Privacy Notice for Our Patients/Clients
How we use and share your information to help you
We need to keep a record of the care you receive to ensure that:
We have a duty to:
such as health professionals and relatives.
The staff who see you may also add notes on their professional opinion.
If you wish us to, and it is practical, we will discuss and agree with you what we are going to enter on your record and show you what we have recorded.
Identifying you as an individual
We have many patients/service users with similar names so it vitally important for all patients/service users to be properly identified as individuals. In order to be absolutely sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items include:
How you can help us to keep your health record accurate
How No. 23 Skin uses your contact details
We take your privacy seriously so please let us know how you want us to contact you.
If you provide a mobile phone number: we may ring, leave a message or text you, so tell us if you do not want us to do so.
If you provide a landline: we may leave a message, so tell us if you do not want us to do so.
If you provide us with your email address: we may use it send confidential health information, unless you have told us not to do so.
Please read the following before providing us with your email address.
If you have an urgent question or feel unwell after going home after treatment contact an emergency service e.g. 111 NHS emergency service or 999 for life threatening conditions by telephone, do NOT email.
How your records are kept
Our guiding principle is that we hold your records in strict confidence.
No. 23 Skin is registered under the Data Protection Act 2018. It abides by the law and observes good practice in maintaining confidentiality and appropriate information security.
We will fulfil its obligations under this Act to the fullest extent, including ensuring that the following eight principles governing the processing of personal data are observed.
No. 23 Skin is also registered with the Care Quality Commission. This means that we are subject to ongoing inspection and regulation by the CQC. This includes checks by the CQC that we are observing all necessary and statutory guidelines for use of your data in line with Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (Part 3).
Information about you and the services you receive may be held in a number of formats and will be kept for the specific retention periods outlined by the relevant professional bodies. We use secure electronic systems to store user records, images and details of prescriptions. Patient data held on paper or disk will be processed in accordance with the Data Protection Act and destroyed using secure documented procedures after the time periods set out by the Department of Health.
How your records are used
We use your records to:
on accurate information.
We may remove your name and other details that could identify you so that we can use the information in your record anonymously to:
Wherever possible, we anonymise your data or use a quasi- identifier such as a patient number or NHS number.
Sharing your health record
No. 23 Skin has a designated Information Lead/Data Protection Officer who is responsible for protecting the confidentiality of patient information and making sure that information is shared where this is appropriate.
To make sure you receive all the care and treatment you need, we may need to share the information in your health record with other staff and organisations. This could include:
and radiology staff involved in the analysis and reporting of diagnostic tests
Note that anyone who receives information from us also has a legal duty to keep it confidential.
We may also share information that identifies you where:
Sharing information with your family and friends
We will normally share information about the progress of your treatment with the person you name as your Emergency Contact, unless you have told us not to do so. Your emergency contact should be someone that you trust and feel close to. It does not have to be a blood relative; it can be a good friend. We ask patients/service users to name their emergency contact so that we know who you would like us to keep informed about the care we provide or the decisions we need to make. In identifying your emergency contact, you are giving us permission to keep her or him informed.
You can also name other people, with whom you would like us to share information about you. We make best efforts to ensure that information provided over the telephone is restricted to those you have named and we share on a need to know basis. Sometimes this means refusing to disclose information about you to someone who feels they should know about your treatment and progress. Please make your family and friends aware of this.
Sometimes we have a legal duty to provide information about people; examples are reporting some infectious diseases, and when a court order instructs us to do so. Records may also be shared without the patient’s consent in exceptional situations, such as to safeguard adults or children.
The Care Quality Commission is the independent regulator of health care and they also protect the interests of people whose rights are restricted under the Mental Health Act. They routinely inspect our premises to quality check information we hold and the services we provide in line with the Health & Social Care Acts. This is designed to ensure that patients/service users using services are protected and receive the care, treatment and support they need. These inspectors have the authority to access personal information without the permission of patients/service users.
Sharing your records outside the EU
If your permanent address is outside the EU, or your treatment is continuing outside the EU, we may send details of your treatment to individuals based outside the EU specifically to promote your ongoing care. This would normally be the doctor who referred you to us for treatment. If you wish, we can give you the documents so that you have physical control over this information.
In the usual course of our business, we may use third parties to process and store your data on our behalf. We normally store your data on secure servers in the European Economic Area (EEA). Such processing is subject to contractual restrictions with regard to confidentiality and security in addition to the obligations imposed by the Data Protection Act 2018.
Exceptionally we may make use our suppliers are based outside the EEA for processing and storing your data. We have strict controls over how and why your data can be accessed. By submitting your personal data, you agree to this.
Where necessary we may transfer personal information overseas for processing to support the long- term effectiveness of treatment and monitor patient outcomes. Personal information will be processed in this way where it is not possible to achieve this purpose with the use of anonymised or pseudonymised information only.
How can I stop my information from being shared?
No. 23 Skin acts to provide information principally for other health and social care professionals who have requested this since they require further detailed investigations on their patients/service users. So naturally we will normally need to share this information with your doctor who has referred you to our service.
If you do not want us to share your information with your GP, other healthcare providers or carers, please tell the team looking after you. But please note that not sharing your information may affect the care that can be provided for you.
You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. Where your wishes cannot be followed you will be told the reasons including the legal basis. You may at any time withdraw any consent you have previously given to us to process information about you.
If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with your professional, or email us typing ‘Opt Out Request’ in the subject line of the email.
Your legal rights
No. 23 Skin is the Data Controller of the data it holds about its patients/service users and staff.
You have the right to confidentiality under the Data Protection Act 2018 (DPA), the Human Rights Act 2018 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply.
You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.
You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:
Obtaining a copy of your record
If you wish to apply for access to the information, we hold about you:
Further information about data protection issues is at:
Information Commissioner’s Office (ICO)
The Information Commissioner’s Office Wycliffe House Cheshire SK9 5AF Helpline: 08456 30 60 60