This Privacy Notice sets out important details about information that The London Skin and Hair Clinic and clinicians responsible for your care and treatment may collect and hold about you, how that information may be used and your legal rights. You can contact us if you have any questions about its content.
We will review this Privacy Notice on a regular basis and we advise you to check our website for the latest version. A printed copy of this privacy notice is available at our clinic in the waiting room.
Who has information about me?
The London Skin and Hair Clinic is the trading name for LONDON SKIN AND HAIR CLINIC LTD (company number 06962164) and LONDON SKIN & HAIR CLINIC (W1) LLP (company number OC350222). These companies are registered with Companies House and the registered address is 233 High Holborn, London, England, WC1V 7DN. Other trading names used are The London Skin and Hair Clinic: Medical Dermatology Centre, London Real Skin, and London Trichology.
Each of these companies may, to the extent relevant, collect, retain and use information about you and we refer to these collectively as The London Skin and Hair Clinic in this document.
External websites
We may from time to time include on our websites links to and from the websites of other organisations for the purpose of information or education. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies and notices before you submit any personal data to these websites.
Where did you get this information from and what information does The London Skin and Hair Clinic hold about me?
We have information about you which you and others involved in your care and treatment (or their secretaries) or who have referred you to our clinic, or who are paying for your care and treatment (including private health insurers) have supplied to us. This is likely to include your name and contact details (postal and email addresses and phone numbers) as well as emergency contact details, including your next of kin.
We may also hold more sensitive information about you, such as your current or previous physical or mental health, your sexual orientation, your religion, nationality, race and/or ethnicity and genetic or biometric data relating to you. This may also include details of healthcare services provided previously by The London Skin and Hair Clinic and others such as GPs, Specialists or hospitals, laboratories and details of any medications you have been prescribed or taken. We refer to this as ‘more sensitive information’ in this Privacy Notice.
We may collect information from you when you visit our websites or enquire about our products or services. We may hold information about you contained in enquiry or booking forms, including through our ‘Send a Query’ or ‘Book a Consultation’ sections of our websites and through email correspondence where you may have shared health information, test results or images. In addition we may hold information about you that you provide in surveys or in feedback.
If you call our helpline or hospitals contact our live support via our website, these telephone calls or live chats may be recorded and retained for a limited period for training and monitoring purposes and to help improve our services.
In order for us to provide your care and treatment, we ask that you provide as much information to us as you can. You are of course free not to disclose information to us and you should only provide such information as you feel comfortable doing so. Please bear in mind, however, that if you are only willing to share limited information, we may not be able to provide you with the full range of care and treatment (as applicable), and that could mean being unable to see you at the clinic (since we may not be able to share your information in the way required in order to provide your care or treatment, or run our business (for example, billing) and comply with our legal obligations).
How will The London Skin and Hair Clinic use the information it holds about me?
We use information about you in connection with your treatment and/or care, including tests medical examinations. We will use this also in connection with payment of fees, including billing, invoicing and settlement of your account with us.
We may use your phone number (or email address where you have provided it to us) to contact you in advance of and after your appointment for reasons connected with your care or treatment. Where you have provided us with your mobile number or email address, we may send you confirmations/reminders of your appointments via text message or email and we may respond to your email enquiries via email.
We may also use information about you for quality assurance, maintaining our business records, developing and improving our products and services and monitoring outcomes where we believe there is a business need to do so and our use of information about you does not cause harm to you. This may include our workforce planning and workload management systems to help support our staff and clinicians to develop and plan the most appropriate levels of care to our patients and to ensure we have got the right levels of productivity and efficiency and good outcomes for patients.
We may also use information about you where there is a legal or regulatory obligation on us to do so (such as the prevention of fraud) or in connection with legal proceedings.
We may also use information about you where you have provided your consent to us doing so.
We do not carry out automated decision making or profiling.
Will The London Skin and Hair Clinic share information about me with others?
Yes; we set out these reasons below and assure you that in each case, we share only such information as is appropriate.
Sharing information with those involved in your health care or treatment (or with those who are paying for your care or treatment)
We will share your medical information with those involved in your health care or treatment (such as clinicians, nurses and specialist). Some of our nursing staff are provided by specialist staffing agencies. Consultants (such as Dermatologists and Specialists) are also not employed by us. We try to ensure there is a single patient record for each patient who is seen at our clinic and we ask consultants working at our clinic to ensure a copy of their records, including consultation records, is included in each patient’s records at the clinic.
We will also share information about you with other members of staff involved in the delivery of your care (such as our administrators, typists and accounts team). At times we use an external medical typing agency for typing medical reports.
Some of those involved with your treatment or care are external companies providing services such as blood tests, analysis of tissue samples, such as biopsies.
We may also share relevant parts of your medical information with your GP and specialists involved in your care.
We may also share relevant parts of your medical information with the organisation paying for your treatment (for example your insurance company, embassy, or employer). This information may include the dates of treatment, diagnosis, treatment provided and planned and information in regards to the basis of your referral to the clinic (including whether a referral letter has been provided).
If we are concerned that you may be vulnerable or ‘at risk’, we may share information about you with the local Safeguarding Team, the specialist members of which come from the local authority and the police.
We may share information about you with anyone you have asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin).
Sharing information with third parties who are not involved in your health care or treatment
We may share information about you with external organisations such as our solicitors, accountants and public relations advisors. We may also share information about you with third party suppliers, which provide us with a secure credit/debit card storage system, document scanning and storage facilities, electronic patient and clinical staff administration and records systems and reporting systems. We may also share information about you with those providing us with information technology systems, this includes an incident management and recording system as well as other clinical and non-clinical software applications (and related services) and website hosting. In each case, we would share only such information as was relevant.
Sharing your information with payments partners and debt collection agencies
If your bill is not paid on time, we may share information (such as copy invoices) with our payment partners and debt collection agencies.
Please be assured that your medical records would not be shared either with our payment partners or with debt collection agencies.
Sharing with regulators or because of a legal obligation
We may share information about you with our regulators, including the Care Quality Commission. Other regulators with whom we may share information about you include the Medicines and Healthcare products Regulatory Agency (which ensures medicines and medical devices used in the UK work and are acceptably safe), and the Department of Health (the government department responsible for health and adult social care policy).
Sometimes, we are required to disclose information about you because we are legally required to do so. This may be because of a court order or because a regulatory body has statutory powers to access patients’ records as part of their duties to investigate complaints, accidents or health professionals’ fitness to practise. Before any disclosure will be made, we will satisfy ourselves that any disclosure sought is required by law or can be justified in the public interest. Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime. On occasion, this may include the Home Office and HMRC.
Audits, surveys and initiatives
In common with all healthcare providers (both NHS and private), we also look at the quality of the care we provide to patients and participate in national audits and initiatives to ensure that patients are getting the best possible outcomes from their treatment and care and to help patients make informed choices about the care they receive. We can assure you that your personal information remains under our control at all times and we ensure any information we provide for national audits and initiatives outside of The London Skin and Hair Clinic will not contain any information in which any patient can be identified, unless it is required by law. Any publishing of this data will be in anonymised statistical form.
Following your appointment you will be invited to complete a survey and share your views to help us improve the services we offer. We offer the survey in an online format using the email address you provide to us.
One of the national programmes we participate in is run by the Private Healthcare Information Network (PHIN) which runs a website enabling patients to compare privately-funded healthcare (both hospitals and consultants). PHIN has its own privacy notice (a copy of which can be accessed via their website). We may in future share some of your personal data (NHS Number in England and Wales, CHI Number in Scotland or Health and Care Number in Northern Ireland) with PHIN. That would enable PHIN to send this Number to the relevant national information authority (for example NHS Digital in England) which can link it to national hospital and mortality data. The linked information, with your personal data removed, would then be provided to PHIN to measure quality of care, check for adverse events after discharge from this hospital, such as unplanned readmissions to hospital, emergency transfers between hospitals, or deaths following treatment. We will update this Privacy Notice to reflect when this sharing happens. Additionally, the records we send to PHIN will include your postcode to enable statistical processing. Personal information is treated with high standards of confidentiality in accordance with data protection laws and the duty of confidentiality. Any information that is published will always be in anonymised statistical form and will not identify you. This information will not be shared or analysed for any purpose other than those described in this section.
Change of clinic ownership
If we were to sell or transfer our clinic or part of our clinic to another organisation, your patient records would also transfer to the new owner. Limited information may also be shared, where required, with legal and other professional advisors involved in that transaction.
The reason we would transfer your records is to minimise the disruption to current or past patients caused by the sale or transfer and to ensure we and a new owner were able to comply with our legal obligations regarding the retention of patients’ and other clients’ medical records and to ensure continuity of care.
Where you have provided us with consent
During the registration process you may choose to opt in to receiving information about other services The London Skin and Hair Clinic offers by post or email.
Your consent or decision to opt in is entirely voluntary. Should you decide not to consent or opt in or should you change your mind at any time, you do not need to give a reason and your medical care and legal rights will not be affected. You can opt-out by clicking on the ‘unsubscribe’ button in all our marketing communications.
Apart from these limited instances, we do not hold or share information about you based on (or at least solely on) consent.
What legal basis does The London Skin and Hair Clinic have for using information about me?
Data protection law requires that we set out the legal basis for holding and using information about you. We have set out the various reasons we use information about you and alongside each, the legal basis for doing so. Given that some information we hold about you is particularly sensitive (as described above), we need an additional legal basis which we have set out in the third column (entitled ‘legal basis for more sensitive information’) explaining our reason for this.
| Reason | Legal Basis | Legal Basis for more sensitive information |
|---|---|---|
| Taking an enquiry and establishing an initial patient record | Taking the necessary steps so that you can enter into a contract with us for the delivery of healthcare | The use is necessary for reasons of substantial public interest |
| Providing you with care and/or treatment | Providing you with health care and/or treatment Fulfilling our contract with you for the provision of care and treatment | We need to use the information in order to provide care and treatment to you The use is necessary to protect your vital interests where you are physically or legally incapable of giving consent |
| Liaising with other healthcare professionals about your care and updating others (such as your emergency contact) | Providing you with care and treatment We have a legitimate interest in ensuring that other healthcare professionals who are routinely involved in your care (such as your GP) have full details of your treatment | We need to use the information in order to provide care and treatment to you The use is necessary for reasons of substantial public interest under UK law The use is necessary in order for us to establish, exercise or defend our legal rights |
| Settling your bill | Providing you with health care and/or treatment Fulfilling our contract with you for the provision of care and/or treatment We have an appropriate business need to use your information which does not overly prejudice you | We need to use the information in order to provide you with care and/or treatment The use is necessary in order for us to establish, exercise or defend our legal rights |
| Providing improved quality, training and security (for example, recording or monitoring phone calls and conducting post-treatment surveys | We have an appropriate business need to use your information which does not overly prejudice you | We need to use the information in order to manage the healthcare services we deliver, including carrying out surveys (which are not a form of marketing) in order to identify and carry out any necessary improvements |
| Participation in audit and research programmes | (Some audit registries have statutory approvals or the information collected does not identify you as an individual. If that is not the case, then consent will be required and this is usually obtained directly by the relevant organisation or by us on their behalf.)) Where consent is not required: We have a legitimate interest in helping with medical research and have put appropriate safeguards in place to protect your privacy | (Some audit registries have statutory approvals or the information collected does not identify you as an individual. If that is not the case, then consent will be required and this is usually obtained directly by the relevant organisation or by us on their behalf.) Where consent is not required: The use is necessary in the public interest for statistical and scientific research purposes |
| Contacting you and resolving queries | Providing you with care and/or treatment We have an appropriate business need to use your information which does not overly prejudice you | The use is necessary for the provision of care or treatment pursuant to a contract with a health professional The use is necessary in order for us to establish, exercise or defend our legal rights |
| Investigating and responding to complaints or claims, complying with our legal or regulatory obligations and defending or exercising our legal rights | The use is necessary in order for us to comply with our legal obligations | The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems The use is necessary for establishing, exercising or defending legal claims We need to use the information in order for others to provide informed healthcare services to you |
| Managing our business: retaining patient records, maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (such as tax, financial, legal or public relations advice) | Our having an appropriate business need to use your information which does not overly prejudice you The use is necessary in order for us to comply with our legal obligations | More sensitive information about you would not be used in all these circumstances, but where it is, the basis on which we would be doing so would be: The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems The use is necessary for establishing, exercising or defending legal claims |
| Advising you of other services offered by The London Skin and Hair Clinic | Our having an appropriate business need to use your information which does not overly prejudice you You have provided your consent | More sensitive information about you would not need to be used in these circumstances and so no reason is included here |
| Passing your records to a third party to whom we sold or transferred part of our business or clinic | Providing you with care and/or treatment The use is necessary in order for us to comply with our legal obligations | We need to transfer the information in order for care and/or treatment to be provided to you The transfer is necessary to protect your vital interests where you are physically or legally incapable of giving consent We need to transfer the information in order for others to provide informed healthcare services to you |
Where and for how long does The London Skin and Hair Clinic store information about me?
The information about you that we hold and use is held securely in the United Kingdom and stored in paper format and on our secure servers. However, in some instances, your personal information may be processed for medical purposes or (particularly information not involving your medical information, because there is a legitimate interest or it is necessary for the performance of services to you) outside the European Union (“EU”) where the organisation paying for your care or treatment is based outside the EU or where one of our suppliers is operating outside the EU. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
We retain your records for certain periods (depending on the particular type of record) under our retention of records policy. Legally we are bound to retain health records for the lifetime of a patient and at least 10 years after death. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care; to support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate interests, and to meet legal requirements.
If you would like more detailed information on this, please contact our Information Governance & Data Protection Officer (contact details below).
What rights do I have?
The law provides you and other patients with certain rights in relation to the information about you that we hold. You may exercise these at any time by contacting our Information Governance & Data Protection Officer (contact details below) or as otherwise noted below and without adversely affecting your medical care.
There will not usually be a charge for handling a request to exercise your rights and if we cannot comply with your request, we will usually tell you why. If you make a large number of requests or it is clear it is not reasonable for us to comply with a request, then we do not need to respond or we can charge for doing so.
As a dermatology clinic we use digital photography to monitor and record to assist in diagnosis and treatment. As these photographs are high resolution it is not possible to email photographs given the size and resolution. Patients can bring a USB or portable storage device to the clinic where our team will be happy to provide a copy of all clinical photographs. Alternatively patients can post a USB stick to our clinic which we will return by post at no charge. Finally we keep blank USB keys at our clinic which are available to purchase for £10 which we will post at no charge with a copy of a patients clinical records.
Right of access
You have the right to access information held about you. This includes details of what information we hold about you and a copy of that information. The information will be provided free of charge and, unless there are grounds for extending the statutory deadline, the information will be provided to you within one month of receipt of your request. Please note we will generally also ask for confirmation of your identity and may need further information from you in order to locate the information, in which case the time period starts from the date we have that detail. Please note that in some cases we may not be able to comply fully with your request, such as where your request also involves information about someone else and it would not be fair to that other person to provide the information to you.
Please contact the clinic should you wish to exercise this right.
Right to rectification
We take reasonable steps to ensure the information we hold about you is both accurate and complete. However, you are entitled to have the information rectified if that is not the case. Unless there are grounds for extending the statutory deadline, we will respond within one month of receipt of a rectification request.
As notes and medical reports that our clinicians prepare are medical records, our clinicians are not able to omit information provided during a consultation, or change diagnosis or treatment information, if a patient requests them to do so, for the purpose of trying to claim from their private health insurers (for example to avoid reporting a pre-existing condition).
Please contact the clinic should you wish to exercise this right.
Right to erasure (sometimes referred to as the right to be ‘forgotten’)
In some circumstances, you have a right to have information about you ‘erased’ and to prevent us using or holding information about you. Please note that we do not have to comply with such a request where it is necessary to keep your information in order for us to perform tasks which are in the public interest (including public health) or for the purposes of establishing, making or defending legal claims. If you make such a request and we comply with it, please be aware that we will retain a note of your name, the request made and the date we complied with it.
Please contact the clinic should you wish to exercise this right.
Right to restrict processing
In some situations, you have a right to ‘block’ or suppress our holding or using information about you. As with the right to erasure, please note that we do not have to comply with such a request where it is necessary to keep your information in order for us to perform tasks which are in the public interest (including public health) or for the purposes of establishing, making or defending legal claims.
Please contact the clinic should you wish to exercise this right.
Right to data portability
You have the right to obtain and re-use your personal data for your own purposes across different services, allowing you to move, copy or transfer personal data from one IT environment to another. This right, however, only applies to personal data you have provided to us, where the processing is based on your consent or for the performance of a contract; and when the processing is carried out by automated means.
Please contact the clinic should you wish to exercise this right.
Rights relating to automated decision making
You have the right not to be subject to a decision when it is based on automated processing (i.e. by a computer alone); and it produces a legal effect or a similarly significant effect on you. As noted above, The London Skin and Hair Clinic does not carry out automated decision-making in relation to patients.
Please contact the clinic should you wish to exercise this right.
Right to withdraw consent
You have the right to withdraw consent to us holding or using information about you, but only if consent is the basis for us holding or using your information. Please click the ‘unsubscribe’ button in marketing materials or otherwise please contact the clinic should you wish to exercise this right.
Right to object
You have the right to object to The London Skin and Hair Clinic holding or using information about you in certain situations – where this is based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
Please contact the clinic should you wish to exercise this right.
Right to complain to the Information Commissioner’s Office
You can complain to the Information Commissioner’s Office (ICO) if you are unhappy with the way we have dealt with a request from you to exercise any of your rights or if you think we have not complied with our legal obligations. Whilst you do not have to do so, we would appreciate you making the Information Governance & Data Protection Officer aware of the issue and giving us an opportunity to respond and to address it before contacting the ICO.
Making a complaint will not affect any other legal rights or remedies that you have. More information can be found on the ICO website: https://ico.org.uk/ and the Information Commissioner’s Office can be contacted by post, phone, fax or email as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 7459 (if you prefer to use a national rate number)
Fax: 01625 524 510
Email: casework@ico.org.uk
Contacting The London Skin and Hair Clinic and the Information Governance & Data Protection Officer
For further questions or to exercise any rights set out in this Privacy Notice, please contact The London Skin and Hair Clinics Information Governance & Data Protection Officer:
Information Governance & Data Protection Officer
The London Skin and Hair Clinic
233 High Holborn
London
WC1V 7DN
Email: doctor@LSAH.co.uk
- Privacy Notice for Patients v2.0 July 2018