DMC Healthcare Ltd and DMC Imaging Ltd Patient Privacy Notice

 

We take your privacy seriously and we want to provide you with information about your rights, who we share your information with and how we keep it secure.

Follow this link to find out more about how your health information is used for Research and Planning and how to opt out if you wish to.                                                                                                                                                      

Recent News (Added 21st June 2021): 

NHS England has commissioned a provider, Xyla Health and Wellbeing, to provide the ‘Your local Healthier You: NHS Diabetes Prevention Programme’ for patients at risk of type 2 diabetes. Once a patient is referred, they will be contacted for a motivational interview with the provider (Xyla) to help them enrol onto the course and to have an opportunity to ask any questions they have at this time, including if you don’t want to enrol in the programme. Xyla Health and Wellbeing is part of the Acacium Group and sometimes, if required and legally allowed, Xyla may share some of your basic details such as your name and contact details with providers who have been identified as suitable to contact you to provide support for you during this programme. Any sharing of your data is done as little as possible, under due diligence and in compliance with applicable laws. For full details on how Xyla would use your data for the diabetes prevention programme, see their privacy notice at: https://preventing-diabetes.co.uk/diabetes-prevention-privacy-policy/ For general information on the national diabetes prevention programme, please visit the NHS England website on this at: https://preventing-diabetes.co.uk/

Your Information

We are registered with the Information Commissioner’s Office as a Data Controller and our registration numbers can be found by searching the ICO Register using this link.

We aim to provide you with the highest quality health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.

Your doctor and other health professionals caring for you, such as nurses or radiographers, keep records about your health and treatment so that they are able to provide you with the best possible care.

These records are called your ‘health care record’ and may be stored in paper form or on computer and electronic systems and may include Personal Data;

  • basic details about you, such as address, date of birth, NHS number, and next of kin

​as well as Sensitive Personal Data;

  • contact we have had with you, such as clinical visits
  • notes and reports about your health
  • details and records about your treatment and care
  • results of x-rays, laboratory tests etc
  • information about your sexual life or home life
  • information about ethnicity and religion

​​Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.

Please be aware that administrative staff will often access information addressed to a particular clinician to allow us to manage high volumes of communication. They are bound by confidentiality in the same way as the clinician is and will keep your information private.

If you have any questions or wish to make a request in relation to your information, please contact us using the details on our main page or contact our Data Protection Officer at dpo.dmchealthcare@kdpc.uk

Our Data Protection Officer service is provided by Kaleidoscope Consultants Ltd. When we ask for their support, we will aim to remove any reference to individual patients. Where this is not possible, we will use the minimum necessary to allow us to obtain advice and support.

You can find out more about Kaleidoscope Consultants Ltd at www.kaleidoscopeconsultants.com.

Children and Young People

  • Young people from aged 13 (and sometimes younger) are allowed to make decisions about how their health information is shared
  • A parent or guardian may apply for access to young person’s information.
  • If a young person does not consent – we may not provide access to the parent or guardian.
  • If the young person does not have the capacity to understand, we may provide access to the parent or guardian because it is in the young person’s best interest to do so.
  • ​Young people can ask us to keep certain parts of their information confidential.
  • If the young person is making decisions about their information that puts them at risk – we may notify adults with parental rights.

What We Do with Your Information?

  • Refer you to other healthcare providers when you need other service or tests​
  • Discuss or share information about your health or care with other health or social care providers
  • Share samples with laboratories for testing (like blood samples)
  • Share test results with hospitals or community services (like blood test results)
  • Allow out of hours or extended hours GPs to look at your health record when you are going to an appointment
  • Send prescriptions to a pharmacy
  • Text you in relation to healthcare services
  • Provide your samples to the courier for delivery to pathology
  • Share reports with the coroner
  • Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital
  • Produce medical reports on request from third parties such as the DVLA or your employer
  • Movement of your patient records to Primary Care Support England

What Else Do We Use Your Information For?

Along with activities related directly to your care, we also use information in ways which allow us to check that care is safe and provide data for the improvement and planning of services.

  • Quality / payment / performance reports are provided to service commissioners
  • As part of ad hoc clinical research – information that identifies you will be removed, unless you have consented to being identified
  • Undertaking clinical audits locally to ensure safety and efficiency
  • Sending practice information to other NHS bodies for national audits that are required by law (e.g. NHS Digital Audit Data Collection )
  • Sending patient information to NHS Digital for Research and Planning Purposes. You can opt out if you wish.  Find Out More about how Patient Data is Used for Research.
  • Supporting staff training
  • Incident and complaint management

Our Use of CCTV

DMC Healthcare Ltd has installed CCTV at the following locations;

Dulwich Medical Centre – SE22 9EP
Chadwick Road Surgery – SE15 4PU

External Front Entrance
External Front Car Park
External Rear Car Park
External Back Entrance
Upstairs Waiting Room
Reception & Waiting Room
Downstairs Corridor
Upstairs Corridor

The CCTV is in place in order to protect patients, staff and visitors from abuse or incidents of crime. This is a common measure employed by organisations as a deterrent for anti-social behaviour and allows DMC Healthcare Ltd to assist police where an event does occur. The ability to employ measures to protect individuals on the premises and ensure that staff and patients feel safe on site is crucial to allow DMC Healthcare Ltd to deliver services to data subjects and so is lawful in order to support our legitimate interests.

DMC Healthcare Ltd has also ensured that the CCTV is only in place in the more public areas of the premises and that surveillance does not extend to clinical areas or washroom areas where the individual would have a reasonable expectation of privacy.

The recordings are kept securely, with limited access for 28 days. You can ask for a copy of recordings or raising objections or concerns by contacting our Data Protection Officer.

Who Do We Share Your Information With?

We will share your information with other health and care providers such as hospitals, care homes and GP practices.
Additionally, we use a number of providers who process your personal data on our behalf.

Provider Website
Confidential Waste
Shred-It https://www.shredit.co.uk/en-gb/home
BIFFA https://www.biffa.co.uk/
PHS https://www.phs.co.uk/about-us/our-brands/wastemanagement
SRCL Clinical Waste http://www.srcl.com/
Couriers / Delivery
City Sprint https://www.citysprint.co.uk/
Capita https://www.capita.com/
Multi-Functional Devices
ASL www.asl-group.co.uk
Video Consultation
Zoom https://zoom.us/
EConsult https://econsult.net/
Microsoft Teams https://www.microsoft.com/en-gb/
Healthcare Software
Health Intelligence https://health-intelligence.com/
Biotronics3D Limited https://www.3dnetmedical.com/public/
Prescribing Services Eclipse Live https://www.prescribingservices.org/
AccurX https://www.accurx.com/
Informatica (Audit+) https://www.informatica.com/gb/
Website Hosting / Mailing
NHS Choices https://www.nhs.uk/
Webpost https://webpost.com/
Clarity Team Net https://clarity.co.uk/teamnet/
CCTV
Rydon Maintenance http://www.rydon.co.uk/
Healthcare Hardware
Numed https://www.numed.co.uk
Keystream https://key-stream.com/
IT Service Provider
NELCSU www.nelcsu.nhs.uk/
Digital Redaction / Scanning
iGPR www.igpr.co.uk/
Notespace https://www.oasisgroup.com/services/notespace.6453.html
Payroll / Finance
Sage https://www.sage.com/en-gb/
QX Ltd https://www.qxltd.com/
EdenRed www.edenred.co.uk
Associations / Groups / Providers
Medical Defence Union https://www.themdu.com/
Dispex www.dispex.net
Provision of Clinical System
Vision Health https://www.visionhealth.co.uk/
E-Referrals https://digital.nhs.uk/services/e-referral-service
Training
e-LH www.e-lfh.org.uk
Invicta Health e-learning https://invictahealth.co.uk/provide/invicta-health-learning/
HR / Employment
Peninsula HR https://www.peninsulagrouplimited.com/
Other
Interface https://www.interface-cs.co.uk/
Vision Primary Care Training https://visionpct.co.uk
Iplato https://www.iplato.com/
Hospify https://www.hospify.com/
Hitec- Retina Security http://hi-techsecurityandfire.co.uk/
Survey Monkey https://www.surveymonkey.com/
EMIS Web https://www.emishealth.com/products/emis-web
Hornsey Consulting Ltd https://hornseyconsulting.co.uk/

Newly added providers

Insource Ltd (Data Analytics)      https://www.insource.co.uk/             Added 14th August 2021

Sharing When Required by Law

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.

Care Quality Commission Access to Health Records

The CQC has powers under the Health and Social Care Act 2008 to access and use your health information where it is necessary to carry out their functions as a regulator.

This means that inspectors may ask to look at certain records to decide whether we are providing safe, good quality care.

More information about the CQC can be obtained on their website https://www.cqc.org.uk/about-us/our-policies/privacy-statement

Information Rights

Data protection law provides you with a number of rights that the we are committed to supporting you with;

Right to Access

You have the right to obtain:

  • Confirmation that your information is being used, stored or shared by us
  • A copy of information held about you

​We will respond to your request within one month of receipt or will tell you when it might take longer.

​We are required to validate your identity including the identity of someone making a request on your behalf​

Right to Object or Withdraw Consent

  • We mainly use, store and share your information because we are permitted in order to deliver your healthcare but you do have a right to object to us doing this.
  • ​Where we are using, storing and sharing your information based on explicit consent you have provided, you have a right to withdraw that consent at any time.
  • ​You can choose to opt out of sharing your confidential patient information for research and planning. There may still be times when your confidential patient information is used: for example, during an epidemic where there might be a risk to you or to other people’s health. You can also still consent to take part in a specific research project.
  • Visit nhs.uk/your-nhs-data-matters to opt out.

Our Data Protection Officer will be happy to speak with you about any concerns you have.

Right to Correction

If information about you is incorrect, you are entitled to request that we correct it

There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time

​We will respond to your request within one month of receipt or will tell you when it might take longer.

Right to Complain

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

​For more detailed information on your rights visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

​Information Technology

We will use third parties to provide services that involve your information such as;

  • Removal and destruction of confidential waste
  • Provision of clinical systems
  • Provision of connectivity and servers
  • Digital dictation services

Data analytics or warehousing (these allow us to make decisions about care or see how effectively the organisation is run – personal data will never be sold or made available to organisations not related to your care delivery).

​We have contracts in place with these third parties that prevent them from using it in any other way that instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.

Keeping Your Information Safe

We are committed to ensuring the security and confidentiality of your information.

There are a number of ways we do this;

  • Staff receive annual training about protecting and using personal data
  • Policies are in place for staff to follow and are regularly reviewed
  • We check that only the minimum amount of data is shared or accessed
  • We use restricted access to systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
  • We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
  • We report and manage incidents to make sure we learn from them and improve
  • We put in place contracts that require providers and suppliers to protect your data as well
  • We do not send your data outside of the EEA

How Long Do We Keep Your Information?

In line with the Department of Health Code, we will retain / store your health record for your lifetime.

When a patient dies, we will send your record to Primary Care Services England review the record and generally it will be destroyed 10 years later, unless there is a reason to keep it for longer.

​If you move away or register with another provider, we will send your records to the new provider.