The terms ‘We’ or ‘Us’ used below refer to Adam Bray Dermatology Ltd.
‘You’ refers to any patient who has contacted or registered with Adam Bray Dermatology Ltd to obtain a quotation for, to enquire about or arrange an appointment, or to receive medical advice or treatment.
It is necessary for us to store personal information about you to provide information about the medical care we offer or to provide you healthcare.
EU and UK data protection regulations such as the General Data Protection Regulation (GDPR) require us to inform you about this.
Any links to third parties below are a suggestion for your convenience only. We cannot confirm the accuracy of the link or related information for your particular situation.
Information we process and what we do with your information
We collect personal data for identification and billing, such as your name, date of birth, address and private medical insurance details.
We may also record your NHS number to make it easier to keep other healthcare professionals informed about care within the NHS system, such as your GP.
We will record details of medical conditions, medications, allergies, or significant events that have affected your health in the past, and social factors such as your occupation, smoking, alcohol intake, and family support that have a bearing on safely providing you medical care.
We will record details of your current medical complaints, examination findings, test results, procedures, and often also clinical photographs to record the appearance or anatomical location of skin problems, or the outcome of treatment.
Digital photographs, video, or scans may be taken and stored for the reasons below.
Unless you specify otherwise all potentially recognisable images will only be kept for the purposes of recording or providing your own individual health care (i.e. number 1 below).
Your specific written consent will be asked for using any potentially recognisable clinical images for any other purposes. Microscopic images (e.g. of dermoscopy or microscope slides) would not be considered personally recognisable.
- If using images for conditions 2 and 3 below:
- your name would never be shown with the images
- the least identifiable views would be chosen
- images would be anonymised as much as practicable whilst still fulfilling their intended educational purpose
All images are stored securely using industry standard local encryption and encrypted upload methods. Camera data cards are erased immediately after secure upload and reformatted regularly.
Reasons for photo storage:
- record your care
- teach healthcare professionals
e.g. in presentations and tutorials
- help other patients or healthcare professionals decide or learn about treatment options
e.g. showing operations to other patients in clinic (this is a common scenario and patients can find it very helpful)
- publishing in medical journals or textbooks (potentially also including online but this would be uncommon so we would aim to double check this with you at the time if necessary)
Where we process and store your data
Your medical records are stored digitally within the European Economic Area (EEA) and updates are protected using industry standard encryption protocols.
Emails you send us that contain information about you are stored on email servers using standard services provided by various major companies (e.g. Apple, Microsoft) that use large scale encrypted servers and comply with GDPR, and locally on our encrypted company devices.
How we transfer and receive information from and to you
For mutual convenience we usually communicate with you predominantly by Email. Please note that Email is not a totally secure method of information transmission so please consider if you wish to send us personal information via this method (see below). This is also explained in a disclaimer at the end of every email message we send to you.
Emails – standard or encrypted
Please be aware that any information you send to us via standard email is sent 'in the clear' (i.e. unencrypted) unless specifically encrypted by you. If the information is personal or sensitive then please encrypt your message (your existing email application may offer this capability or use your internet search engine to find one). If you send an encrypted message you will receive an encrypted reply, otherwise the reply will be sent in the clear. Alternatively please request a telephone call back by email and leave your contact number.
The transfer of information by email can be encrypted in one or both of two ways:
- the email itself is encrypted (i.e. including subject & message) so cannot normally be read by a third party
- any files attached to the email are encrypted with password access (e.g. a password key/PIN is needed to decrypt an encrypted PDF file)
In addition, for reduced environmental impact over postage, we offer to email you copies of consultation letters or clinical images. When we first provide you healthcare we will always ask if you wish these documents to be sent in an encrypted form. You can change this preference at any time for future communications. If we are sending you copies of your clinical images we usually do this via encrypted PDF attachment unless you specify otherwise (unencrypted PDF or secure download link are other options).
Communicating with third parties
When transferring your personal information details between us and other care providers, insurers, or hospitals we always do this securely via either: encrypted PDF attachment, fully encrypted email, or secure encrypted (SSL) web upload.
Sharing information about you
We will never share any information about you with any person or organisation who is not directly involved in your healthcare, except where legally obliged to do so. This may include providing information to your private medical insurer but we provide only the information to which they are entitled (e.g. procedure code for planned treatment) and otherwise will ask you for your specific consent. We will not share information with others providing your healthcare if you have opted out as per the section below entitled ‘Your consent to opt-out’.
Your consent to opt out of information sharing
We would usually share certain information to ensure that other healthcare professionals looking after you are kept informed about any healthcare we provide for you, in case it affects other aspects of your care. This is particularly important when we prescribe you medication or carry out surgery. This is standard practice and is usually considered beneficial for your safety. It is a mandatory requirement of your private medical insurer.
However if you are paying for your own care you can choose to opt-out of the following elements:
-Recording your NHS number in our database
-Sharing information about your care with your GP
-Sharing information about your care with the healthcare professional who referred you to us.
We never use any of the information we hold about you for marketing or advertising purposes, and we never share any of your information with any third parties for these purposes.
Requesting a copy of the information we hold about you: Subject Access Requests
You have the right to request a copy of the information we hold about you. We must usually provide you this information within 1 month of receiving your request (and in a commonly used electronic format) and confirming your identity.
Requesting that we amend or delete the information we hold about you: Rights to rectification or erasure
You may request this if the information we have is inaccurate or no longer necessary for us to keep (e.g. you no longer wish to receive healthcare from us in the future or to communicate with us about it so we do not need to hold your contact or insurance details), or you withdraw your consent (e.g. you withdraw your consent for your clinical images to be used for teaching or showing other patients). However we are legally obliged to keep all medical records ‘accurate and complete’ so we would not erase any part of those. We may also need to keep previous billing details in case of financial audit. Please read about your other rights under GDPR e.g. The Information Commissioner’s website https://ico.org.uk.