As your consultant I am obliged to keep medical records and communicate with other healthcare professionals including but not confined to your general practitioner, nursing staff, physiotherapists and other hospital doctors. I also have an obligation to protect your data.
I act as a data controller. In order to invoice, interact with insurers and fulfil my obligations with HMRC, and I need to share your data (including name, date of birth, email, address and telephone numbers) with my secretary and medical insurance companies. The details are outlined below:
The details regarding your medical conditions are confined to investigations, procedures undertaken at The Warwickshire Nuffield, BMI Meriden Hospitals or The Grafton Suite and dates of attendance for consultation or surgery only. This information will only be shared by me and my team with the people / companies mentioned above for the purposes of invoicing you, insurance companies or other health care providers. This will only be done by email or post and through a password protected database.
Details of your name, address and telephone numbers are provided only to my secretary and medical insurance companies where a patient is paying for their treatment via a medical insurance policy. This will only be done by email or an on-line service (Dropbox© or Healthcode©) and held on a password protected database in order to comply with HMRC audit purposes. This will only be kept for a reasonable period following your ongoing care.
In order to comply with General Data Protection Regulation (GDPR) https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/, I need to make you aware of the use of your data for these purposes and seek your consent to do so.
By giving me your email address, you are consenting for me to use this address for correspondence about your requests for treatment, your medical history and any other information that you provide. Some patients request pre and post operative photographs, which are also sent to you by email, if you wish.
You acknowledge that you have understood the need to share your data for the purposes outlined above, that you have a right to request what data is held about you and that you have a right to withdraw your consent to share this data at any time.