentiality are observed.
We never pass your data to a third party, unless we have a contract with them to process this on our behalf. For referrals to hospitals, or other practitioners, your agreement to share data will normally be sought.
Our practice aims to meet professional guidelines and legal requirements. These include the Data Protection Act (DPA) 2018, the General Data Protection Regulation (GDPR) and guidelines from the Information Commissioner.
Regulation & Your Rights
The DPA 2018 increased protection and implements EU wide, General Data Protection Regulation (GDPR). This gives people more control over how personal data is used, along with greater fairness and transparency.
The focus of regulation is on complex data gathering organisations, personal profiling and consent. Whilst we only gather data as part of an open, medical process, keeping in line with regulation still makes sense.
The data controller for information collected via this website is Kamal Kamali, who is also the information governance lead. He is a senior staff member at the practice, 284 Elgin Avenue, Maida Vale, London W9 1JR.
Our lawful basis for processing your data is legitimate interest in meeting client requests, where potential clients freely provided their data. This is retained as long as needed and may be kept on record for future care.
You should be aware of your rights under GDPR:
- To know what information is collected and how – In this case supplied by you, via a form, or direct email.
- To understand how your data will be used – Our clinic only use your personal data for medical reasons.
- To access your data and have this corrected, or deleted – We are happy to comply within the month allowed.
- To know if your data will be shared – Other than internally, we may share data with medical services.
- To be aware of unknown, or untoward effects – More applicable to social, or ads, we knowingly cause no ill effect.
- Not to be subject to automated decision making, or profiling – Again, more ad, or social network related.
If you have any queries on GDPR compliance, please contact us. You also have a right at any time to raise concerns with the Information Commissioner’s Office (ICO) about the way your data is being managed.
Personal Data Policy
Beyond legislation, a key aspect of protecting personal information is understanding why you are collecting this and identifying what is necessary:
- Before, or at the time of collecting information, we identify the purposes of collection.
- Information will be collected solely to fulfil these purposes, or for related objectives.
- We only retain information as long as necessary, for the fulfillment of these purposes.
- Every effort is made to ensure data remains relevant, accurate, complete and up to date.
- Information is never shared for commercial reasons, only to follow medical objectives.
- Data is protected by reasonable security safeguards, against loss, or unwanted access.
- Data is collected by lawful, fair means and where possible, with personal consent given.
This approach fits with legislation and our belief that your data is your property, to be used for purposes you would accept.
The categories of data we process are:
- Personal data for the purposes of staff and self employed team member management.
- Personal data for contact, or marketing by mail, email, text, or other established routes.
- Special category data including health records to assist in the delivery of health care.
- Special category data including health records and CRB checks for our team members.
If you are a patient of the practice, or simply a known contact, you have the right to withdraw consent for us to process personal data. This includes notifications, newsletters, surveys, or marketing of any form.
We have carried out a Privacy Impact Assessment and you can request a copy from us. Copies of our Data Protection & Information Security Policy, or Consent Policy & Information Governance Procedures are also available.
The only cookies used on this website are for Google Analytics, a secure service, which does not in any event record personal data.
The sole objective is to understand user behaviour and improve our website. Patient input matters and web data can help the services our clinic offers, along with ensuring required information is available to patients.
Comments & Complaints
On both personal and information privacy, we are committed to the principles above and to the importance of confidentiality. If you have any comments, or concerns on these points, please get in touch with us.
Kamal Kamali is responsible for information governance and can be contacted in writing at 284 Elgin Avenue, Maida Vale, London W9 1JR. You are equally welcome to discuss points during a visit, contact us via this email link, or call 0207 286 1830.
If you are unhappy with our response, or need advice, you should contact the Information Commissioner’s Office on 0303 123 1113. They can investigate your claim and take action against misuse of personal data.