What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation intended to strengthen and unify data protection for all individuals. At Newry Private Clinic, we are committed to ensuring the protection of your personal information. In accordance with GDPR guidelines, our aim is to have safeguards in place to protect your privacy and ensure that you feel confident about the security of the personal data which you provide to us.
Data Protection Privacy Notice
This privacy notice is to let you know how our clinic will look after your personal information. If we provide you with a medical or nursing service, then we will use your personal information in the ways set out in this privacy notice. Under Data Protection Laws, we can only process your personal information where we have a proper reason for doing so, such as:
• It is in our legitimate interests to do so – for example a legitimate interest is when we have a reason to use your information to enable your consultant to provide treatment or care and order medical tests
• We are required to do so by law i.e a legal obligation
• You have entered a contract with us for a service – for example processing credit card payment
• In the public interest – where this has a clear basis in law
• Vital interests – for example protection of life in a medical emergency
What personal data do we collect?
Newry Private Clinic use information to support and monitor our services to enable the delivery of high-quality healthcare. This type of information will usually be provided in an aggregate or anonymised form, so that we cannot identify an individual.
Newry Private Clinic may ask for and hold various details of personal information regarding yourself which will be used to aid in the delivery of appropriate care and treatment. Personal data is any information that is identifiable as belonging to you.
Newry Private Clinic will request personal data from patients attending the clinic for an outpatient appointment, for the sole purpose of creating a medical file on the individual patient. The personal data held on file will be shared with The Consultant with whom the patient is attending.
When relevant, the Medical Insurance Company with whom the patient is insured The Private Healthcare Information Network – we have a legal requirement under CMA Private Healthcare Market Investigation Order 2014 to provide data on some theatre procedures – when you attend the clinic, you have the option of anonymising this.
Personal data collected may include:-
• Patient’s name
• Date of birth
• Insurance Policy Number
• Contact telephone number
• GP name & address
• Private health insurance company, account number and authorisation code
• Medical records of your appointment at Newry Private Clinic
• Bank details
• Email address
In addition we may also ask and retain data for the following:
• All details relating to any previous, current or planned treatment and care,
including all notes and reports relating to your health
• All Healthcare results such as X-ray, CT or MRI results, blood tests etc.
• Marketing preferences relating to group services and products
• Education, training, mostly frequently of clinicians such as GPs
• Employment details, for example for those that work for us either directly or are
commissioned by us to provide a service
• Responses to surveys, where individuals have responded to surveys about
healthcare issues, service levels, training courses or other group company
• User IP addresses in circumstances where they have not been deleted, clipped
• Payment information including card details
• Any further information that you choose to tell us
• The following may also be collected in certain circumstances:
• Sensitive personal data such as race, ethnic origin, political and religious
beliefs, sex life, sexual orientation, genetic data and biometric data
• Further health related information such as whether or not you have a disability or other health conditions, such as allergies. Vaccination status. The information and data described above is collected in a number of different ways and can include:
• Information directly given to us by yourself by email, phone, letter etc.
• Information provided by a parent, carer or guardian
• Information provided from healthcare professionals such as treating consultants, your GP, dentist or physiotherapist
• Information received from Northern Ireland Health and Social Care Trusts • Information provided by an employer, insurer,
• Marketing opt ins
• Completed satisfaction surveys
• Registration or booking online for any of our or services.
• Voluntarily complete a customer survey or provide feedback on any of our website or via email.
• Debt collection agencies or government agencies
• Use or view our website via your browser’s cookies. In order for us to provide your health assessment, care and/or treatment, we ask that you provide as much information to us as you can.
You are of course free not to disclose information to us and you should only provide such information as you feel comfortable doing so. Please bear in mind, however, that if you are only willing to share limited information, we may not be able to provide you with a full health assessment or the full range of care and treatment (as applicable), and that could mean being unable to see you at the hospital or clinic (since we may not be able to share your information in the way required in order to provide your health assessment, care or treatment, or run our business (for example, billing) and comply with our legal obligations).
Why do we collect data and who are the recipients of that data?
We collect data to provide details to the Consultant in charge of your care and to enable the Consultant to provide continuing care via your General Practitioner. Financial and health insurance data is collected for the purposes of payment of your medical bills.
How long will the data be retained?
Data will not be retained for any longer than is required. We will retain your medical records for 7-10 years, as required by our insurance provider and as required by regulations (Access to Health Records Legislation (NI) Order 1993 and Records Management – Good Management Good Records. DHSS revised October 2015).
The information about you that we hold and use is held securely and stored in paper format and on our secure servers. We retain your records for certain periods (depending on the particular type of record) under our retention of records policy. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care; to support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate interests, and to meet legal requirements. Your records may be transferred to an off-site storage provider. Your records may not be retained in hard copy form where a digital copy exists. If you would like more detailed information on this, please contact our Data Protection Officer (contact details below).
Individual rights under GDPR
You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below.
1. Right to be Informed – This is provided through the privacy notice on our website and in the patient information file in the waiting room.
2. Right of Access – You have the right to access your personal data and supplementary information. We will aim to respond to any request received from you within one month from your request, although this may be extended in some circumstances in line with Data Protection Laws. If you wish to obtain access to your file, you must write to us at the address below. Access to your data will usually be provided free of charge, although in certain circumstances we may make a small charge where we are entitled to do so under Data Protection Laws.
3. Right to Rectification – The right to ask us to correct your information if you think the information that we hold about you is wrong or incomplete. We will respond within one month.
4. Right to Erasure – The right to object to our use of your information, or to ask us to delete, remove or stop keeping it if there is no need for us to keep it. This is known as the ‘right to object’, the ‘right to erasure’ or the ‘right to be forgotten’. There may however be legal or regulatory reasons why we need to keep or use your information.
5. Right to Restrict processing – We may sometimes be able to restrict the use of your information so that it is only used for legal claims or to exercise legal rights. In these situations, we would not use or share your information while it is restricted.
6. Right to Data Portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
7. Right to Object – Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority. There is a contractual requirement when patients attend Newry Private Clinic for their personal data to be processed in order to provide medical care and treatment. You may object to the use of your personal data being given to the Public Healthcare Information Network – this can be anonymised and is provided for in the theatre admission process.
8. Right not to be evaluated on the basis of automated processing – Patients who attend Newry Private Clinic will not be evaluated on the basis of automated processing nor is any decision making automated.
How your information and data is used?
• To ensure that you receive safe, effective and appropriate treatment
• To assist in decision making surrounding your care
• To ensure effective working with other organisations e.g. the Health and Social Care Trusts, who may be involved in your care
• To ensure that our services meet your current and any future needs
• To ensure that the care we provide is to the highest standard and can be reviewed as necessary
• To provide you with any goods and/or services that have been ordered
• To contact you with regards to any enquires that have been made
• Marketing activities for example to send you other Newry Private Clinic information such as courses, newsletters or product releases that we feel may be of interest to you
• For Research and Audit purposes
• To prepare statistics on performance
• In order to train Healthcare Professionals and support staff
• To help us to establish, exercise, or defend legal claims
• To collect payment
Who will your information and data be shared with?
To enable us to fulfil our duties and ensure that the best care possible is provide we will need to share information about you with others. We may need to share your information with a range of other parties including Health and Social care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason, the organisation will have a duty to be able to tell you why they are contacting you. Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of organisations:
• Regulators – RQIA, MHRA
• Commissioning bodies – NHS, HSE
• Government agencies – DVLA, HMRC, PSNI
• National databases -e.g. PHIN, NHS England Breast Implant Registry
• Newry Private Clinic employees and associates (see below)
• External companies necessary for the delivery of health assessment, treatment and care such as laboratories for blood or tissue testing and blood banks
• Other third-party service providers who perform functions and tasks on our behalf (including debt collection, external consultants, transcription services, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants)
• Card payment processing
• Third-party outsourced IT and document storage providers
We will share your medical information with those involved in your health assessment, care or treatment (such as doctors, nurses and physiotherapists) for medical purposes (including the provision of health assessments). Some of our nursing staff and the resident doctors in our hospitals are provided by specialist staffing agencies. Consultants (such as surgeons, anaesthetists and radiologists) and their medical secretaries. We try to ensure there is a single patient record for each patient who is seen at one of our facilities, whether as an inpatient, outpatient or day case and we ask consultants working at our facilities to ensure a copy of their records, including consultation records, is included in each patient's records at the hospital. We may also share relevant parts of your medical information with your GP, Consultant, dentist, NHS hospitals, other private hospitals and the organisation paying for your treatment (for example your insurance company, embassy, employer or NHS commissioner). For our health assessment clients who come to us through their employer's health assessment benefit scheme, please be assured that we will not share your medical information with your employer.
We may share information about you with anyone you have asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin). Where sharing patient information is shared with other organisations, an information sharing agreement will be drawn up to ensure that all information that is shared is done so in a way which complies with all relevant legislation.
Where you have provided consent
You may choose to opt in to receiving information about other services Newry Private Clinic offers by social media, AdWords, post or email. In this case, your consent or decision to opt in is entirely voluntary. Should you decide not to consent or opt in or should you change your mind at any time, you do not need to give a reason and your medical care and legal rights will not be affected. You can opt-out by clicking on the 'unsubscribe' button in all our marketing communications. Apart from this limited instance, we do not hold or share information about you based on (or at least solely on) consent.
Please Contact Newry Private Clinic for further information.
Newry Private Clinic, Windsor Avenue Newry Northern Ireland
Tel: +44 (0) 2830257708