In providing your care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.
Information that we collect
We may collect the following information about you:
- Personal details such as your name, date of birth, address, telephone number and email address
- Information about your general health, including
- Clinical records made by clinicians and other health care professionals involved with your treatment
- Medical histories
- Treatment plans and consent
- Notes of conversations with you about your treatment
- Dates of your appointments
- Details of any complaints you have made and how these complaints were dealt with
- Correspondence with other health professionals or institutions
- Details of the fees we have charged, the amounts you have paid
James Hogg Podiatry Ltd is responsible for keeping secure the information about you that we hold.
Our Data Protection Officer (DPO), ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly. The DPO assigned at James Hogg Podiatry Ltd is the Practice Manager.
Those at the practice who have access to your information, include clinicians involved with your treatment and administrators responsible for the management and administration of the practice.
How we use your information
To provide you with care and treatment that you need, we require up-to-date and accurate information about you.
We will seek your preference for how we contact you about your care. Our usual methods are telephone, text message, email or letter.
We may use your contact details to inform you of products and services available at our Practice.
Your information is normally used only by those at the practice but there may be instances where we need to share part of it, for example, with:
- Your doctor
- The hospital or community services or other health professionals caring for you
We will only disclose your information on a need-to-know basis with your permission and will limit any information that we share to the minimum necessary.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
Keeping your information safe
We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to ensure security of the practice premises, the practice filing systems and computers.
We use high-quality specialist software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.
Where we share your personal data with third parties to enable us to provide your care, we ensure the third parties comply with GDPR in the following ways:-
- Private referrals are sent though the post or via e-mail
We keep your records for 8 years (adults) after the date of your last visit to the Practice. The hard copy records stored in our filling systems are then destroyed confidentially, we shred all documents that contain confidential information. Obsolete hard ware is destroyed.
Access to your information and other rights
You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.
You can also request us to:
- Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
- Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your treatment)
- Stop using your information – for example, sending you reminders for appointments or information about our service
If you do not agree
If you do not wish us to use your personal information as described, you should discuss the matter with the DPO at the practice. If you object to the way that we collect and use your information, we may not be able to continue to provide your treatment.
If you have any concerns about how we use your information and you do not feel able to discuss it with anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).