THE LONDON PODIATRY CENTRE PRIVACY NOTICE
The London Podiatry Centre is a Care Quality Commission (CQC) registered Podiatry facility. We are regulated to undertake diagnostic and screening procedures, surgical procedures and the treatment of foot disorders.
Our aim is to comply with General Data Protection Regulation (GDPR), 2018 and other legal acts that ensure we maintain full and accurate records of the care we provide for you and keep this information confidential and secure.
This privacy notice will set out information about the data we collect, how we protect your data, confidentiality and information security and your rights to erasure. It also tells you how you can obtain access to the information relating to your healthcare.
What information do we collect?
We collect information about you such as your name, address, General Practitioner (GP) and contact details alongside any health related information required for the delivery of your care. This data will be collected when you register with us, or sent to us if you have been referred to us from a third party (e.g. General Practitioner, Insurance Company, other health care professionals). We also enter clinical notes which document your encounters with our clinicians and these are held on our secure Private Practice Software (PPS). Collecting this data will enable us to provide you with the appropriate care and treatment that you need.
This information collected may be recorded in writing (e.g. on an assessment form or letter), or electronically on a computer, or a mixture of both.
When you arrive for an appointment, our staff will check your details to ensure that our records are accurate. You will be asked read an information sheet and to sign a consent form which will be attached to your electronic record and you will also be given a paper copy. To assist with this, it is important that you notify us of any changes to your personal details (e.g. address, contact number) and arrive early for your appointment where possible so we can expedite this information prior to your appointment.
How do we use the information we collect to help you?
We will use the information we collect about you to ensure a high quality of health care in the following ways:
To inform General Practitioner’s, or healthcare professionals involved in your care that need accurate information about you to assess your health and deliver the health care you need.
To ensure accurate information is available if you need to be referred to another health professional or 3rd party.
To assess the type and quality of care you have received and may require in the future.
To support clinic and treatment appointments by sending you electronic and or paper based appointment reminders. To support clinic and treatment appointments by sending you encrypted electronic clinical notes.
To ensure your concerns can be properly investigated if you are unhappy with the care you have received.
How else could your information be used?
The information we collect about you may also be used to help us:
ensure the health of the general public
review the care we provide to ensure it is of the highest standard
collect clinical audit information
arrange payment for the person who treats you
investigate incidents, complaints or legal claims
conduct health research and development
to ensure that our service can meet patient needs in the future
teach and train healthcare professionals
If we need to use your information for training purposes, we will ask you for written consent prior to using your information. In these cases, your information will be anonymised.
Do we share information about you with anyone?
There are times when it is appropriate for us to share information about you and your healthcare with others. We may share your information with the following main partners:
General Practitioner’s or other health care professionals involved in your care
The National Health Service
The Department of Health
The Care Quality Commission
If you are receiving care from other people (such as Social Services), then we may also need to share relevant information about you to help us work together for your benefit.
We will not disclose your information to third parties without your permission unless there are exceptional circumstances such as the health and safety of another person is at risk or where the law requires information to be passed on. Occasions when we must pass on information include:
reporting some infectious diseases
to help prevent serious crime
when ordered by the court LPC Privacy Notice, v1 04.2018 / Review: 04.2019 3
when you have expressly agreed for us to pass on information
when notifying the CQC of a serious incident
In all cases where we must pass on information, we will only share the minimum amount of information required and where possible data will be anonymised (i.e. does not identify you personally). Anyone who receives information from us also has a legal duty to keep it confidential.
We will always try and obtain your consent wherever possible and inform you if your information is to be shared.
We will only give information to your relatives, friends and carers if you consent to this and we have obtained your consent.
How we keep your information secure and confidential?
We protect your information in the following ways:
Training - Staff are trained to understand their duty of confidentiality and information governance and their responsibilities regarding the security of patient information both on our premises and when out in the community.
Access controls - Any member of staff being given access to patient information on our patient records system, PPS, can only do so with a username and password. All of our PC screens have privacy controls and will be locked when staff is away from their desks.
Investigation - If you believe your information is being viewed inappropriately, please notify us immediately, we will investigate and report our findings to you. If we find that someone has deliberately accessed records about you without permission or good reason, we will tell you and take action. This can include disciplinary action, termination of employment, or bringing criminal charges where appropriate.
Legislation - There are laws in place to protect your information, including the General Data Protection Regulation (GDPR), 2018 and the Human Rights Act 1998.
How long do we keep your data?
The GDPR requires that we can retain your personal data for no longer than is necessary for the purpose it was obtained for. The Act does not set out any specific minimum or maximum periods for retaining personal data. Instead, it says that:
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Consider the purpose or purposes we hold the information for in deciding whether (and for how long) to retain it;
Securely delete information that is no longer needed for this purpose or these purposes; and
Update, archive or securely delete information if it goes out of date.
In some cases where we collect gait analysis data and surgical records, we do retain this information as it may be necessary in future to use the data for comparative reasons to assess any changes that can occur over time.
Can my data be erased?
The GDPR introduces a right for individuals to have personal data erased. This is known as the right to erasure. However, the right is not absolute and only applies in certain circumstances. Should you wish to any of you have your data erased from our system, then you can do so by making a request for erasure verbally or in writing and it is our obligation to respond to you within one month of the request.
Can you obtain the information we collect about you?
Under the GDPR, 2018 individuals have the right to access their personal data and supplementary information.
You have the right to apply for access to the information we hold about you, whether it is stored electronically or on paper. We have a duty to provide this information in a format that is accessible to you (e.g. large print or Braille) and in a way that you can understand, explaining any abbreviations where necessary.
We are obliged to provide you a copy of the information free of charge. However, we also have the right to charge ‘reasonable fee’ when a request is excessive, particularly if it is repetitive. The new statutory limit for subject access requests and providing a response is within one month of receipt of your formal request.
We also have the right to charge a reasonable fee to comply with requests for further copies of the same information. The fee will be based on the administrative cost of providing the information.
If you would like to submit a subject access request for information, please contact our administration team.
Data Protection Officer
Our nominated Data Protection Officer (DPO) is Mr Ron McCulloch, should you wish to activate you right to erasure or request copies of the information we hold about you, please send an email to firstname.lastname@example.org with your request and our DPO will contact you for further details.
Review of our policy
To ensure we are following the appropriate guidelines and making sure that your data is adequately protected, we will review this policy and update it when required.
Should you have any questions about this privacy notice, please contact one of our administrators who will direct you to the right person to speak with or email us on email@example.com
LPC Privacy Notice, v1 04.2018 / Review: 04.2019