Privacy Policy

How I use your information to provide you with healthcare

My practice keeps personal and medical records confidential and complies with the General Data Protection Regulation.

I hold your medical record so that I can provide you with safe care and treatment.

  • I will share relevant information from your medical record with other health care staff or organisations when they provide you with care. For example, I will share information with your GP or with another specialist if I refer you to one.
  • You have the right to object to information being shared for your own care. Please contact me if you wish to object. You also have the right to have any mistakes or errors corrected.

I hold demographic details and record of healthcare provided to enable me to generate invoices and keep accounts

  • I will share information of the healthcare provided with insurance companies for the purpose of invoicing.

I contribute data to local, regional and national clinical audits so that healthcare can be checked and reviewed

  • Information from medical records can help doctors and other healthcare workers measure and check the quality of care which is provided to you. The results of the checks or audits can show where hospitals are doing well and where they need to improve. The results of the checks or audits are used to recommend improvements to patient care.
  • Data for some specific procedures are sent to external organisations. Nephrectomy data to the British Association of Urological Surgeons (BAUS) and adrenalectomy data to the British Association of Endocrine and Thyroid Surgeons (BAETS).
  • For more information about national clinical audits see the Healthcare Quality Improvements Partnership website: https://www.hqip.org.uk/ ; phone 020 7997 7370, or the BAUS website: https://www.baus.org.uk/patients/surgical_outcomes/

I am required by law to provide you with the following information about how I handle your information.

Data Controller contact details Mr Benedict Blake-James
32 The Mile, Pocklington, York. YO42 2HG
bjurology@gmail.com
Purpose of the processing To give direct healthcare to individual patients.
For example, following a consultation relevant information will be shared with the referring GP. When a patient agrees to a referral for an opinion or care, such as to another specialist, relevant information will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.

To check and review the quality of care (this is called audit and clinical governance).
Lawful basis for processing These purposes are supported under the following sections of the GDPR:
Article 6 (1)(f) ‘…legitimate interests.. for a genuine and legitimate reason (including commercial benefit).’.

Or, in the case of NHS practice being applicable:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’

Where  invoicing through an insurer is necessary:
Article 6(1)(b) ‘processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’

To check the quality of care (clinical audit):
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services…’
Condition for processing Health information is considered ‘special category data’ which in addition requires a condition for processing:
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” 
Common law: Duty of confidentiality
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
Recipient or categories of recipients of the processed data The data will be shared with:
healthcare professionals and staff in the referring GP practice; local hospitals; other organisations involved in the provision of direct care to individual patients.
Insurer where the patient is insured
National audit, NHS digital, BAUS, BAETS
Rights to object You have the right to object to information being shared between those who are providing you with direct care.
This may affect the care you receive – please contact me regarding this if you wish.
Right to access and correct You have the right to access your medical record and have any errors or mistakes corrected
– please contact me regarding this if you wish.
Right to erasure (‘right to be forgotten’) You have the right to request your medical record and personal details are deleted – please contact me regarding this if you wish.
Retention period Your medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or contact me regarding this if you wish.
Right to complain You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113
Data I get from other organisations I receive information about your health from other organisations who are involved in providing you with health and social care. For example, your GP may inform me of test results, or if you go to another specialist for treatment the practitioner may send me a letter to let me know what happened. This means your medical record is kept up-to date when you receive care from other parts of the health service.
Scroll to top