What happens with your personal information and how we use it
I am committed to protecting and respecting your privacy when dealing with your personal information.
When I refer to me I am Julian Batcheler the Osteopath who owns this website and whose practise the site is designed to promote.
Your personal data
When I refer to personal data in this policy, I mean information that can or has the potential to identify you as an individual. I may hold and use personal data about you as a patient.
When I collect personal data about you
I will collect personal data about you:
- If become a patient with me.
- You are referred by a clinician, the NHS or any other organisation
- Enquire about any of our services
- Use or request to use any of our online services
- Fill in a form or survey for us
- Carry out a transaction on our website
- Participate in a competition or promotion or marketing activity
- Make online paymentsC
- Contact me, for example by email, telephone or social media
- Participate in interactive features on any of our websites
Why do I collect your data?
• To enable me to carry out our obligations to you in connection with the services I provide and/or arising from any contract entered into between you and I including relating to the provision by me of services to you and related matters such as, billing, accounting and audit, credit or other payment card verification, anti-fraud screening
• provide you with information, products or services that you request from me
• allow you to participate in interactive features of my services, when you choose to do so
• notify you about changes to my products or services
• respond to requests where I have a legal or regulatory obligation to do so
• check the accuracy of information about you and the quality of your care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process
• assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
• to ensure that content from my website is presented in the most effective manner for you and for your computing device
To process your information in accordance with the data protection laws, I must establish a lawful basis for doing so which must be at least one of the following:
• performance of a contract
• legal obligation
• for the protection of our and your vital interest
• legitimate interest and/or
• with your consent
The security and storage of your personal data
Sensitive personal data related to your health will only be disclosed to those involved with your treatment or care, or in accordance with data protection laws and guidelines of professional bodies or for the purpose of clinical audits and research (unless you object). We will only use your sensitive personal data for the purposes for which you have given it to us and where we have a lawful basis under the data protection laws to do so.
Organisational and technical security
I have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged.
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable data protection laws and/or appropriate guidance. I am obligated by law to keep patient data for upto eight years after you last treatment.
At your request, I can transfer personal information to you via email, or you may choose to transfer information to me via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.
Disclosure of your personal data
Data will only be shared with:
- yourself or any organisation you request
- your GP if you request
- the NHS of refereed to me by the NHS
- your health insurance provider if you use them to pay for my services
- if they request for whatever reason: the General Osteopathic Council (the legal regulator of UK osteopaths)
- if they request for any reason or I request their help: the Institute of Osteopaths and my insurance provider who works though the Institute of Osteopaths
- any organisation used for the collection of unpaid treatment costs
Health information collected during provision of treatment or services
Your GP: If I believe it to be clinically advisable, I may also share information about your care with your GP. If your GP requests information regarding your care or copies of any relevant records then we may also share this information with them. You can ask me not to do this, in which case I will respect that request if we are legally permitted to do so. But you should be aware that it can be potentially detrimental to your health to deny your GP full information about your medical history.
Your Insurer: I share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with me. I provide only the information to which they are entitled. If you raise a complaint or a claim I may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.
The NHS: If you are referred to me for care by the NHS, I will share the details of your treatment with the part of the NHS that referred you to me, as necessary to perform, process and report back on that care.
Healthcare and Clinical regulators: I may be requested – and in some cases can be required - to share certain information (including personal data and sensitive personal data) about you and your care with healthcare and clinical regulators such as the General Osteopathic Council and the Institute Of Osteopaths. For example if you make a complaint and the regulator wishes to conduct an investigation. I will ensure that I do so within the framework of the law and with due respect for your privacy.
In an emergency and if you are incapacitated, I may also process your personal data (including sensitive personal data) or make personal data available to third parties on the basis of protecting your life.
You have the following rights in relation to your personal data
• Right of access: the right to make a written request for details of your personal information and a copy of that personal information
• Right to rectification: the right to have inaccurate information about you corrected or removed
• Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased after the legal time I am required to hold it for.
• Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
• Right to withdraw consent: the right to withdraw any consent you have previously given me to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of my use of your personal information prior to the withdrawal of your consent and I will let you know if I will no longer be able to provide you with my services.
Please note: Your rights are not absolute: they do not always apply in all cases and I will let you know in our correspondence with you how and whether I will be able to comply with your request
If you want to exercise your rights in respect of your personal data, the best way to do so is to contact me by email at firstname.lastname@example.org