35 Devonshire Place, London, W1G 6JP

Private Consultant Dermatologist 0845 154 3260
Menu
Private Consultant Dermatologist
Contact Us

 

Privacy Policy

Our Privacy Notice - How we use and share your information

The Harley Street Dermatology Clinic, identified in this document as “We, Us, Our” is committed to making sure that our data subjects’, identified as “You, Your” data is safeguarded and you’re aware of the rights you hold when your data is being processed by us.

Our privacy policy is compliant with the principles of General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). We are registered with the Information Commissioner’s Office (ICO) under the Data Protection Register, our registration number is: ZA116656.

Harley Street Dermatology Clinic Company is the Data Controller of the data it holds about its patients and staff. Us and Chits UK are Data Processors and are responsible to ensure our data is collected and stored in compliance with GDPR.

Glossary of Terms:

GDPR – General Data Protection Regulation. New data privacy and protection regulations replacing the individual data protection laws in all EU countries on 25th May 2018.

Health Record – Your health record is a history of your healthcare, including treatments, medication, allergies, test results, X-rays and scans.

Consent – Freely given, specific, informed and explicit consent by statement or action by the patient, staff member or any person signifying agreement to the processing of their personal data.

Controller – The Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor – A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Subject – Any individual we deal with such as a patient, or doctor, whom the particular personal data is about that we obtain.

Data Protection Officer (DPO) – An expert on data privacy who works independently to ensure the business is adhering to the policies and procedures set forth in the GDPR.

Personal Data – Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

Processing – Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.

Right to be Forgotten (RTBF) – Also known as 'right to erasure'. Entitles the data subject to have the clinic erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.

Making your health record work for you

The Harley Street Dermatology Clinic needs to keep a record of the care you receive to ensure that:

  • Professionals involved in your care have accurate and up-to-date information.
  • We have all the information necessary for assessing your needs and providing excellent care.
  • Your concerns can be properly investigated if you raise a complaint.
  • Accurate information about you is available if you:
    • Move to another area;
    • Need to use another service;
    • See a different healthcare professional.

Your record

We have a duty to:

  • Maintain full and accurate records of the care we provide to you.
  • Ensure that your records are confidential, secure and accurate.
  • Provide a copy at your request that is an accessible format (e.g. in large type if you are partially sighted). Your record may include some or all of the following:
  • Your name, address and date of birth;
  • Contact we have had with you, such as appointments;
  • Notes and reports on your health
  • Details of treatment and care, images and test results
  • Information on medicines, side effects and allergies
  • Relevant information from people who care for you and know you well, such as health professionals and relatives
  • The staff who see you may also add notes on their professional opinion

If you wish us to, and it is practical, we will discuss and agree with you what we are going to enter on your record and show you what we have recorded.

Identifying you as an individual

We have many patients with similar names so it vitally important for all patients to be properly identified as individuals. In order to be absolutely sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items include:

  • Full name
  • Date of birth
  • NHS number
  • Permanent (home, not a temporary) address

How you can help us to keep your health record accurate

  • Let us know when you change address, telephone number or name.
  • Tell us if any information in your record is incorrect.
  • Give your consent so that we can share information about you with other health professionals to make sure you receive the right healthcare.
  • Tell us if you change your mind about how we share the information in your record.

How Harley Street Dermatology Clinic uses your contact details

We take your privacy seriously so please let us know how you want us to contact you.

Telephone

If you provide a mobile phone number: we may ring, leave a message or text you, please inform us if you do not want us to do so.

If you provide a landline: we may leave a message, please inform us if you do not want us to do so.

Email

If you provide us with your email address: we may use it send confidential health information, unless you have instructed us not to do so.

Please read the following before providing us with your email address:

Email Encryption:

For the purpose of sending sensitive and confidential medical information such as medical reports, referrals and test results we use EGRESS email encryption. Egress are compliant with information security standards, including the Data Protection Act and the EU GDPR.

This encryption allows us to stop further access to content you send, prevent data breaches, and control your data at all times. With this software we ensure end-to-end encryption between healthcare professionals, internal clinic staff and our patients, regardless of third parties’ access to our general email intranet. Sensitive documents and files will be received from us in encrypted emails.

We have full visibility over everyone accessing shared information and what they do with it by implementing all-inclusive audit logs.

Further Email Information:

  • Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). However, although our own systems are secure, it may be possible to intercept your email when it is being sent over the internet. Be aware also that if you share your computer, others may read your emails.
  • You can use email as a method to contact staff in relation to a query or to ask about an appointment.
  • Do not give more personal information than we need to process your request.
  • Do not ask us to send you medical details that you would not want seen by other people.
  • If you have an urgent question or feel unwell after going home after treatment contact an emergency service e.g. 111 NHS emergency service or 999 for life threatening conditions by telephone, do NOT email.

How your records are kept

Our guiding principle is that we hold your records in strict confidence. We use appropriate technical and organisational measures to ensure this.

Harley Street Dermatology Clinic Company is registered under the Data Protection Act 1998. It abides by the law and observes good practice in maintaining confidentiality and appropriate information security.

We will fulfil its obligations under this Act to the fullest extent, including ensuring that the following 8 principles governing the processing of personal data are observed.

  1. Personal data shall be processed fairly and lawfully;
  2. Personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes;
  3. Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed;
  4. Personal data shall be accurate and, where necessary, kept up to date;
  5. Personal data shall be kept for no longer than is necessary for the purposes for which it is processed;
  6. Personal data shall be processed in accordance with the rights of data subjects under the Act;
  7. Personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage;
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection.

Harley Street Dermatology Clinic is also registered with the Care Quality Commission (CQC). This means that we are subject to ongoing inspection and regulation by the CQC. This includes checks by the CQC that we are observing all necessary and statutory guidelines for use of your data in line with Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (Part 3).

Information about you and the services you receive may be held in numerous formats and will be kept for the specific retention periods outlined by the relevant professional bodies. Harley Street Dermatology Clinic Company uses secure electronic systems to store medical records, images and details of prescriptions. Patient data held on paper or disk will be processed in accordance with the Data Protection Act and destroyed using secure documented procedures after the time periods set out by the Department of Health.

How your records are used

We use your records to:

  • Ensure that any treatment or advisory services we provide to you are based on accurate information.
  • Send a letter about your care to your GP or other health professional at the end of your treatment, unless you tell us not to do so.
  • Work effectively with other services providing you with treatment or advice.
  • Monitor the quality of our care and help us to understand the outcomes of care.
  • Investigate any concerns or complaints you or your family have about your health care.
  • Provide information that is needed for financial transactions in relation to payment for treatment, such as billing. For private patients this may include details shared with your insurance company. If you have any concerns about this, please contact your insurance provider.

Anonymised data

  • We may remove your name and other details that could identify you so that we can use the information in your record anonymously to:
  • Monitor and improve the quality of care received by patients;
  • Protect the health of the general public, for example we may share anonymous and aggregated patient information with organisations such as the National Institute for Clinical Excellence and the Cancer Registry for research or statistical purposes;
  • Train and educate staff.

Wherever possible, we anonymise your data or use a quasi-identifier such as your patient or NHS number.

Sharing your health record

The Harley Street Dermatology Clinic Company has a Caldicott Guardian who is responsible for protecting the confidentiality of patient information and making sure that information is shared where this is appropriate.

  • To make sure you receive all the care and treatment you need, we may need to share the information in your health record with other staff and organisations. This could include:
  • Other healthcare professionals, such as doctors, pharmacists, and pathology and radiology staff involved in the analysis and reporting of diagnostic tests;
  • Other hospitals and private sector organisations involved in your care;
  • Local authority departments;
  • Voluntary organisations providing on-going support;
  • Administrative support staff.

Please note that anyone who receives information from us also has a legal duty to keep it confidential.

We may also share information that identifies you where:

  • You ask us to do so;
  • We ask for specific permission and you agree to this;
  • We are required to do this by law;
  • We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed). The Harley Street Dermatology Clinic Company does not give the names and addresses of patients to other organisations except under the circumstances described in this Privacy Notice. Unless you have signed an additional consent, Harley Street Dermatology Clinic Company will not contact you after your visit for purposes other than:
    • Follow up of care;
    • Collecting your views about your stay with us;
    • Settlement of any account that may be due, if appropriate;
    • Complaints and concerns handling.

Sharing information with your family and friends

We will normally share information about the progress of your treatment with the person you name as your Emergency Contact, unless you have told us not to do so. Your emergency contact should be someone that you trust. It does not have to be a blood relative; it can be a friend. We ask patients to name their emergency contact so that we know who you would like us to keep informed about the care we provide or the decisions we need to make. In identifying your emergency contact, you are giving us permission to keep them informed. However, please note that since our Company provides principally diagnostic services only, it will not generally be appropriate for us to give general information about a patient’s health and such requests therefore should be directed to the patient's own General Practitioner or other health professional responsible for the patient’s care.

You can also name other people, with whom you would like us to share information about you. We make best efforts to ensure that information provided over the telephone is restricted to those you have named and we share on a need-to-know basis. Sometimes this means refusing to disclose information about you to someone who feels they should know about your treatment and progress. Please make your family and friends aware of this.

Special situations

Sometimes we have a legal duty to provide information about people; examples are reporting some infectious diseases, and when a court order instructs us to do so. Records may also be shared without the patient's consent in exceptional situations, such as to safeguard adults or children.

External Regulation

The Care Quality Commission is the independent regulator of health care and they also protect the interests of people whose rights are restricted under the Mental Health Act. They routinely inspect our premises to quality check information we hold and the services we provide in line with the Health & Social Care Acts. This is designed to ensure that patients using services are protected and receive the care, treatment and support they need. These inspectors have the authority to access personal information without the permission of patients.

Sharing your records outside the EU

If your permanent address is outside the EU, or your treatment is continuing outside the EU, we may send details of your treatment to individuals based outside the EU specifically to promote your ongoing care. This would normally be the doctor who referred you to us for treatment. If you wish, we can give you the documents so that you have physical control over this information.

In the usual course of our business, we may use third parties to process and store your data on our behalf. We normally store your data on secure servers in the European Economic Area (EEA). Such processing is subject to contractual restrictions with regard to confidentiality and security in addition to the obligations imposed by the Data Protection Act 1998.

Exceptionally we may use suppliers who are based outside the EEA for processing and storing your data. We have strict controls over how and why your data can be accessed. By submitting your personal data, you agree to this.

Where necessary we may transfer personal information overseas for processing to support the long- term effectiveness of treatment and monitor patient outcomes. Personal information will be processed in this way where it is not possible to achieve this purpose with the use of anonymised or pseudonymised information only.

How can I stop my information from being shared?

Harley Street Dermatology Clinic is a clinical diagnostic service which acts to provide information principally for other health professionals who have requested this since they require further detailed investigations on their patients. So naturally we will normally need to share this information with your doctor who has referred you to our service.

If you do not want us to share your information with your GP, other healthcare providers or carers, please tell the team looking after you. But please note that not sharing your information may affect the care that can be provided for you.

You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. Where your wishes cannot be followed you will be told the reasons including the legal basis. You may at any time withdraw any consent you have previously given to Harley Street Dermatology Clinic Company to process information about you.

If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with your clinician, or email to sarah@hs-dc.co.uk typing ‘Opt Out Request’ in the subject line of the email.

Your legal rights

You have the right to confidentiality under the Data Protection Act 1998 (DPA), the Human Rights Act 1998 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply.

You have the right to request the erasing of your data under the policy Right to Erasure (‘right to be forgotten’) in article 17 of Chapter 3 of the GDPR (EU) 2016/679.

You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.

You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:

  • The right to obtain a copy of your record in permanent form;
  • The right to have the information provided to you in a way you can understand, and explained where necessary, for example where abbreviations have been used. You would not be entitled to see information that:
    • Has been provided about you by someone else if they haven’t given permission for you to see it.
    • Identifies another person who has not given permission for you to see the information about them.
    • Relates to criminal offences.
    • Is being used to detect or prevent crime.
    • Could cause physical or mental harm to you or someone else. If you are currently receiving services from us and wish to view the record without obtaining a copy, discuss your request with the clinician in charge of your care.

Obtaining a copy of your record

If you wish to apply for access to the information we hold about you. Please note:

  • You should send your request in writing to the Harley Street Dermatology Clinic Company Data Protection Officer, details are in the Useful Contacts section.
  • You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth, Harley Street Dermatology Clinic Company unique identifier number and NHS number (if known).
  • We will take every reasonable step to respond to you within 40 days of receiving your request.
  • You may be required to provide a form of ID before any information is released to you. Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.

Currency

This Privacy Policy is effective immediately after being posted on this webpage and will remain in effect until further notice.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

Further Questions or Complaints

If you have any further questions or complaints about this Privacy Policy, or if anything is not clear, please let us know. You can contact our Data Protection Officer via e-mail as listed below.

Useful Contacts

Data Protection Officer:

sarah@hs-dc.co.uk Sarah Sheridan, Practice Manager

Information Commissioner’s Office (ICO)

The Information Commissioner’s Office, Wycliffe House, Cheshire, SK9 5AF
Helpline: 08456 30 60 60
Website: www.ico.gov.uk

You also have a right to complain to the Information Commissioners' Office, the UK's data protection regulator. You can find out more about this right here: https://ico.org.uk/concerns/

Highest quality treatments with peace of mind and the best possible care

Private Consultant Dermatologist Did you know?

Private Consultant Dermatologist
Most moles are not a cause for concern and present a purely cosmetic problem. However, moles can occasionally undergo changes that lead to them becoming cancerous.
Private Consultant Dermatologist
Acne is a common condition characterised by blackheads, whiteheads and cysts. It affects the greasy and hair-bearing areas such as the face, chest and back.