Mercury Foot and Ankle Clinic is an orthopaedic surgical service providing consultations, diagnostics and treatment of musculoskeletal conditions and trauma. We are based at the BMI Saxon Clinic, Chadwick Drive, V7 Saxon Street, Milton Keynes MK6 5LR and the County Clinic, 57 Billing Road, Northampton NN1 5DB.
The General Data Protection Regulation (GDPR) sets out the basis upon which an individual’s data can be obtained and used. The purpose of this Privacy Notice is to explain how Buckinghamshire Foot and Ankle will manage, in compliance with the law, any personal data that we collect about you when you contact us or use our healthcare services.
If you would like to contact us about any of the information contained within this Privacy Notice you can contact our Data Protection Leads, Arul Ramasamy and Joel Humphrey at email@example.com
What information do we collect about our patients?
We collect information about you when you contact us about our services, make an appointment with us, undergo investigations and/or treatment
or are referred to us by another medical professional.
The information we collect can include the following:
- Name and date of birth
- Postal address, email address and telephone number
- Emergency contact details including next of kin
- Details of your condition or injury
- Preferred clinician if appropriate
- Background referral details
- GP details and those of other professionals involved in your care
- Details of your appointments, clinic visits, medications administered etc.
- Records about your health, treatment and care
- Results of investigations, such as laboratory tests, MRI, ultrasound and x-rays
- Information from other health professionals
- Details of who is responsible for payment of your consultation/investigation/treatment e.g. Insurer, sponsor, you or other
Who processes patient information?
In order to support your care, Mercury Foot and Ankle clinicians maintain records about you. The records may be processed by any member of the following teams, internally or at the hospitals, we are associated with:
- Reception Team
- Patient Services Team
- Medical Secretariat
- Admin Team
- Clinical Team
- Radiology Team
- Accounts Team
- Medical Records Team
- In certain circumstances, patient data may be processed by third party typists, phone answering service, medical billing company and/or credit control or debt recovery agency.
We also collect information about you when you voluntarily provide your personal details to us via our Patient Satisfaction Questionnaire.
The processing of your personal information is necessary to enable Mercury Foot and Ankle Clinic to conform with Article 6 (b) of GDPR and we would not be able to treat you without having access to detailed personal information.
How do we use the information we hold about patients?
To ensure you are receiving care according to your clinical needs, in accordance with Article 9 (2) (h) of GDPR, we process personal data relating to your health and we may use information about you to enable us to arrange appointments with the appropriate clinician(s), hospital and/or other facility for consultation, investigations and/or treatment.
If you have been referred to us by another medical or allied professional, we may disclose details of your consultation/investigations/treatment to them where appropriate. You can ask for some information not to be shared but this may result in the delivery of your care being less efficient.
We will never market our services to you or pass on your information to a third party for marketing purposes.
Each time we process your data we must have a legal justification for doing so. Generally, the grounds for doing so will be as follows:
- To set you up as a patient on our systems so that you can enter a contract with the clinic and clinician to receive healthcare services from us
- To provide you with healthcare and related services
- To communicate with you and resolve any queries, concerns or complaints you may have
- To communicate with other healthcare professionals involved in your care
- To comply with regulatory obligations and defend our legal rights
- To provide an out of hours appointment service
- For account settlement purposes
- For clinical audit purposes
- For appropriate business needs
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
b) The right to access the personal data we hold about you.
c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us to find out more.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us to find out more.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
h) The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
i) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
How can you access your information?
You have the right to request a copy of the information that we hold about you by making a Subject Access Request. For more information please email our Data Protection Leads, Arul Ramasamy and Joel Humphrey at firstname.lastname@example.org
If you have concerns about the way in which we have handled your data please contact our Data Protection Leads Arul Ramasamy and Joel Humphrey at email@example.com. If you are not satisfied with our response to any complaint you may have made, you can complain directly to the Information Commissioner’s Office (ICO).
How do we keep your information safe?
We take the protection of your information very seriously. All information is held safely and all those involved in the processing of patient data at Mercury Foot and Ankle Clinic are trained to do so in compliance with GDPR.
Where we share your information with others, we ensure this is done securely by encrypted email transmission by default.
There are different types of cookies which are used to do different things such as allowing you to navigate between pages on a website efficiently, remembering your preferences on certain web pages, or improving your overall experience.
Most web browsers automatically accept cookies, but you can disable this function by changing your browser settings if you so wish. To find out more about cookies including what they are, how to control them or how to delete them, please visit aboutcookies.org.
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Please check these policies before you submit any personal data to these websites.
Changes to our Privacy Notice
We regularly review our Privacy Notice and will update this page as required. This Privacy Notice was last updated on the 2nd June 2020.