Privacy Policy

Who we are 

Mr Gunaratnam Shyamalan (Consultant) is an independent consultant providing healthcare  services in the private healthcare sector.  

Midland Hand Clinic practice (Practice) comprises the following class of personnel who interact to  deliver healthcare services to the patient: 

• The consultant: the provider of healthcare services 

• The hospital or clinic personnel: the location where the consultant provides healthcare services. 

• Administration personnel (Office): independent secretarial and/or billing services reporting  directly to the consultant (not linked to the hospital or clinic) 

It is the policy of The Practice to take steps to ensure that your information is kept confidential and  secure and to otherwise protect and respect your privacy. 

This notice details what information we collect from you, why we collect it, what we do with it and how it might be shared.

The Practice as a data controller and/or a data processor 

In providing products and services, The Consultant will be acting as a joint data controller with the  hospital/clinic at which the healthcare services are delivered. The administration personnel will act  as a data processor on behalf of The Consultant.  

Where acting as a data controller, The Consultant will comply in full with this policy. 

Where acting as a data processor, The Office will be required to act on the instructions of the data  controller (and the data controller’s privacy policy will apply) 

How we use your information 

We will only use your personal data when law allows us to. Most commonly, we will use your personal data in the following circumstances: 

• With your consent and please note that you have the right to withdraw your consent at any  time by contacting us. (Consent). 

• Where it is necessary for our legitimate interests (or those of a third party) and your interests  and fundamental rights do not override those interests (Our legitimate interests). 

• Where we need to comply with a legal or regulatory obligation (Our legal duty). 

This privacy notice tells you what to expect when The Practice collects personal information. It applies to information we collect about: 

• Contact details in respect of your healthcare episodes with The Consultant • Documents that record your healthcare episodes with The Consultant 

• GP practice and other healthcare professionals that are associated with your care. • Financial information in respect payment for your healthcare episode. 

• Where appropriate and required, professional organisations that are associated with your  healthcare episodes, including, but not limited to, legal organisations, employment details.

We use many different kinds of personal information classified as follows:

Type of Personal Information

Description

Contact

Your name, correspondence and billing address, email address and  telephone number(s). Next of kin and/or appropriate carers.

Demographic This includes identification details such as registration numbers and  regulatory body information.
Billing Details of how healthcare episodes will be paid for, including  insurance company and policy details where appropriate.
Transactional Details about payments made to us by you or by a third-party in  settlement of your invoices
Medical

GP and GP practice details 

Other medical practitioners involved in your healthcare The Hospital(s) involved with your episode of healthcare Previous medical history 

Any medical document as generated by The Consultant in providing  healthcare services

Telephone Digital voice recordings of telephone calls made to and from the  Accounts Office Landline
Legal Any professional legal organisations that hold a vested interest in your  healthcare.
Associated organisations This may include your previous and/or current employer details where  the resolution of your health care is linked with your employment
Supporting Notes Any supplementary information from communications / interactions  with you, people or organisations linked with your healthcare and  financial settlement that will assist with decisions made during your  episode of healthcare.
Consents Any permissions, consents or preferences that you give us.

How we use your personal information

What we use your  

personal information for

Our reasons Our legitimate interests

Type of personal  

information

To manage our  

relationship with you

To communicate decisions  agreed with you and/or  made on your behalf 

Our legitimate interests 

Our legal duty

Keeping our records  up to date

Contact 

Demographic 

Medical 

Telephone 

Billing 

Transactional 

Legal 

Associated Organisations Supporting Notes 

Consents

To manage your current  episode of healthcare  with the hospital(s)  

involved

To communicate decisions  agreed with you and/or  made on your behalf 

Our legitimate interests 

Our legal duty

Ensuring appropriate  continuity of care  

during your healthcare  episode

Contact 

Demographic 

Medical 

Telephone 

Legal 

Associated Organisations Supporting Notes 

Consents

To communicate  

healthcare decisions  and actions between  you and your GP

To communicate decisions  agreed with you and/or  made on your behalf 

Our legitimate interests 

Our legal duty

Ensuring appropriate  continuity of care  

during your healthcare  episode

Contact 

Demographic 

Medical 

Telephone 

Legal 

Associated Organisations Supporting Notes 

Consents

To communicate  

healthcare decisions  and actions between  you and your third 

parties associated with  your healthcare

To communicate decisions  agreed with you and/or  made on your behalf 

Our legitimate interests 

Our legal duty

Ensuring appropriate  continuity of care  

during your healthcare  episode

Contact 

Demographic 

Medical 

Telephone 

Legal 

Associated Organisations Supporting Notes 

Consents

To receive financial  

remuneration for  

healthcare services  

provided

To raise and submit invoices 

To receive notification of  financial remuneration 

Our legitimate interests 

Our legal duty

To receive financial  remuneration of  

healthcare services  provided

Contact 

Demographic 

Medical 

Telephone 

Billing 

Transactional 

Legal 

Associated Organisations Supporting Notes 

Consents

Who we share your personal information with 

We may share your personal information with these organisations: 

• Your GP and/or the healthcare provider referring you to Midland Hand Clinic 

• Other healthcare consultants whom Midland Hand Clinic considers will benefit you from  their involvement in your healthcare 

• The hospital(s) involved in supporting Midland Hand Clinic in delivering your healthcare 

• Other healthcare organisations, where appropriate, involved in your long-term healthcare,  such as residential / care homes. 

• Insurers with who your hold, or have held, active healthcare policies 

• Healthcode, the UK’s official medical bill clearing company for private healthcare 

• Legal organisations, such as solicitors and medical report agencies, where appropriate that  are involved with resolving disputes that you are involved with 

Where we collect personal information from 

We may collect personal information about you from the following sources: 

Information you give us: 

• When you register with the hospital where you receive your healthcare from Midland  Hand Clinic 

• When you talk to us on the telephone or in person 

• When you communicate with us in emails 

Data from third parties: 

Information provided by people and/or organisations associated with your healthcare, including: 

• Insurers and hospitals, in the context of administering clinical and financial records 

• General Practitioners, in the context of receiving information about your historic  healthcare in the referral process to Midland Hand Clinic 

• Legal organisations, such as solicitors and medical reporting agencies in the context of  resolving legal disputes 

• Other healthcare organisations, including residential / care homes associated with your  long-term care 

• The central broker, Healthcode, for the submission of financial transactions to your  insurer and receipt of financial settlement information. 

Sending data outside of the EEA 

None of your data received by us and stored by us is passed on to third-parties based outside of  the European Economic Area (EEA). We will only do so if specifically requested by you.

Security 

We take all reasonable steps to protect your information. All information collected and processed  by The Practice is stored as follows: 

• Where third-party software is used to process your data, the data is stored on a secure  server. This is known as the “practice database”. 

• Access to the practice database requires user authentication (username and password) 

• Supplementary information in support of the practice database may be stored on personal  computers used within The Practice office. This is known as the “office database”. 

• Access to the office database requires user authentication (username and password) 

• Data is secured from data loss via a backup service that uses 256-bit encryption to store the  data on the backup server. This data is held within the EAA. 

In addition, The Practice takes the following security measures: 

• All emails sent by The Practice that contain sensitive data will be encrypted using Egress  Switch, which utilises identity based AES 256-bit encryption using FIPS 140-2 cryptographic  libraries. Recipients will be required to register with the Egress Switch service in order to  decrypt the email. 

• Implementing procedures to comply with relevant statutory requirements and data  protection as required 

• Making all personnel of The Practice are aware of the procedures of The Practice and the  importance of data confidentiality 

• Taking measures to ensure proper training and awareness of The Practice personnel dealing  with your data. 

Unfortunately, the transmission of information via the Internet is not completely secure. We will do  our best to protect your information, however we cannot guarantee the security of your data  transmitted to The Practice if not sent securely. Once we have received your information, we will  use the above procedures to try to prevent unauthorised access.

Where we store your personal data 

The data that we collect from you will be stored by ourselves and via third-party software services  that we subscribe to within the United Kingdom only. However, other third parties, that we are  requested or required to pass your information on to, may transfer your data at a destination  outside the European Economic Area. You should carefully check the privacy policy of those third  parties to see how and where your data is being processed.

How long we keep your personal information 

We will keep your personal data for as long as necessary for the purposes we collected it for,  including the purposes of satisfying any medical, legal, accounting or reporting requirements. The  precise length of time we hold your personal data for will vary depending on the individual  circumstances. In determining the appropriate retention period for personal data, we will consider  medical reasons as the priority. This will take into account the potential requirement to refer to  historic medical data to ensure effective healthcare.

Your rights 

Obtaining a copy of your personal information: you may request a copy of the personal information  that we hold about you. If you require a copy of some or all of your personal information, please  email or write to The Practice at the address detailed under Contact. 

If your personal information is incorrect: We always want to make sure that your personal  information is accurate and up-to-date. You may ask us to correct or remove information you think  is incomplete or inaccurate. However, we may need to verify the accuracy of the new data you  provide to us. 

Transfer: You may request that we transfer your personal data to you or a third party. We will  provide to you, or a third party you have chosen, your personal data in hardcopy paper format. 

Objections to using your personal information: You have the right to object to our use of your  personal information, or to request the deletion, removal or stop using your personal information if  there is no need for us to keep it. This is known as the ‘right to object’, ‘right to erasure’ or the ‘right  to be forgotten’. We may not always be able to comply with your request of erasure or to be  forgotten due to the following: 

• Specific legal reasons, which we will advise you, if applicable, at the time of your request. • If it will be detrimental to your current healthcare episode 

• If there are outstanding financial transactions associated with your healthcare 

To comply with your request, we may choose to provide you with a hardcopy of your personal  data. In doing so The Practice will be divested of the responsibility of holding your personal data.

Withdrawal of your consent: Where we have relied on your consent to process your personal data  you have the right to withdraw your consent at any time. However, this will not affect the lawfulness  of any processing carried out before you withdraw your consent. If you withdraw your consent, we  may not be able to provide healthcare services to you. We will advise you if this is the case at the  time you withdraw your consent. You will not have to pay a fee to access your personal data (or to  exercise any of the other rights). However, we may charge a reasonable fee if your request is  clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request  in these circumstances. 

We may need to request specific information from you to help us confirm your identify and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any personal who has no right to receive  it. We may also contact you to ask you for further information in relation to your request to speed  up our response. 

We try to respond to all legitimate requests within one calendar month. It may take us longer than a  month if your request is particularly complex, if you have made a number of requests or if we are  unable to establish the validity of your request and/or your identity. In this case, we will notify you  and keep you updated.

Changes to the policy 

Any changes we make to our privacy policy in the future, will be immediately reflected in this document, which be accessed via the Spire Healthcare website www.spirehealthcare.com 

This policy was last updated May 2018.

Contact 

If you have any questions about our privacy policy or information we hold about you, or you wish to  request a copy of the information we hold about you, please contact us by email or write to us at  the address below. 

Secretary to Mr Gunaratnam Shyamalan 

Spire Parkway Hospital 

1 Damson Parkway 

Solihull 

B91 2PP 

Tel: +44 (0) 121 364 1600 (option 2) 

Email: pp@medicalpa-solihull.co.uk

GET IN TOUCH

FIND OUT MORE...