Privacy statement

At The Oncology & Plastic Surgery Clinic Ltd your personal and medical information is of the utmost importance and we take every step necessary to ensure we are legally compliant under current Data Protection legalisation.

Our privacy statement outlined below provides information about how your personal data is collected, stored and transmitted.

 What information do we collect?

Mr Khan’s admin team will collect information from you or a second party involved in your medical care. The personal details we will require from you are your full name, date of birth, correspondence address, email and telephone contact details as well as any GP or referring clinician details and your payment particulars. If you are insured, we will require your insurance details including your membership and authorisation number for your appointment or procedure.

We may also collect medical notes, prosthesis information, correspondence from second parties involved in your care including insurers, guarantors, clinicians, GPs etc. Following payments, invoices will be kept on file along with any receipts for accounts and auditing purposes. These are confidentiality destroyed at the end of their retention period and in line with current legislation.

Mr Khan may also collect surgical photographs during your consultation. You will be asked as part of your patient consents whether you permit us to use or share this information.

What is our legal basis for collecting and retaining this information?

We require your personal and medical data to ensure good and safe medical practice and collect this in line with the current Data Protection Act. Mr Khan has a legal obligation to collect your personal data and this is in line with the legitimate and vital interests of your medical care and Mr Khan’s legal obligation as a medical professional.  We collect and process this information using your consent. We also process your medical information, otherwise known as special category data under Article 9 of the Data Protection Act. We collect this data using your explicit consent to do so and in line with our legal duties to process and retain information in the event of exercising or defending a legal claim.

 Where and how is your personal data stored?

Your personal and medical information is kept securely on our electronic systems. Any paper copies of medical notes are securely stored to ensure adequate patient confidentiality. This information is securely destroyed after suitable medical data retention periods.

We will share your personal and medical information when necessary and appropriate for your care and treatment in line with good and safe medical practice. We will not share your information with third parties outside the below mentioned groups unless you have specially requested that we do so.

 How do we use your personal data?

Your information may be shared with any of the below second and third parties directly involved in your care and in line with our business requirements:

  • General Practitioners

  • Clinicians

  • Any hospital where your procedure, test or consultation is taking place

  • Your insurer or guarantor

  • Solicitors

  • A third party of your choosing  (If you wish correspondence to be sent onto your next of kin or a particular consultant) Our accountant and HMRC

  • Surgical and prosthetic companies

  • The NHS Implant Registry

  • Transcription services 

Should you wish for us to not correspond with any of the above parties please ensure you inform us in advance or at the time of your initial consultation. You can choose to change this consent at a later date but you must do so in line with our Right to Rectification procedures. Under new legislation you also have the Right to be Forgotten. Please contact us for further information.

We will only share your information with second and third parties who will look after your information in the same meticulous way that we do.  These parties are also regulated by the Information Commissioners Office and must comply with current legalisation. Should you wish us to share your information with a party we do not normally correspond with, this will be at your own risk as we cannot guarantee they will comply with the necessary legislation to keep your information secure. 

Keeping in contact

We will need to contact you to send you vital information concerning your medical care. We may contact you via email or post to send letters and correspond with you regarding procedures, appointments and general medical queries.

Any emails you receive from us will be encrypted and you will be asked to sign into Egress which is an online encrypted server in order to access the email. You only need to register once and any subsequent emails can be accessed by signing in. Although this can be time consuming it is a requirement in order to keep your online information safe.

We may also contact you by telephone and in the event that we cannot reach you we will leave a voicemail. We will not identify the reason for our call but will state that we are calling from Mr Khan’ office and ask that you call us back. We will also contact you by text message to confirm appointments. You should inform us if you do not wish us to communicate with you via any of these methods.

Disclosure of your personal information outside of the European Union

We do not send your personal information outside of the European Union unless you have an international Insurer in which case this information will be sent to them via encrypted email.

Updating your information and your legal rights

We ask that you keep us updated with any changes in your personal details. Please see our Right to Rectification procedures for further information.

Access to information

You are legally entitled to request the information we hold about yourself on our systems. Please contact our office for further information about our Subject Access Request Procedure or our Data Portability Procedure should you like to request your personal or medical information.

Please contact our office on 0207 927 6521 who will escalate any concerns to our Data Protection Officer. Alternatively you can contact the ICO directly.