Skip to main content

Privacy Policy

  • In this policy the term ‘you’ refers to parents or carers and young people over the age of 16.

How JM Mental Health uses your information to provide you with healthcare

This clinic keeps medical records confidential and complies with the General Data Protection Regulation (GDPR) and Data Protection Act 2018

  • We hold your medical record so that we can provide you with safe care and treatment.

  • We will also use your information so that this clinic can check and review the quality of the care we provide. This helps us to improve our services to you.

The confidentiality of your information is very important to us and we comply with data protection legislations and medical confidentiality guidelines of our professional bodies (namely the General Medical Council).

  • We will share relevant information from your medical record with other health care professionals when they provide you with care. For example, when you are referred to a consultant, or when we send details about your prescription to your chosen pharmacy. We recommend that we share the care given to you here with your NHS GP – however we will only do this with your consent and would provide you with copies of all correspondence.

  • You have the right to object to information being shared for your own care. Please speak to Dr Julia Moss if you wish to object. You also have the right to have any mistakes or errors corrected.

Other important information about how your information is used to provide you with healthcare at JM Mental Health Ltd

 

Registering for care at JM Mental Health Ltd

All patients who receive care are registered on our computer system and/or in a locked manual filing system

This database holds your name, address, date of birth, telephone number, email address and name of registered GP.

You will be asked to indicate if you consent to JM Mental Health sharing clinical information with your regular GP (please note you may change this decision at any time). This database does not hold information about the care you receive.  The information is only accessible to authorised clinic members

The database is held by JM Mental Health Ltd in a cloud-based system – Personal data about you is held in the practice’s computer system and/or in a locked manual filing system. The information is only accessible to authorised clinic members. Our computer system has secure audit trails and we back up information routinely.  The clinic has a confidentiality policy that all staff adhere to.

Our main patient database is held in a cloud-based system and data stored in secure EU data centres. Access to the data is only via 256 bit encryption and is protected with two-factor authentication

In certain circumstances we may hold a portion of your personal information on a local computer, for example for the purpose of writing appointment letters and updating notes.  In these cases, the computers that are used are protected by BitLocker encryption using a Trusted Platform Module version 1.2 or later and data is backed up to the cloud using 256-bit encryption.

 

What personal data do we hold apart from that collected when registering at JM Mental Health Ltd

As a medical clinic we will hold medical records and information about you in order to treat you appropriately and in a timely manner.

To provide patients with a high standard of medical care, we need to hold personal information. This personal data can include:

  • Past and current medical conditions; personal details such as age, address, telephone number, email, next of kin, NHS GP (as outlined above in the ‘Registering for care’ section

  • X-rays and clinical photographs

  • Information about your treatment that we have provided or propose and its cost

  • Notes of conversations or incidents that might occur for which a record needs to be kept

  • Records of consent to treatment

  • Any correspondence relating to you from yourself or other health care professionals

 

Why do we hold information about you?

We need to keep comprehensive and accurate personal data about patients to provide you with safe and appropriate medical care.

Safeguarding

  • Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.

  • These circumstances are rare.

  • We do not need your consent or agreement to do this.

  • Please see our safeguarding policies for more information:

 

We are required by law to provide you with the following information about how we handle your information.

Data Controller contact details:

Dr Julia Moss
JM Mental Health Ltd
39a Regent Street
Leamington Spa
CV32 5EE

Purpose of the processing:

  • To give direct health to individual patients.

  • For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.

  • To check and review the quality of care. (This is called audit and clinical governance).

  • To advise patients of changes to services or new services

Lawful basis for processing

These purposes are supported under the following sections of the GDPR:

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” 

Healthcare staff will also respect and comply with their obligations under the common law duty of confidentiality.

Recipient or categories of recipients of the processed data

Disclosure of information

To provide proper and safe medical care we may need to disclose personal information about you including to:

  • Healthcare professionals and staff in this practice

  • Hospitals (if required, e.g. referral or emergency transfer)

  • Out of hours services

  • Diagnostic and treatment centres;

  • Other organisations involved in the provision of direct care to individual patients

  • Regulatory bodies e.g. Care Quality Commission

Information would only be shared with your consent and you would be copied into all correspondence if you wished.

Disclosure will take place on a ‘need-to-know’ basis. Only those individuals or organisations who need to know to provide care for you will be given the information.

In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. The clinic would take legal advice before disclosing data in these very limited circumstances and where possible you will be informed of these requests for disclosure

 

Requesting your consent under GDPR

We will continue to obtain consent from you as a patient be it implied, verbal or written for the treatment or procedures undertaken at JM Mental Health Ltd   This will be in line with the General Medical Council’s guidelines and will be recorded appropriately in your medical records.

In addition to this

We require your consent under GDPR to communicate with you by phone or email or post.

We will

  • Ask you to opt-in to any marketing or other communications

  • Offer choices as to how to communicate with you should you so wish

  • Offer you the option to withdraw consent to that communication at any time

 

Collection of personal information when visiting our website

You can access most of the pages on our website without giving us your personal information although you may choose to do so, for example when you submit an enquiry. Users are requested not to send confidential details or debit/credit card numbers and we will never ask you to do so.

When you submit personal information, you consent to our use of the information as set above under ‘Requesting your consent under GDPR’.

Use of personal information

We will use personal information given to us in accordance with these terms and conditions, and with any additional statements appearing on forms used for submitting personal information. We will not disclose personal information to any third parties without obtaining your prior consent, unless we are required by law to do so.

If you submit an enquiry, we will use your personal information to administer and respond to your enquiry. We will store securely the information you supply and our response. We may produce reports on enquiries to enable us to monitor and develop our service but reports will be based on anonymous data; we will not identify individuals in our reports.

If you comment or complain about our services, we may use your details to investigate your comments.

Rights to object

  • You have the right to object to information being shared between those who are providing you with direct care.

  • This may affect the care you receive – please speak to the practice.

  • You are not able to object when information is legitimately shared for safeguarding reasons.

  • In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.

  • The information will be shared with the local safeguarding service

https://www.safeguardingwarwickshire.co.uk

MASH on 01926 414144.

Right to access and correct

You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff.

We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Data we get from other organisations

We may receive information about your health from other organisations who are involved in providing you with health following a referral from JM Mental Health. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your medical record at this clinic is kept up-to date when you receive care from other parts of the health service.

Note: Although obliged to share patient information with your NHS GP (with your consent) currently independent doctors do not have access to care and treatment records you receive elsewhere (NHS or private).

Retention period

Medical records will be kept in line with the law and national guidance. The clinic manager will advise you as to how long hard copy medical records are legally be required to be kept by us, digital medical records will be stored indefinitely until government regulations change.

Access to your medical records

You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to Dr Julia Moss.

Use of personal information

We will use personal information given to us in accordance with these terms and conditions, and with any additional statements appearing on forms used for submitting personal information. We will not disclose personal information to any third parties without obtaining your prior consent, unless we are required by law to do so.

If you submit an enquiry, we will use your personal information to administer and respond to your enquiry. We will store securely the information you supply and our response. We may produce reports on enquiries to enable us to monitor and develop our service but reports will be based on anonymous data; we will not identify individuals in our reports.

If you comment or complain about our services, we may use your details to investigate your comments.

 

If you do not agree

If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with your doctor. You have the right to object; however, this may affect our ability to provide you with medical care.

You have a right to withdraw your consent at any time, however this will not be retrospective.

Contact details

Data Controller (Dr Julia Moss)
JM Mental Health
39a Regent Street
Leamington Spa
CV32 5EE

 

Cookies and Internet Protocol (IP) logging

When you visit our website, our server will record your computer’s IP address (the unique numerical address given to every computer connected to the Internet) and the time and duration of your visit.

This website uses cookies, a piece of data that may be stored on your computer when you visit a website; these cookies store the anonymised IP address (the last digit group of the IP is removed before storage).

Cookies and your IP address will be used to track the pages you visit on our website. We will use this information to analyse the way our site is used, and to administer and improve the accessibility of our site. We will not use it for any other purpose. You may disable the use of cookies in your Internet browser without affecting your use of our website.

Links

From time to time our website may contain links to other sites. We are not responsible for the content or privacy practices of third parties that run other websites.

 

Right to complain

You have the right to complain to the Information Commissioner’s Office.

For further details about your rights under the Data Protection Act, please visit the Information Commissioners Office website.

www.ico.org.uk

Telephone:  0303 123 1113

Email online form: https://ico.org.uk/global/contact-us/email/

Write: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.

END