Who has access to your medical records?
- The medical records service F365, which stores and processes our encrypted files;
- Your practitioners, so that they can provide you with treatment;
- Our administration & secretarial staff, because they organise practitioners’ diaries, obtain and upload clinical letters and investigation results to your medical records, take queries from you and communicate them to the practitioners.
Every member of staff whether clinical or administrative is bound by rules of confidentiality. We maintain our duty of confidentiality by conducting annual training and awareness.
Exceptions to confidentiality rules apply if there is disclosure by you of any risk or intention of self-harm or harm to others.
Your records are kept safely, and their contents may not be disclosed to anyone without your authorisation, or unless the law authorises or compels us to do so.
Fair Processing (Privacy) of Personal Data Notice
Your Information, Your Rights
Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the Data Protection Act 1998 and the EU General Data Protection Regulations (GDPR).
The following notice reminds you of your rights in respect of the above legislation and how our Practice will use your information for lawful purposes to deliver your care and fulfil our legal obligations.
This notice reflects how we use information for:
- The management of patient records;
- Communication concerning your clinical care;
- Ensuring the quality of your care and the best clinical outcomes are achieved through clinical audit and retrospective review.
We are the data controller for any personal data that we hold about you.
What information do we collect and use?
All personal data must be processed fairly and lawfully, whether is it received directly from you or from a third party in relation to your care.
We will collect the following types of information from you or about you from a third party (provider organisation) engaged in the delivery of your care:
‘Personal data’ meaning any information relating to an individual that can be directly or indirectly identified from the data. This includes, but is not limited to, name, date of birth, address with postcode, telephone numbers and next of kin.
‘Sensitive data’ such as medical history including details of appointments and contact with you, medication, emergency appointments and admissions, clinical notes, treatments, results of investigations, supportive care arrangements, social care status, race, ethnic origin.
Your healthcare records contain information about your health and any treatment or care you have received previously from us at FMW Ltd, but may also contain records from any health care provider that we have referred you to or that you have submitted to us to keep on file (e.g. from a hospital, NHS GP surgery, community care provider, mental health care provider, walk-in centre, social services). These records will be in electronic format.
We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.
Why do we collect this information?
As we are a Private Clinic and not an NHS practice we are NOT routinely required to provide information to the health service in England in order to review performance, services and research or education.
However, we are required by law to notify the relevant authorities in the case of certain infectious diseases or significant events that are in the interest of the public or vulnerable individuals. Information provided will always be anonymous whenever possible.
How do we use this information?
To ensure that you receive the best possible care, your records will be used to facilitate the care you receive. For example, recording medication allergies on the patient record will help to prevent the wrong medication being prescribed. Information may also be used for internal clinical audit to monitor the quality of the service provided.
How is the information collected?
Your information will be collected initially via your secure patient portal and a medical record created in your name on our electronic medical record platform F365.
Your data is protected using state-of-the-art security, is fully backed up and highly encrypted.
For more information on this please see this link
Who will we share your information with?
We do not share your medical information with your NHS GP surgery without your express consent.
However, to deliver and coordinate your healthcare, we may share information with the following organisations:
- Any private consultants, hospitals, or clinics that you request us to refer to or consult with
- Your NHS GP surgery if you request us to send them a copy of our records
- We use several different pathology and laboratory services for investigations. From time to time, we may need to discuss your clinical presentation with the relevant clinical advisors from these services to better interpret a functional test. You will be asked to consent to this before the test is ordered.
By sending us your details, health records etc you consent and accept that it may be necessary for us to forward these clinical details electronically or in other formats.
We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date.
Your records are stored as follows:
- on paper, in locked filing cabinets, and the office is always locked out of working hours.
- electronically (“in the cloud”), using a specialist medical records service called F365. This service is fully compliant with GDPR. Access to this encrypted data is password-protected, and the passwords are changed regularly.
• on our office computers. These are password-protected and backed up regularly.
We will never share your data with anyone who does not need access without your written consent, and we will never share, rent or sell your contact or health details to any other third parties or companies outside FMW for marketing purposes.
Who do we receive information from?
Whilst we might share your information with the above organisations, we may also receive information from them to ensure that your medical records are kept up to date and so that we can provide the appropriate care.
You can view the contact details we have for you and your health records including your individualised lifestyle recommendations, laboratory test results, medications and supplements usage charts by logging in to your patient portal. You can access the patient portal at home using a password chosen by and known only to you. If you forget your password, you can use the link on the login screen to reset it.
Full details of how to access your patient portal will be supplied when you become a registered patient.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
Requests for personal data or complaints need to be sent in writing to the Data Controller. Here are the details you need for that:
Functional Medicine Wimbledon
14b Merton Park Parade
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
Consent and Objections
Do I need to give my consent?
The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps you build trust and enhance your reputation. However, consent is only one potential lawful basis for processing information. Therefore, a medical practice may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. FMW Ltd will contact you if we are required to share your information for any other purpose which is not mentioned within this notice. Your consent will be documented within your electronic patient record.
What will happen if I withhold my consent or raise an objection?
You have the right to write to withdraw your consent at any time for any particular instance of processing, provided consent is the legal basis for the processing. Please contact FMW for further information and to raise your objection.
Your Right of Access to Your Records
The Data Protection Act 1998 and General Data Protection Regulations allows you to find out what information is held about you including information held within your medical records, either in electronic or physical format. This is known as the ‘right of subject access’. All your information is held on the portal which you have unlimited access to.
Our aim is to be as open as possible with all our patients and we will try our utmost to deliver the best service possible. In the event that your feel our FMW has not complied with the current data protection legislation, either in responding to your request or in our general processing of your personal information, please raise your concerns in the first instance in writing to the Practice Manager at email@example.com or Functional Medicine Wimbledon, 14b Merton Park Parade, Wimbledon, SW19 3NT.
If you remain dissatisfied with our response you can contact the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF – Enquiry Line 0303 123 1113 or online at www.ico.gov.uk/concern
Price Changes for Products and Services
There may be occasions where price changes are implemented and these can occur without warning. However, we will uphold the advertised price on the day of your booking.
We’re Here For You
If you are experiencing difficulty with any content, require assistance with any part of our website, or would like to request any information in an accessible alternative format, please contact us at 07436 263320 or firstname.lastname@example.org during normal business hours and we will be happy to assist.