DATA PROTECTION​

updated 04/04/2021 – This information can be provided in printed form if needed.

Information Governance - all about confidentiality

Your information is treated highly confidential.
The company is registered with the ICO Information Commissioner’s Officer (https://ico.org.uk) and pays yearly subscriptions. 
All information is stored on encrypted devices and email traffic is restricted to consented exchange with the clients (parents and young people).

The company has its own Standard Operating Procedure about Data Handling.
Although unfortunately security breaches are always possible, this company is using only most trusted encryption tools based on current knowledge.

Please be aware that according to the guidance by the General Medical Council on good medical practice we routinely share the Medical Reports with the registered GP by post unless a reason has been given at the time of the appointment not to do so. Later request may not be considered as reports could go out on the same day of the appointment. In certain circumstances medical professionals may be required by law to release medical reports.

This company is using the following high level security processes:

Medical Reports via secure link

Medical reports can be sent using email with a secure link to an encrypted storage site in England.

The links are password protected and will expire after 30 days. 

As an alternative to password protection a registered email address may be used to open the link. 

Please follow the instructions in the email how to access the report and contact our administration if you have any difficulties accessing your reports for need access to older reports.

 

Emails

Consent to Exchange Confidential Information via Non-Secure Email

The Medical Report and results will be shared via a password protected and encrypted link.

In order to exchange additional information on updates, progress or any medical queries please consent to the use of non-encrypted communications with Dr Muller and his team by replying to all in this email:

– “I/We consent”

Dr Muller has moved to written consent from March 2018 onwards for non-encrypted exchange of confidential information in line with stricter regulations around data protection. 

Secure uploading of pictures, videos or files for consultation/enquiries/updates

Sometimes it is helpful to send pictures or videos of your child for a review. I offer a secure and encrypted upload service via Tresorit which encrypts the medical files on your computer and sores it in a secure folder on Tresorit for me to view.

This service is free for you to use and no paid account with Tresorit is needed on your part.

https://tresorit.com/ 

APPLE ENCRYPTION

All company Apple devices are encrypted with MAC’s own sophisticated encryption algorithm.

TRESORIT

Cloud storage of data is facilitated by Tresorit (http://www.backupreview.com/tresorit-review/). Tresorit has end user encryption which means all information is encrypted at source and then sent to the cloud storage facility. No encryption keys are shared with or stored on the cloud servers.

From 2021 all company data will be stored on serves located in England within the UK. In other words no data will be stored in locations outside the UK after January 2021. 

SECURE SOCKETS LAYER (SSL)

This website is secured by Secure Sockets Layer (SSL) certificates. They are sometimes called digital certificates and are used to establish an encrypted connection between a browser or user’s computer and a server or website. The SSL connection protects sensitive data, such as credit card information, exchanged during each visit, which is called a session, from being intercepted from non-authorized parties.

Because of this SSL security some links to external websites, which are not secured by SSL are blocked.

VERACRYPT

Local storage of sensitive data on the companies Windows operated devices is protected by VeraCrypt
(http://lifehacker.com/windows-encryption-showdown-veracrypt-vs-bitlocker-1777855025). 

Information Commissioner's Office [ICO]

This company is registered and complies with the regulations set by the Information Commissioner’s Office.

If you like further information about your rights please see the link below:

https://ico.org.uk/for-the-public/er’s

Who is my information shared with?

(1) The information is first of all shared with the parents (legal guardians) of the child or young person and the child/young person involved. 
Opting out of receiving the information via non-secure email does not mean you do not receive the information at all but it means you will get this via post or secure email.

There have been cases when a competent teenager has sought medical advice without his/her parents knowledge and there are court rulings that a doctor may not have to share this information with the parents of these young people even if they are not 18 years yet.

 

(2) My personal assistant will access your child’s information in order to prepare reports and any correspondence

My personal assistant will deal with the administrative side of your consultation with me and is your first access point for queries and liaison with me. The personal assistance is a fully qualified medical secretary.

 

(3) The information will be shared with your GP by post as a standard

Good medical practice for your specialist is to share your consultation with your GP. This is done in all cases if you have given us a GP name and address. This means your GP will receive the letter by post. You have to let us know at the time of the appointment if you do not wish your GP to receive the medical report as the letters may go out within 24 hours of the appointment. It is regarded by the General Medical Council as our duty to inform your GP of the outcome of the consultation. However, I do respect your wishes if in special circumstances you do not wish to do this. 
In certain circumstances medical professionals may be required by law to release medical reports.

(4) The information will be shared with a professional medical billing company.
Your information will be shared with Mediaccounts (https://mediaccounts.co.uk) for billing purposes.

 

(5) Your information will be shared with your insurance company.
This is if your consultation is paid through your insurance company and you have provided us with their details.

(6) Your information will be shared with other health professionals if they are involved in your child’s care
Your information will be passed on to other health professionals if any diagnostics (blood tests, radiographs etc) are ordered or if your child is referred on to other doctors, therapists or dieticians. Again you can opt out that this is done via non-secure email and the correspondence will be sent by post or secure email only. You will always be informed and get a copy of the correspondence. This is not always the case for blood test requests or radiograph requests but you can receive the reports as well if required.

(7) Reducted information is shared with a professional accountant for tax and income declaration.
Information on payments and billing will be shared with a professional accountant and for this company is with RK Associates based in the UK. No medical information is shared.

Your rights

If you like further information about your rights please see the link below:

https://ico.org.uk/for-the-public/er’s

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ 

The company is practising full transparency and a full copy of personal and/or medical data held by the company can be obtained on written request.

https://ico.org.uk/your-data-matters/your-right-to-get-copies-of-your-data/

The information will be provided within 5 working days (excluding holiday periods) of a verbal or written request.

https://ico.org.uk/make-a-complaint