Polaris
Sana Wellbeing
Privacy Policy
Ethereal Healthcare is committed to ensuring that your personal data collected during your time as a patient with us, is processed, shared and protected according to the General Data Protection Regulation (GDPR) effective from the 25th of May 2018.
Any information we take from you is taken in order for us to provide you with the best possible care and to help with communication between ethereal healthcare and its patients.
The Data Controller and processor is Anya Micallef.
How we acquire the data:
-
We acquire data in handwritten format taken in person or over the phone or via the Internet through skype, zoom or another method of digital communication.
-
Data can also be sent to us electronically via email, text or whats app.
Records kept by our practice may include the following information:
-
Details about you such as your full name, email, telephone number (home, work and or mobile), date of birth, GP, career etc.
-
More detailed information will be kept about each patient regarding their present and past physical and mental/emotional health and wellbeing, which are necessary in order to prescribe the correct medication or in helping to make the correct assessment of your condition.
-
Any contact we have with you such as appointments (in person, by phone or on skype, zoom or another method of digital communication).
-
Notes and reports about your health created by us as well as reports which patients may give us regarding laboratory results such as blood tests, x-rays, GP notes etc.
-
We will always make clear the purpose of the data that is collected by us.
-
Emails taken will be used for one of two reasons; the first is for both patients and practitioners to communicate with ease important information or documentation. It will also be used for advertising new services offered at the practice and to update patients about important changes to the practice such as price changes etc. If you do not want to receive advertising information then you can at any point opt out of this by contacting us.
How is your data stored?
-
We do not share your personal data with any third parties (persons or organisations outside of the practice) unless this is specifically requested and we have the fully informed consent of the patient.
-
The exception to this rule will be when it is essential to providing care or necessary to protect someone’s health, safety or wellbeing. If a patient or another person is at grave risk of serious harm which disclosure to an appropriate person would prevent, the practitioner in charge of your case can take advice from a professional/regulatory/defence body, in order to decide whether disclosure without consent is justified to protect the patient or another person.
-
The practitioner in charge of your case in some circumstances may need to discuss details of your case with a supervisor in order to ensure you are receiving the best possible care, in which case only information about your and/or your child/children’s mental/emotional and physical health will be disclosed – any personal information that may identify you or your family (names, address, date of birth, telephone number, email etc.) will not be disclosed.
-
Handwritten personal data which is taken during consultations will be stored in a file created for you after your first appointment, which at all times will be kept in a locked cabinet within the practice.
-
Data colleted in the handwritten form will also be typed out on a computer and kept in a secure password protected file and password protected computer with anti-virus and firewall software. A copy of this file will also be printed and kept within your personal folder.
-
Any photographs or film footage in digital form of yourself sent to one of our practitioner’s via mobile or email will be deleted after viewing. Photographs that are considered important to your case history in order to document the progression of your or your child/children’s condition may be printed and kept in your personal folder and stored in a locked cabinet outside of consultation times.
-
Legally we have to keep all personal data of patients for 7 years after their last consultation, After this time the information will be shredded or burned,
-
If at any point a patient’s personal information was breached by those unauthorised to see it, the relevant patient will be informed within 72 hours.
-
Every staff member atethereal healthcare has a legal obligation to keep all your personal details confidential.
-
Your email addresses will be stored securely on our email servers, which currently are proton mail, mail and google-mail.
-
We may also store data such as appointment times and dates, name, number and emails on 10to8 which is a state of the art booking system used by some members of our workplace.
Access to personal information
You have a right under the Data Protection Act 1998 to request access to view or to obtain copies of the information we hold about you and to have it amended should it be inaccurate. You should receive this information no later than 40 days after the request has been made.
A request to access personal data, or to have data erased, must be made in writing and signed by you, the patient. Emailed requests, or requests made via text are not acceptable.
However, there are several grounds upon which ethereal healthcare can refuse to erase patient information such as:
-
Our need to comply with a legal obligation for the performance of a public interest task, or exercise of legal authority.
-
For public health purposes in the public interest.
-
The exercise or defence of legal claims.
Objections / Complaints
Should you have any concerns about how your information is stored or managed please contact the ethereal healthcare so that we can address these concerns. If for example you would prefer details from your appointments not to be stored electronically we can make sure we only store them in paper form kept within a locked cabinet.
Changes in information
It is important to inform the ethereal healthcare if any of your details have changed such as your name or address so that it can be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
Changes to this policy
This policy may change from time to time. If we make any material changes, we will make you aware of them.
Consent
I have read and fully understood the ethereal healthcares privacy policy, and consent to my data being used in accordance with the purposes outlined in this privacy policy.
For children under 16 years of age, parents must provide consent to their data being used for the purposes identified in this privacy statement, in accordance with GDPR.