Your personal information: 

Privacy Statement 

This privacy statement gives you information about how your data will be used

Introduction: purpose and lawful basis

The law requires transparency about the intended purposes and the legal basis for processing personal data. 

‘Processing’ is a broad term to include anything done with personal data. This can include collecting, storing, sharing and disposing of data, for example. 

Frith Psychiatry will usually process data on the lawful basis that ‘processing is necessary for the performance of a contract’ with you (GDPR Article 6), but less commonly it may rely on other legal bases, such as: to fulfil a legal or regulatory obligation, to pursue legitimate interests, for a vital interest or on the grounds of you having given explicit consent for a specific purpose. Sensitive data, including medical information, is given extra protection in law, which means data can only be processed if a ‘specific condition’ (GDPR Article 9) is also met – in the case of Frith Psychiatry, this will usually be that, ‘processing is necessary for the purposes of….medical diagnosis, the provision of health or social care or treatment…’ but, less commonly, another condition may apply (eg defending Frith Psychiatry’s legal rights or a claim, or explicit consent).

What information is collected and held about me?

Frith Psychiatry may collect the following personal data:

  • Your name, date of birth and age, address, email and phone number, GP name and surgery, emergency contact person
  • Consultation date(s) and a summary of the information you provided, the clinical findings or assessment made, any advice given to you, and the treatment or follow-up plan (in accordance with the General Medical Council’s guidance on Good Medical Practice)
  • Your past medical history and information about any medication, drug allergies or investigation results
  • Where applicable, healthcare information from another relevant professional involved in your care 
  • Where applicable, information provided by relatives or carers
  • Patient feedback
  • Patient contact and other preference information
What can my data be used for?

Your data is primarily used to provide a service to you. However, there may be other reasons to process your data, that might include:

  • To comply with the requirement to maintain a medical record for its recommended retention period 
  • To answer enquiries
  • To send invoices and maintain accounts
  • To contribute to service evaluation and clinical audit
  • To obtain and use patient feedback
  • To comply with obligations such as safeguarding, complaint, claim or other investigations
  • To report and investigate any adverse reactions or events, for example with medication
  • To keep patients informed about any changes to the service
  • To comply with regulator and professional registration requirements
How will information be obtained? 
  • Most of the data collected will be provided directly by you – for example when you complete an enquiry form or participate in a consultation 
  • From others involved in your care, for example your GP (with your consent)
  • Sometimes third parties provide information without being asked – for example relatives or employers may sometimes send information about you. This is ‘third party’ and is ‘their’ information; Frith cannot disclose it without their consent. Similarly, Frith cannot give third parties your information without your consent, except in rare circumstances – when required by law or to prevent serious harm
  • Information may also be collected indirectly to provide general statistics about patterns of website use, but will not be used to identify any individuals 
Data subject rights 

As a ‘data subject’, you have certain rights. The applicable lawful basis will influence those rights, but certain rights always apply – for example, you can always object to your data being processed for direct marketing. 

Do I have the right to access my data?

Yes, and this will be free of charge unless the requests are deemed ‘repetitive’, ‘excessive’ or ‘unfounded’ or if further copies are requested. 

You can make the request verbally or by email. You do not have to fill in any specific or extra forms, you simply have to make clear that as a data subject you wish to access your data.

You will have a response within a month.

You may need to prove your identity before records can be released to you. 

Certain information is exempt (not shared), such as information from a third party or where sharing the data could cause serious harm. 

Do I have the right to request my data is corrected?

You can certainly request correction of any factual errors or omissions. This does not usually extend to medical opinions, however – although you are always welcome to ask if you can add an entry outlining your different opinion.

Do I have the right to request my data is erased? 

This right does not apply to patient clinical records; there are reasons they need to be retained, including the legal obligation to maintain and retain health records and to be able to defend a claim.

How long will my records be kept for?

The NHS Records Management Code of Practice for Health and Social Care 2016 outlines a long retention period of 20 years for mental health records, although very mild adult cases treated successfully in the community may be treated as other adult records and kept for just 8 years. Advice is that doctors should work in keeping with this advice, whether or not they work in the NHS. Disposal, when it occurs, will be done in a secure manner in line with appropriate technology available at the time. If a third party is used for confidential data destruction, they must also operate within the relevant law and regulations. 

How will my data be kept secure?

Frith Psychiatry makes use of security measures such as encryption, passwords, secure online backup (ISO 27001 certified) to protect your data from theft or loss. 

Who is the data controller for Frith Psychiatry?

Dr Riches 

frith.psychiatry@posteo.net

Concerns or complaints

If you have a concern about the handling of your personal information, please raise this directly with Frith and / or you can raise it with the:

Information Commissioner’s Office 

Phone: 0303 123 1113 

Website: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/ 

Please note they advise raising a concern with them within three months of your contact with the organisation concerned. 

Final points

Patient information is also subject to the duty of confidentiality – none of the above removes the duty to hold your medical information in confidence (please see the confidentiality section).

This policy may change if Frith Psychiatry receives feedback or advice about improvements, if technology around data protection changes, or if the legal frameworks change.

Updated October 2022