Roodlane Medical Limited has in place and undertakes to maintain appropriate technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, loss, damage or disclosure of data. Likewise, adequate security programmes and procedures are in place to ensure that unauthorised persons do not have access to the data or to any equipment used to process the data.
Roodlane Medical Limited Privacy Statement
Your Personal Data is data which by itself or with other data available to HCA International Limited (HCA UK) can be used to identify you as an individual. HCA UK is the data controller. This privacy notice sets out how HCA will use your personal data. You can contact our Data Protection Officer (DPO) at 242 Marylebone Rd, Marylebone, London NW1 6JL, or at DPO@hcahealthcare.co.uk if you have any questions.
The types of personal data we collect and use
We will use your personal data for the reasons set out below. We will collect most of this directly during the registration and/or admission process but there may be sources of personal data collected indirectly as set out later in this Policy. The personal data we use may include:
- Your name, address and contact details, including email address and home and mobile telephone numbers, date of birth and gender.
- Your previous and current medical health records weather provided by HCA UK or other third parties
- The terms and conditions of your contract with us for the provision of healthcare and related services
- Your financial information (your bank account and national insurance number) if you are a "self pay" patient or the financial information of the company or individual who is responsible for the payment of invoices/bills relating to your care (e.g. insurer or sponsor
- Information about your marital status, next of kin, dependants nominated and/or emergency contacts.
- Information about your nationality and entitlement to treatment in the UK
- Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments
- Information about medical or health conditions of your family
- Information received in response to any surveys, complaints claims
- Equal opportunity monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief
- Information about how you use our website.
- If you are employed by HCA UK we will also hold and process other information relating to your employment (You can obtain a copy of the Staff Privacy Notice from the HR team)
- If you are a Consultant/ Doctor or other healthcare provider you are not employed by HCA UK but we will also hold and process other information relating to the clinical services you carry out. (You can obtain further information form the facility CEOs or your [clinical contact]
- This data may also include visual images, personal appearance and behavior e.g. where CCTV is used as part of our building security measures
HCA UK may collect this information in a variety of ways. For example, data might be collected through Registration and Admission forms; obtained from your passport or other identity documents such as your driving licence, from pre-admission forms, online web forms completed by you at the start of your treatment, from correspondence with you, through the Admission and Registration process or through interviews, meetings or other assessments.
In some cases, the organisation may collect personal data about you from third parties, such as insurer providers, referral agencies, sponsors, checks permitted by law.
Providing your personal data
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide care and treatment and receive payment for these services.
Monitoring of communications
Subject to applicable laws, we may monitor and record staff calls, emails, text messages, social media messages and other communications in relation to our dealings with you. We will do this to ensure an appropriate standard of care, for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications networks and systems, to check for unlawful content, obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on our network and systems where necessary for these reasons and this is for our legitimate interests or other legal obligations.
Using your personal data and the legal basis for processing
We will process your personal data under Article 6 (1); Article 9 (2) of the General Data Protection Regulations:
- To support the provision of your healthcare
- To decide how best to provide treatment to you
- As necessary to support the healthcare contract with you and to allow us to receive [full] payment for those services
- To take steps at your request during the course of your treatment
- To keep your records up to date
We will process your personal data under Article 6 (1) f of the General Data Protection Regulations:
- As necessary for our own legitimate interests or those of other persons and organisations, e.g.
- For good governance, accounting, and managing and auditing our clinical and business operations
- To monitor emails, calls, other communications, and activities on HCA networks and systems
- To monitor emails, calls, other communications, and activities on HCA networks and systems
As necessary to comply with a legal obligation:
- When you exercise your rights under data protection law and make requests
- For compliance with legal and regulatory requirements and related disclosures
- For establishment and defence of legal rights
- For activities relating to the prevention, detection and investigation of crime
- To verify your identity, make credit fraud prevention and anti-money laundering checks
- To investigate complaints, legal claims and data protection or clinical incidents
Based on your consent:
- If you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures.
- When we process any special categories of personal data about you at your request (e.g. my racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).
You are free at any time to change your mind and withdraw your consent. The consequence might be that we cannot continue to provide full healthcare services to you.
Sharing of your personal data
Subject to applicable data protection laws we may share your personal data with:
- Consultants/Doctors and other healthcare professionals who provide treatment to you at our Facilities
- Other healthcare providers where we feel this will enhance the quality of your care
- The HCA group of companies and associated companies including entities in the United States
- Sub-contractors and other persons who help us to provide healthcare products and services to you
- Companies and other persons providing services to you as part of your extended care
- Our legal and other professional advisors, including our auditors
- Fraud prevention agencies, credit reference agencies, and debt collection agencies
- Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators, the Information Commissioner's Office.
- Courts, to com ply with legal requirements, and for the administration of justice
- In an emergency or to otherwise protect your vital interests
- To protect the security or integrity of our business operations and other patients
- When we restructure or sell our business or its assets or have a merger or re-organisation
- Payment systems and providers
Anyone else where we have your consent or as required by law
Sharing of your personal data to contribute to the review and publishing of information about the quality and cost of privately funded healthcare
Subject to applicable data protection laws HCA Healthcare (HCA UK) is required to provide hospital performance data to the Private Healthcare Information Network (PHIN), which publishes information on the quality and cost of privately funded healthcare.
PHIN's goal is to help patients make more informed choices about where to go for treatment.
HCA UK will not supply your name, date of birth, or full address to PHIN. PHIN is only concerned with understanding the treatment that hospitals and doctors provide, whether that treatment was safe and effective, and whether there were any complications.
Any processing of personal data shall be made in accordance with the Data Protection Laws.
Publication will be made via the PHIN website in a format that will allow patients requiring hospital treatment and their doctors to search for local private hospitals by procedure and to compare how they perform in terms of quality and safety based on treatment data. Individuals are then able to make informed choices; which Consultant to see, which treatment option to follow, and at which hospital to be treated. This information will not be in a form where individuals can be identified.
An additional reason for obtaining the NHS Number relates to HCA UK's intention to access the UK Child Protection Information Sharing (CP-IS) system in order to facilitate the sharing of information between health and local authorities where a child may be at risk of being neglected, maltreated or abused.
HCA UK ensures all the information it holds is kept safe and confidential.
You have the option to withhold your personal information, in which case we will only share an anonymised record of your treatment to PHIN, but will not provide your NHS Number (or equivalent) or postcode.
If you tell us that you are not happy for HCA UK to pass on your NHS Number and Postcode to PHIN we will indicate this o your Registration Form.
If you subsequently change your mind please contact the facility where you were treated. Contact details are available on this website.
Sharing of your personal data for research purposes
Subject to applicable data protection laws and your explicit written consent we may share your personal data for the purpose of scientific research.
Sharing of your personal data for marketing purposes
Subject to obtaining your written consent and communications preferences we may use your contact details to send you newsletters and other information on new Facilities, services and treatments which we think may be of interest to you. We will not sell your personal data to a third party without your written consent.
You are free at any time to change your mind and withdraw your consent. Please contact [insert email address]. This will not affect the healthcare services we provide to you.
Your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an 'international framework' of protection.
How long do we keep your data?
Information will be kept in in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care (2016). Information may be held for longer periods where the following apply:
Retention in case of queries. We will retain your personal data as long as necessary to deal with any queries you may have.
Retention in case of claims We will retain your personal data for as long as you might legally bring claims against us.
Retention in accordance with legal and regulatory requirements. We will retain your personal data after you have received healthcare services at our Facilities based on our legal and regulatory requirements.
Your rights under applicable data protection law.
Your rights are as follows (noting that these rights do not apply in all circumstances):
- The right to be informed about processing of your personal data
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
- The right to object to processing of your personal data
- The right to restrict processing of your personal data
- The right to have your personal data erased (the 'right to be forgotten')
- The right to request access to your personal data and information about how we process it
- The right to move, copy or transfer your personal data ("data portability")
- Rights in relation to automated decision making including profiling
You may exercise these rights by contacting us on email@example.com
You have the right to complain to the Information Commissioner's Office. It has enforcement powers and can investigate compliance with data protection law ico.org.uk
For more details on all the above you can downloading a copy from our Website [insert website link] or contact our Data.
Protection Officer to request a paper copy of the 'Using My Personal Data' booklet. This Notice may be translated into other languages on request.
Cookies - what are they?
A "cookie" is a piece of information which is stored on your computer within the web browser when you visit a website. When the user visits the same website in future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity on the site.
They are used by most major websites and are typically key in allowing use of the website.
What are cookies used for?
- give you a better online experience
- allow you to set personal preferences
- protect your security
- measure and improve our service
So what information is kept by the cookie?
A cookie will typically hold:
- the name of the website that it has come from
- how long the cookie will stay on your computer or phone
- a value - usually a randomly generated unique number
How long do cookies stay on my computer?
Session cookies - these only last until you close your browser. They are not stored on your hard drive. They are usually used to track the pages that you visit so that information can be customised for you for that visit.
Persistent cookies - these are stored on your hard drive until you delete them or they reach their expiry date. These may, for example, be used to remember your preferences when you use the site.
Cookies on Roodlane websites: in detail
These cookies are essential to making our online services work properly. If you do want to disable these cookies you can do this in your browser settings but you might not be able to use some of our online services.
|1.||FirebugLite||Created in third party (Fusion Chart) document.|
|2.||[ASP.NET_SessionId]||Maintain session ID of user logged in.|
|3.||$_SERVER['HTTP_COOKIE']||Contains the raw value of the 'Cookie' header sent by the user agent.|
|4.||[PHPSESSID]||Maintain session ID of user logged in.|
|5.||__utma||This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.|
|6.||__utmb||This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method.|
|7.||__utmc||This cookie is no longer used by the ga.js tracking code to determine session status.|
Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session.
|9.||__utmz||This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.|
|10.||__utmv||This cookie is not normally present in a default configuration of the tracking code. The __utmv cookie passes the information provided via the _setVar() method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the utmcc parameter. This cookie is only written if you have added the _setVar() method for the tracking code on your website page.|
|11.||__utmx||This cookie is used by Website Optimizer and only set when the Website Optimizer tracking code is installed and correctly configured for your pages. When the optimizer script executes, this cookie stores the variation this visitor is assigned to for each experiment, so the visitor has a consistent experience on your site. See the Website Optimizer Help Center for more information.|