During your treatment, we may collect information about you. This Privacy Notice advises you what that information might be and how we may use that information. Please contact us if you have any questions.
You can contact us by telephone on + 44 (0)203 397 7779, email us at firstname.lastname@example.org or write to us at: Queen Anne Street Medical Centre, 18-22 Queen Anne Street, London, W1G 8HU.
Professor Adrian Wilson is our data controller.
We share personal/special data with other clinicians involved in your care such as nursing staff, other surgeons, physiotherapists and radiologists. We also share your personal/special data if we are advised by law such as in the case of a public health issue.
We collect information about you at several stages in your treatment and contact with us.
When you complete a form on our website, we will receive your email address and the details of your condition. This is information will form part of your patient record on our practice management system. This is stored on a secure cloud server, based in the UK, and maintained by the IT software company K M Medical Ltd. All connections made to this cloud based practice management software are via a Secure Socket Layer Protocol (SSL).
When you call us, if you are booking an appointment, we will collect the data detailed below.
Name, date of birth, address, telephone, email, GP details, National Health Service (NHS) Number and details of your condition.
When you book an appointment, we will ask you for your name, postal address, email address, date of birth and contact telephone numbers. This is in order to enter your information into our booking system. We need to record all your contact information as we may also need to contact you before your appointment to advise you of any changes to the date and time.
You will usually book an appointment with one of our practice secretarial team. They will ask you some questions about the nature of your knee problem. We record this information on a booking form so we can advise Professor Wilson in advance of your appointment the medical condition you are seeking treatment for.
During your consultation with Professor Wilson, he will ask you for details of your injury or knee condition, how long you have been suffering from a knee problem, how it came about and your aspirations for treatment. This information will be recorded by Professor Wilson in your confidential medical records. This information allows Professor Wilson to keep a detailed history of your case, which he will update each time you meet. He will also use this information to advise your general practitioner (GP) on your diagnosis and any treatment you may go on to receive under his care.
These medical records will be stored electronically within our practice management system. This is stored on a secure cloud server, based in the UK, and maintained by the IT software company K M Medical Ltd. All connections made to this cloud based practice management software are via a Secure Socket Layer Protocol (SSL).
If you need to have any tests or scans, such as an MRI, X-ray or blood test, we will record the findings of these in your medical records. This is so that Professor Wilson can access all your information each time you see him.
These medical notes will be stored electronically within our practice management system.
All the patient data referenced above is centrally stored/saved within a practice management application. The data is encrypted at the database level. This means that even if the data itself was compromised, the data itself remains unreadable without the appropriate decryption.
All connections made to the data, via clinical and medical secretary staff is made via a secure socket layer protocol. (SSL).
Whilst patient data being saved to local notebook devises is kept to a minimum, Laptops that contain any patient data, such as Professor Wilson’s Notebook computer is encrypted at the Disk level.
Appropriately secure passwords are used to log in to all devises, including mobile phones.
All data is stored only within UK boarders, and not internationally.
Every effort is made to ensure security patches on all computers, including antivirus, and firewall is both appropriate and up to date. Regular IT audits are maintained to ensure this remains the case.
All emails containing patient identifiable data is encrypted between the sender and the recipient.
All staff are trained around these important points of data integrity.
Physical security is also periodically reviewed, physical access to Hampshire Knee/patient information is controlled. There is no uncontrolled 3rd party access, communal or public access to staff areas of the clinical environment – visitors are all required to sign in, and patients are also all “by appointment”.
We need to inform you how we use and store your data.
Every patient has the right to ask us for the data that we keep on them. When you request information from us, this is known as subject to an access request.
Where there is an inaccuracy in the information we have collected about you, you can ask us to amend those details accordingly. Information relating to your medical diagnosis is not included.
Whilst we able to erase any information we hold about you personally as a result of a telephone call or email enquiry, we are legally obliged to retain your medical history in line with NHS policy. More information can be viewed here – https://www.nhs.uk/chq/Pages/1889.aspx?CategoryID=68
You retain your right to object, see below.
As a patient you have the right to ask us to stop processing their data. At this point we will be unable to continue your treatment, during which period we are obliged to record your data.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Legally we have to keep your medical records, so patients do not have the right to data portability.
You have the right to object to us using your data for marketing purposes. You have the right to lodge a complaint with a supervisory authority at any point, for example The Information Commissioner’s Office (ICO).