The data we hold about you
Here at The Carmichael Clinic we keep some of your personal and sensitive information in order to provide the best treatment for you. We collect information directly from you such as when you contact us to make an appointment or on the initial assessment. We also collect information from any health professional or insurance company who refers you to us. This includes your name, address, d.o.b., contact details (phones and email), insurance company details. We also keep personal medical information, some from your doctor or insurer and some from what you tell us in your assessment and treatment sessions. We do not keep payment details (such as credit cards) other than details of your insurer if you are using one.
Sharing your information
The safety of your information is very important to us – we do not share your information with anyone except other healthcare professionals, your insurance company, or anyone you give us explicit permission to share it with. We do not sell any information.
Why do we need this information?
We are legally obliged to retain medical records for 8 years (or to age 25 if you attend the clinic as a child). Our professional regulatory body requires us to keep personal data for all patients as a minimum standard, to allow correct patient identification and to ensure that everything that happens to you during a course of treatment is recorded in the right place.
We need your phone, email and address details to be able to contact you regarding appointments, forwarding information, communicating with you.
We need your insurance company details to enable us to send your bills to them.
The legal basis
We have a legitimate interest in keeping your information for the care of you as a patient. It is necessary for us to process your information to provide the necessary health treatment from a health professional in order to comply with our legal obligations as a healthcare provider. The data is processed by the professional in accordance with the obligation of professional secrecy by law.
Where do we keep your information?
Your paper notes are kept in locked filing cabinets within the clinic or in a locked room, accessible only by clinic staff. Your information is also kept on our computer on a data base in a programme which allows us to record appointments and create invoices. We have up to date firewalls and virus protection on our computer and multi-level password protection which is changed regularly. We back up the data regularly and secure the back up in a locked safe. We do not store your information in any internet/cloud based systems. Your information will not be sent out of the EU. We will notify you directly in the unlikely event of a data breach of your information.
How do we dispose of your information?
Eight years following your last treatment date, your paper records are discarded after being cross-shredded.
We will delete your record from our data base eight years after your last treatment.
We do not collect your personal information through our website. You may find links to third party websites on our website. These websites should have their own privacy policies which you should check as we do not have any control over other websites. We therefore cannot take responsibility or liability for their policies or for the protection and privacy of any information which you provide while visiting such sites.
You have several rights including:
- the right to know what information we keep about you and how we use it (the purpose of this Privacy Notice)
- the right to see it – within 1 month of requesting it
- the right to have a free copy of your data
- the right to rectify it if something is wrong
- the right to have your data deleted , however there may be circumstances where we are legally entitled to retain it
- the right to restrict what we do with your data
- the right to object to the processing of your data, however there may be circumstances where we are legally entitled to refuse that request
- the right to review some automated decision making or profiling
- the right to make a complaint to the Information Commissioner (www.ico.org.uk) if you think that any of your rights have been infringed by us.
How to contact us
Our Data Controller is Rachel Wylie, Partner of the Carmichael Clinic, who can be contacted through the contact details below.
If you wish to access any of the information we hold about you, please write to us at:
King Edward House, 16A Princess Street, Knutsford, WA16 6BU
or contact us by email at email@example.com