London Bridge Hospital, SE1 2PR
Privacy Notice Sports Injury Diagnosis. Dr Stephen Motto – Summary
Dr Motto and his secretary will store securely any information you give us: name address date of birth, gender, phone number, e-mail address, your current and past medical history , family medical history and private medical insurance details.
You have either given us this information yourself or you may have consented to another health professional, GP, consultant, or physio to give it to us.
We will only use this information to enable Dr Motto to give you the best medical care. We will only pass it on to other health professionals who Dr Motto recommends you to see and who you have agreed should receive the information: consultants, your GP, physio , podiatrist, Imaging ( Xray/Ultrasound) or MRI staff or laboratory staff ( blood tests), Outpatient/Registration staff
We will store your data securely. Physical notes are stored in lockable filing cabinets in our office at St Olaf House, London Bridge Hospital, which is locked outside office hours.
Electronic records are stored on a remote cloud-based system hosted by DGL Practice Manager, ClanWilliam Health which is password secured . Computers and phones which can access Dr Motto’s e-mail accounts are password protected.
Any information transfer via e-mail will be encrypted using Egress Switch when sent to you or any other medical agency.
Dr Motto does not use your data for marketing purposes. Dr Motto may send you an e-mail asking you to take part in a survey in order to evaluate and improve Dr Motto’s treatment for his patients.
Your records will be kept for 8 years after the last treatment date and then shredded securely.
Privacy Notice Dr Stephen Motto (Dr Stephen Motto Ltd and Sports Injury Diagnosis) – The Details
Your personal data is data which by itself or with other data available to Dr Stephen Motto can be used to identify you as an individual. Judith Motto is the data controller. This Privacy Notice sets out how Dr Stephen Motto will use your personal data. You can contact our Data Protection Officer (DPO) at St Olaf House, London Bridge Hospital, 27 Tooley St., London SE1 2PR. Or firstname.lastname@example.org if you have any questions.
Types of personal data we collect and use
We will use your personal data for the reasons set out below. We will collect most of this directly during the registration and/or admission process but there may be sources of personal data collected indirectly as set out later in this policy. The personal data we use may include:
- Your name, address and contact details, including email address and home and mobile telephone numbers, date of birth and gender
- Your previous and current medical health records, whether provided by HCA UK or other third parties
- The terms and conditions of your contract with us for the provision of healthcare and related services
- Information about your marital status, next of kin, dependants nominated and/or emergency contacts
- Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments
- Information about medical or health conditions of your family
- Information received in response to any surveys or complaints claims
- Equal opportunity monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief
- Information about how you use our website.
If you are a consultant, doctor or other healthcare provider not employed by HCA UK, we will also hold and process other information relating to the clinical services you carry out.
Dr Stephen Motto may collect this information in a variety of ways. For example, data might be collected through Registration and Admission forms; online web forms completed by you at the start of your treatment; from correspondence with you; through the Admission and Registration process or through interviews, meetings or other assessments.
Dr Motto may collect personal data about you from third parties, such as insurer providers, referral agencies, sponsors and checks permitted by law.
Providing your personal data
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide care and treatment and receive payment for these services.
Using your personal data and the legal basis for processing
We will process your personal data under Article 6 (1) and Article 9 (2) of the General Data Protection Regulations:
- To support the provision of your healthcare
- To decide how best to provide treatment to you
- As necessary to support the healthcare contract with you and to allow us to receive [full] payment for those services
- To take steps at your request during the course of your treatment
- To keep your records up to date
We will process your personal data under Article 6 (1) f of the General Data Protection Regulations:
As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
- For good governance, accounting, and managing and auditing our clinical and business operations
- To monitor emails, calls, other communications, and activities on HCA UK networks and systems
- For market research, analysis and developing statistics for improving clinical performance
As necessary to comply with a legal obligation:
- When you exercise your rights under Data Protection Laws and make requests
- For compliance with legal and regulatory requirements and related disclosures
- For establishment and defence of legal rights
- For activities relating to the prevention, detection and investigation of crime
- To verify your identity, make credit fraud prevention and anti-money laundering checks; and
- To investigate complaints, legal claims and data protection or clinical incidents.
Based on your consent:
- If you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures
- When we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).
You are free at any time to change your mind and withdraw your consent. The consequence might be that we cannot continue to provide full healthcare services to you.
Sharing of your personal data
Subject to applicable Data Protection Laws we may share your personal data with:
- Consultants, doctors and other healthcare professionals who provide treatment to you at our facilities
- Other healthcare providers where we feel this will enhance the quality of your care
- Companies and other persons providing services to you as part of your extended care
- Our legal and other professional advisors, including our auditors
- Fraud prevention agencies, credit reference agencies and debt collection agencies
- Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators and the Information Commissioner’s Office (ICO)
- Courts, to comply with legal requirements, and for the administration of justice
- Third parties in an emergency or to otherwise protect your vital interests.
- Third Parties to protect the security or integrity of our business operations and other patients.
- Third parties when we restructure or sell our business or its assets or have a merger or re-organisation
- Payment systems and providers; and
Anyone else where we have your consent or as required by law
Sharing of your personal data to contribute to the review and publishing of information about the quality and cost of privately funded healthcare
Subject to applicable Data Protection Laws HCA UK is required to provide hospital performance data to the Private Healthcare Information Network (PHIN), which publishes information on the quality and cost of privately funded healthcare.
PHIN’s goal is to help patients make more informed choices about where to go for treatment.
HCA UK will not supply your name, date of birth, or full address to PHIN. PHIN is only concerned with understanding the treatment that hospitals and doctors provide, whether that treatment was safe and effective, and whether there were any complications.
Any processing of personal data shall be made in accordance with the Data Protection Laws.
Publication will be made via the PHIN website in a format that will allow patients requiring hospital treatment and their doctors to search for local private hospitals by procedure and to compare how they perform in terms of quality and safety based on treatment data. Individuals are then able to make informed choices; which consultant to see, which treatment option to follow, and which hospital they would like to be treated at. This information will not be in a form where individuals can be identified.
An additional reason for obtaining the NHS Number relates to HCA UK’s intention to access the UK Child Protection Information Sharing (CPIS) system in order to facilitate the sharing of information between health and local authorities where a child may be at risk of being neglected, maltreated or abused.
Dr Stephen Motto ensures all the information he holds is kept safe and confidential.
You have the option to withhold your personal information, in which case we will only share an anonymised record of your treatment to PHIN, but will not provide your NHS Number (or equivalent) or postcode.
If you tell us that you are not happy for HCA UK to pass on your NHS Number and postcode to PHIN we will indicate this on your Registration Form.
If you subsequently change your mind, please contact Judith Motto : Judith.email@example.com
Sharing of your personal data for research purposes
Subject to applicable Data Protection Laws and your explicit written consent we may share your personal data for the purpose of scientific research.
Dr Motto will not share your data for marketing purposes.
Dr Motto may contact you to ask if you will take part in a patient satisfaction survey in order to ensure that Dr Motto’s quality of care is always improving.
We will not sell your personal data to a third party without your written consent.
You are free at any time to change your mind and withdraw your consent. Please contact Judith.firstname.lastname@example.org. This will not affect the healthcare services we provide to you.
How long do we keep your data?
Information will be kept in in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records
Management Code of Practice
for Health and Social Care (2016). Information may be held for longer periods where the following apply:
- Retention in case of queries. We will retain your personal data as long as necessary to deal with any queries you may have
- Retention in case of claims. We will retain your personal data for as long as you may legally bring claims against us
- Retention in accordance with legal and regulatory requirements. We will retain your personal data after you have received healthcare services at our facilities based on our legal and regulatory requirements.
Your rights under applicable data protection law
Your rights are as follows (noting that these rights do not apply in all circumstances):
- The right to be informed about processing of your personal data
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
- The right to object to processing of your personal data
- The right to restrict processing of your personal data
- The right to have your personal data erased (the ‘right to be forgotten’)
- The right to request access to your personal data and information about how we process it
- The right to move, copy or transfer your personal data (‘data portability’)
- Rights in relation to automated decision making including profiling
You may exercise these rights by contacting us on Judith.motto@ hcaconsultant.co.uk
You have the right to complain to the Information Commissioner’s Office (ICO). It has enforcement powers and can investigate compliance with Data Protection Laws. Visit ico.org.uk for more information.
When you visit The Sports Injury Diagnosis Clinic website, we track your website activity using Google Analytics. This helps us collate information such as the date and time at which you accessed our website, the source from where you found us, the content pages you visited, the website browser you used, etc. This information is used to determine the number of visitors to our website and to help us make it more user-friendly.
We are committed to keeping any information you pass on to us in complete privacy. We do not and will not give or sell personal client information to any third parties.