Data Privacy Policy

Introduction

In order to provide effective healthcare, it is necessary and correct that we collect and store personal data on you. This information will include your name, date of birth, address and your GP as well as your health insurance policy details, if you have provided any. It will also include any personal information you provide during your consultation, some of which might be deemed sensitive (personal health information, beliefs, religion, sexuality etc.). We wish to assure you that this information will only ever be used for the provision of your healthcare and not for any other purpose. It will never be shared with any third party other than those directly involved with your healthcare, as detailed below.

Data storage

• All of our medical records are stored securely using a dedicated Electronic Patient Record Management system called Cliniko, run by Red Guava. This adopts a strict security policy and is entirely GDPR complaint, even though the servers are held in Australia.
• A local copy of your data is also kept on a secured laptop which is protected by a biometric password, as a secure backup for the event of loss of online access. Similarly, any clinical photographs or videos taken during your consultation will be stored on this password-protected laptop.
• If any part of your care happens in the Jersey General Hospital then it is hospital policy that a copy of the notes relevant to that episode of care are kept in your Hospital case-file also, as a legal record should they need to refer back to them.

Data release

• We will communicate directly with your named General Practitioner throughout your episode of care, unless you expressly ask us not to.
• We may communicate directly with other healthcare professionals if we think it is necessary in the interests of your care. We will usually ask your permission to do so first, although this is not always practicable.
• We may, on occasion, be required to provide information regarding your healthcare to your healthcare provider/insurance company. However, we will only do this with our written consent or by asking you to provide/forward the information yourself, thus implying consent.
• If any aspect of your care is provided in hospital, is necessary to release data to the hospital, although, in reality. most of that information will already be held on your hospital record.

Your rights

We, as data controllers, and Red Guava, as our data processors, strive to be fully GDPR compliant. As such, you have certain rights bestowed upon you, as a data subject. These include:

• the right to view all the data that we hold on you and to have a copy of that data
• the right to determine to whom that data is released
• the right to request correction of any of that information, upon receipt of proof, where necessary
• the right to request the deletion of all data held on you (“the right to be forgotten”)

For more information on these rights and how to action them, please follow the link to our data processing agreement with Red Guava.

Your duties

• It is your duty to inform us if any of your details change, including your named GP. Until you do so, the information held on you will remain as provided at your initial consultation.
• It is your duty to inform us of information you do not wish to be released, or of any person to which you do not wish that information released.

Data privacy policy agreement

• A copy of our Data Processing Agreement with Red Guava is available here.
• A copy of the Privacy Policy of Red Guava is available at www.cliniko.com/policies/privacy