At The Homeopathic Clinic your privacy is important to us. We take great care to safeguard the personal information provided by our patients and to process such data fairly and lawfully in accordance with data protection regulations and clinical confidentiality guidelines. This Privacy Policy explains details of what personal and special data (personal information) we collect from you, the lawful basis we have for processing your data, what we do with it, how secure it is and who we might share it with. In this policy ‘Personal Data’ includes any information relating to an identified or identifiable person e.g. names and addresses, dates of birth and telephone numbers and ‘Special Category’ are personal data which reveal the health status of an individual.
Why we collect information about you
At The Homeopathic Clinic we aim to provide you with high quality care. Our lawful basis for collecting and processing your data is that it is necessary for the provision of care and that processing the data we hold is in the vital interests of our patients. In order to provide you with healthcare we must keep records about you, your health and the treatment we have provided or plan to provide to you i.e. both personal and special categories of data. The information we collect may include:
- basic details about you such as your name, address and date of birth
- contact we have had with you such as consultations
- notes and reports about your health that you have given to us or have given us express permission to get from a third party
- details and records about your treatment and care
- results of any tests e.g. blood test results
How your records are used
Our practitioners use your records to:
- provide a good basis for all decisions made in consultation with you
- deliver appropriate care
- contact you from time-to-time with other information about the practice
Disclosure
At The Homeopathic Clinic we maintain our duty of confidentiality to you at all times. We will not disclose your personal information to a third party without your consent, other than when it is required to deliver the service we provide e.g. if you pay your account using a debit or credit card your details will be shared with the card payment company. Your details will never be shared with another company for marketing purposes. The practice will only disclose your personal information to a third party without your consent when it is required to do so by law e.g. under a court order or if it is justified in the public interest.
Security of your personal information
We take the security of your personal information very seriously and have taken appropriate measures to prevent unauthorised access or information being lost, damaged or destroyed.
In order to support the delivery of our service we may, on occasion, use third party companies e.g. to manage our healthcare software, to process payments and for the confidential destruction of patient records. In every instance these companies are contractually obliged to be operating within General Data Protection Regulations (GDPR) guidelines.
We use Semble to store our patient demographics and limited clinical notes electronically, which has the highest level of security rating, commensurate with any healthcare software provider. Its data centres are based in London and are compliant with all necessary legislation. Data is fully encrypted, using the same technology as online banking and credit card transactions and known to be the most secure system available. All data is securely backed up.
Personal information which is held in paper files is stored securely.
All of our staff receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.
In the unlikely event of a data breach involving your personal information and affecting your privacy rights, a report will be made to the Information Commissioner’s Office (ICO) within 72 hours.
Online security and use of cookies
The Homeopathic Clinic does not capture and store any personal information about individuals who access its website, except when personal details are given voluntarily either via email or using an online form. Any information provided in this way is used exclusively by the practice to provide you with information about our services. Personal information will never be disclosed to a third party for marketing purposes.
It is not possible to guarantee the security of personal information transmitted over the internet and any information submitted on our website or by email is at your own risk. By submitting information to us in this way, you agree to its transfer, processing or being stored. Any information received in this way will be treated securely and in line with this policy.
When you enter the clinic website your computer will automatically be issued with a cookie. Cookies in themselves do not identify the individual user, just the computer being used. Many websites use cookies whenever a user visits them in order to track traffic flows. Cookies from the clinic website will no longer be stored on your computer once your browser is closed.
The cookies on the clinic website are only used to identify your computer to our server in order to do the following:
- monitor which areas of the site you use during your visit so that we can assess which areas of the site are of most interest and plan future development accordingly
- provide online services which provide information to be passed from page to page during the course of their execution
You are able to set your computer to notify you when a cookie is issued or to not receive cookies at any time. If you decide to not receive cookies it means that certain personalised services cannot be provided to you.
By using the clinic website you consent to our use of cookies.
Your rights
You have a right under GDPR to view information the clinic holds about you, to have that information amended should it be inaccurate or to have it erased. In general, if you would like to see your information, request any changes or have your record erased then you should contact the clinic in writing. You will receive a written reply within one month. It may be possible, however, to make some simple changes e.g. correcting a telephone number, by contacting a member of the reception team. Other than for simple changes you may be required to provide appropriate evidence of your identity (for this purpose we will normally accept sight of your original passport, or a copy certified by a solicitor, plus an original copy of a utility bill dated within the last 3 months showing your current address).
There may be exceptions to your right to view your record or have it amended or deleted e.g. if you request a copy of your medical record and a practitioner believes that it contains information that, if released, might cause serious harm to your physical or mental health, or to that of any other person, this information may be redacted. In addition, any information from, or identifying, a third party will be removed unless consent has been received from the third party that it can be included. Medical records are also required by law and practice policy to be kept for a minimum period of time and cannot be deleted before this. You do, however, have the right to opt out of receiving any contact from the practice at any time. Furthermore, if you request an alteration to your record but your practitioner believes that it represents a fair account of your diagnosis and treatment, then the practitioner is not obliged to alter your record in any way.
If you are unhappy about the way in which your data is being handled by the clinic you have the right to complain to the ICO.
Contact
If you have any queries about this policy, please contact the clinic who will be happy to help.
Data Controller
For the purposes of GDPR the data controller is Dr Gabriella Day