This policy explains how I use your personal information.

Your Information

I will ask you for your personal details (name and date of birth) as well as contact details (home address, home telephone, mobile number and email).

I use this information to manage your healthcare. I may need to be able to get hold of you to give you information and it is important that you are happy to be contacted by me or my secretary.

Sharing Your Information

My normal practice is to write to your GP after your appointment to update them on your care. I may share your information with other clinicians if you need to be referred on, however this will be discussed with you. Your personal information and medical records will also be kept by the hospital you are treated at eg Spire Hospital Norwich (Spire privacy policy is available here.)

If you are using an insurance company policy, administrative data will be used for billing. However, no clinical information about your care will be passed on without your consent. If an insurance company contacts me for information and you have not given prior consent, I will pass the report to you. It will then be up to you to decide if you wish to forward it to them. However, please note, failure to provide your insurer with information they require could result in their refusal to pay for your treatment leaving you liable for the costs.

How Long Do I Store Your Data?

You may need your medical history and correspondence at a later date; therefore I will keep your information on our secure system (end-to-end encrypted files, GDPR compliant). Medical records will be destroyed 8 (eight) years after discharge. When I cease private practice, the notes will be dealt with according to the Records Management Code of Practice 2021.

Your Rights

Under the General Data Protection Regulations (GDPR) (Data Protection Act 2018) you have the right to access your personal data. You are entitled to be informed of any information I hold about you. Requests for your medical records +/- information I hold about you, must be made in writing and emailed to along with proof of identification (passport or driving licence). Alternatively, please contact the hospital you were treated at.

If you are requesting the personal information of another individual person on their behalf, you will be required to provide satisfactory proof that you have the individual’s authority to act on their behalf.

If you are unhappy with how your data has been handled, you are able to complain to the Information Commissioners Office (ICO).