Security of information

Privacy has an impact on everyone: A vast number of personal and sensitive data, such as medical records, personal records, and computerised information, is stored and used daily by Potiere Mole Removal Clinic (the organisation). This information is utilised by a wide range of people in their jobs.
Every effort will be made to guarantee that personal information that we are responsible for, whether it is computerised or paper-based, is protected against unauthorised access or disclosure, in accordance with all applicable laws and regulations.
It has been decided that the Managing Director will be in charge of protecting patient privacy and data security, while a Senior Information Risk Owner has been selected to oversee all information assets and risks related with them.

Legal basis for the processing of your data

To comply with GDPR 2018 regulations, an organisation must process:

A person’s personal information

According to Section 6(1)(f) of the GDPR, “Processing is required for the controller or a third party, unless where such interests are outweighed by the interests or basic rights and freedoms of the data subject, in particular when the data subject is a minor.”
According to Article 6(1)(a), the “data subject has provided consent to the processing of his or her personal data for a particular purpose or purposes.”

Privileged personal information

It is required for “preventative or occupational medicine, medical diagnosis, health or social care and treatment, or the management of healthcare systems and services” under 9(2)(h) (Health Records)

Why do we collect information about you?

Health and social care providers who treat you are required by law to retain records of your medical history and any treatment or care that you receive. In order to get the best possible treatment, these documents are essential. There are a variety of ways in which these documents might be stored, either on paper or in an electronic format.

  • Your name, address, e-mail address, NHS number, date of birth, relatives, and other personal information.
  • Scheduled meetings or clinic sessions that we’ve held with you.
  • Records of your medical history, treatment and care — trips to the doctor’s office
  • Provided information on the diagnosis and treatment
  • A list of any allergies or other medical issues you may have.
  • X-rays, scans, and laboratory testing results.
  • It’s important to get advice from those who know you well, such as doctors and family members.

Your personal information must be correct and up-to-date at all times. When you visit us, please double-check your personal information and notify us of any changes to your contact information or primary care practise as soon as possible. This reduces the chance that you may miss out on critical communications.
With the Organization’s permission, patients can be contacted by mail, phone, text message, or email, depending on their preferred method of communication. By submitting their contact information, patients agree to the Organization’s use of those channels to communicate with them about their healthcare (email address).

How your personal information is used

There are a variety of purposes for which your medical data are utilised to make sure that you get the treatment you need, including:

  • It is important that the medical experts engaged in your care have access to current and accurate information in order to properly assess your health and choose the best course of action.
  • Medical or social workers have the data they need to evaluate and enhance the sort of treatment you receive.
  • An official complaint will ensure that your issues are properly addressed.
  • Seek the advice of another doctor or seek referrals to specialists or other parts of the NHS or social services for the necessary information.

Non-customers’ names and addresses, as well as email addresses, are kept on file by the organisation because we believe they could be interested in our goods and services.
In some cases, if we have your permission, we will notify you through email or mail about items or services that we feel may be of interest. To promote our business, if we don’t already have your permission, we will mail you information about our products and services. You can unsubscribe at any moment by clicking on a link in the email.

The Care Record

Patients’ most current and accurate health and social care information is available through the Care Record, a shared system used by all health and social care providers in the organisation.

The NHS Care Record Guarantee

It is our promise to utilise your medical records in a manner that respects your privacy and promote health and wellness. Copies of the entire document are available at:

The Records Management Code of Practice

The NHS can utilise this Records Management Code of Practice for Health and Social Care 2016 as a guidance when it comes to keeping records. Organizations working for or under contract with the NHS in England should take note of this. Public health functions in local authorities and adult social care are also included in this category.
The Code is based on current legal requirements and best practises in the industry. The Mid Staffordshire NHS Foundation Trust Public Inquiry1’s recommendations on records management and openness will be made easier to execute by this guide.

How long health records are retained

In compliance with the NHS Records Retention Schedule, which specifies how long each type of NHS record should be kept, all patient records are deleted.
As soon as the retention period has expired and the Organization has reached the judgement that the documents are no longer needed, all records are destroyed confidentially in accordance with applicable laws.

When do we share information about you?

Others who are actively involved in your care, as well as those who may have a role in your care, may have access to certain of your personal information.
Our Organization and the NHS have a legal obligation to keep your personal information private. Anybody who obtains our sensitive data has the same legal obligation.

With the purpose of providing direct care

  • All the NHS Trusts and hospitals involved in your treatment.
  • In addition to NHS Digital, there are other additional NHS organisations.
  • Primary Care Physicians (GPs).
  • An ambulance service is also available.

In addition to the NHS, you may be getting treatment from other sources, such as Social Care Services. If they have a real need for it or we have your agreement, we may need to share certain information about you with them. Because of this, we may share your personal data, subject to a written agreement, with the following organisations:

  • Services for the elderly and those with disabilities.
  • In addition, we provide educational services.
  • Councils and Mayors.
  • Non-profit and for-profit organisations cooperating with the NHS.

Your personal information will only be shared if there are extraordinary circumstances, such as when someone’s health or safety is in jeopardy or if the law forces us to do so.

  • As a means of supporting the patient in a non-medical capacity:
  • Besides providing you with the best possible service, we also use your personal information to:
  • Ensure that our services will be able to satisfy future patient demands.
  • Patients’ concerns and legal claims should be thoroughly investigated by the healthcare provider.
  • Care must be taken to ensure that your hospital bill is paid in full.
  • Compile data on the performance of the NHS
  • Examine the NHS’s books and services.
  • Health research and development (with your consent – you may choose whether or not to participate)
  • Educate and train healthcare workers in the field

The use of your personal information for these reasons is strictly regulated in the United States. These determine whether or not your personal information must be de-identified before it may be shared with others. The NHS England and NHS Digital websites include further information about these extra uses, which are also known as secondary purposes.

When other people need information about you

It is a legal need for everyone in the health and social care sector to maintain the confidentiality of any information they get about you, and the same is true for anybody who obtains that information from us.
It’s possible that we’ll have to disclose some of your medical information with others who are involved in your treatment. Your healthcare professional may need the help of other healthcare experts (who are not affiliated with the Organization) in order to arrange your treatment, for example. We do this to ensure that you and your caregivers receive the best possible care and assistance, or where the welfare of others is at stake. In the event that we need to share information with you in this manner, we will only do so with your consent.
We may have to share information with other agencies in other situations. We don’t have to ask for your permission in these exceptional cases.

Examples of this may be found in the following:

  • If there is reason to believe that your actions might result in significant injury or death, seek immediate medical attention.
  • A person may be at danger of significant injury from your actions if there is a worry.
  • In the event that a kid is at danger of harm, you should seek the advice of a qualified professional.
  • If we have been ordered by a court to do so.
  • As long as it’s necessary for a severe criminal investigation to have the information
  • Under the Mental Health Act (1983), a person’s “nearest relative” must be informed even if the person objected.
  • For example, if you have knowledge on an infectious illness that has to be reported to the government for public health or other legal reasons, such as

Other ways in which we use your information

Recording of telephone conversations

For the following reasons, calls to the Organization are frequently recorded:

  • To ensure that the organization’s policies and procedures are followed by its employees.
  • To assure the quality of the product.
  • Education, supervision, and enhancement of the service
  • Preventing criminal activity and other forms of abuse, as well as ensuring the safety of employees

Data subjects rights

Sixth Principle of Data Protection Act:

  • To obtain a copy of their personal information;
  • The right to object to processing that may cause harm or discomfort;
  • Automated decision-making has a right to be challenged;
  • The right to have erroneous personal data corrected, blocked or removed or destroyed in certain situations

Compensation for harm caused by a violation of the GDPR’s Act (GDPR)

  • Access to their personal data, which in most situations will be free of charge and will be provided within a month of request (which can be extended to two months in some circumstances)
  • To whom the information has been or will be made available;
  • How long the data will be kept for
  • The right to have erroneous personal data corrected, blocked or removed or destroyed in certain situations
  • Data Portability – the transmission of data in a generally accepted electronic format
  • In the case of an individual’s health record or for the interests of public health, the right to be forgotten and the deletion of data does not apply
  • The ability to file a complaint with a governmental agency (see Raising a concern section)

Your right to object

As a patient, you have the right to control how and who has access to your medical data and other personal information. If you don’t want us to share your information, we’ll make a note of it in your file so that everyone engaged in your care, including doctors and nurses, is aware of your preference. The treatment or care you get may be more difficult or impossible if you do not allow us to share your medical information with other health and social care experts.
If you have any questions or concerns, don’t hesitate to bring them up with the doctor who’s treating you. A disclosure choice can be revoked at any moment if you change your mind.

Refusing or withdrawing consent

Refusal to provide permission will have its repercussions described in full to the patient at the time. These might include delays in getting treatment.
In cases where the legal foundation for disclosing sensitive personal information rests on the patient’s explicit or implicit agreement, the patient has the right to deny or withdraw their consent at any time.
Because of this, patients who do not want their medical information shared can file a complaint with the NHS Trust, and the Trust must honour such complaint if it is based on HRA CAG authorization under Section 251 of the NHS Act 2006.
The patient cannot decline or withdraw their agreement to the publication of information where the legal foundation rests on a legislative obligation or power.

SMS text messaging

The Organization may ask you to confirm that the organisation has your correct phone number and mobile phone number when you come in for an appointment or treatment. This may be used to notify you of upcoming appointments through SMS text message or automated phone call.

Surveillance Cameras (CCTV)

We use CCTV cameras on and around our properties to ensure the safety and security of our employees and customers.

  • Ensure the safety of Trust employees, patients, and visitors
  • Assemble evidence that can be used in a criminal or civil court case
  • Serve as a deterrent to criminal behaviour and help prevent it
  • Make our workplace a safer place for our employees
  • Aid in traffic and parking control measures
  • Keep a close eye on operational and safety incidents
  • Aid in providing better services, such as allowing employees to view patients and guests who need assistance
  • Support the process of claim verification

You have the right to request a copy of any surveillance information that has been recorded of you. In order to access your data, please send a letter to the address shown below, along with the information requested in the section under “How you may access your records.” The information you supply must be enough to identify you and help us locate the photographs on our databases.
When permitted by the General Data Protection Regulation (GDPR) 2018, we may withhold information and only preserve surveillance data for a reasonable amount of time or as long as is needed by law. CCTV footage may be required for legal reasons in high-profile investigations, severe or criminal situations. GDPR regulations must be adhered to when this is done by the recipient organisation.

How you can access your records

In accordance with the GDPR, you now have the right to see what personal data we have on file about you. To make a request, please write to our SIRO. Once your application has been received, the Organization will send you a copy of your personal information within one month.

  • We’ll need the information on your application form and any supporting documentation (such as your social security number and date of birth) to validate your identity and locate your records.
  • However, the Trust reserves the right to either charge a fair fee or refuse to act on a request if the request is baseless or excessive, in particular if it is made many times.

128 Baldock Street, NIDDRIE, EH16 3GX Potiere Mole Removal Clinic

Data controller

Graham Miller, Managing Director Data Protection Officer Contact – is the Data Controller who is responsible for protecting your personal information.

Raising a concern

Patient concerns regarding any part of care or treatment at this Organization should be sent to — if they are concerned about how their records have been maintained.
Director of Operations, Graham Miller
Complaints concerning our handling of your personal information can be made to the Information Commissioner’s Office.
Companies must notify the Information Commissioner about the objectives for which they process personal information under the GDPR 2018. The Information Commissioner’s Office can be contacted at: 69 Harehills Lane, RUDFORD, GL2 9AP, or by phone at: 078 7658 8605.

Freedom of Information

Potiere Mole Removal Clinic is required by the Freedom of Information Act of 2000 to make certain records available to anybody upon request, with some exceptions. Please get in touch with us if you need anything from us.