Dr Naomi Whitelaw (trading as Equilibrium) is responsible for your personal data.
If you have any questions about this Privacy Notice or the way in which your personal data is handled, please contact us:
Our Telephone Number: 07512 645 110
Click here to email us
This Privacy Notice explains how Equilibrium handles and uses personal data collected about patients. Where in this statement we refer to ‘we’ or ‘our’ or ‘us’ we are referring to Dr Naomi Whitelaw, and where we refer to ‘you’ or ‘your’ we are referring to our staff or patients.
How we use and share your information to help you
We need to keep a record of the care you receive to ensure that:
• The professionals involved in your care have accurate and up-to-date information;
• We have all information necessary for assessing your needs and providing excellent care;
• Your concerns can be properly investigated if you raise a complaint; and
• Accurate information about you is available if you move to another area, need to use another service, or see a different healthcare professional.
We have a duty to:
• Maintain full and accurate records of the care we provide to you;
• Ensure that your records are confidential, secure and accurate; and
• Provide a copy on request that is an accessible format (e.g. large type if partially sighted).
Your record may include some or all of the following:
• Your marital status, title, name (first, maiden, last name or user name), address, date of birth, name of your GP surgery (if you have one), NHS number, telephone numbers, email address, next of kin details (their name, address and telephone number);
• Financial data (bank account and payment card details, details of products and services you have purchased from us);
• Consents (preferences in receiving marketing for us and our third parties; methods of contact; sharing information and contacting next of kin)
• Feedback and survey responses;
• Contacts we have had with you i.e. appointments, transactions (payments to and from you);
• Notes and reports on your health (such as medical history/conditions, weight, lifestyle and other information relevant to your health such as family situation, employment history);
• Details of treatment and care and test results;
• Information on medicines, side effects and allergies;
• Relevant information from people who know you well i.e. health professionals and relatives; and
• The staff who see you may also add notes on their professional opinion.
If you wish us to, and it is practical, we will discuss and agree with you what we are going to enter on your record and show you what we have recorded.
Identifying you as an individual
We have many patients with similar names so it vitally important for all patients to be properly identified as individuals. In order to be absolutely sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items may include:
• Full name (first, maiden, last name, username);
• Date of birth;
• National Insurance number;
• Permanent home (not temporary) address or billing address; and/or
• Photo ID (copy of) (such as a valid passport or driving license).
How you can help us to keep your record accurate
• Let us know when you change address, telephone number, email or name.
• Tell us if any information in your record is incorrect.
• Give your consent so that we can share information about you with other health professionals to make sure you receive the right health care.
• Tell us if you change your mind about how we share the information in your record.
How Dr Whitelaw (Equilibrium) uses your contact details
We take your privacy seriously so please let us know how you want us to contact you.
If you provide a mobile phone or land line number: we may ring, leave a message or text you, so tell us if you do not want us to do so.
If you provide us with your email address: we may use it to send confidential health information, unless you have told us not to do so.
Please read the following before providing us with your email address.
• Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). Although our own systems are secure it may, however, be possible for others to intercept your email when it is being sent over the internet.
• Be aware that if you share your computer others may read your emails.
• You could use email to contact staff in relation to a query or to ask about an appointment.
• Do not give more personal information than we need to process your request.
• Do not ask us to send you medical details that you would not want seen by other people.
How your records are kept
Our guiding principle is that we hold your records in strict confidence.
Dr Naomi L Whitelaw is registered under the Data Protection Act 1998. It abides by the law and observes good practice in maintaining confidentiality and appropriate information security.
We will fulfil its obligations under this Act to the fullest extent, including ensuring that the following eight principles governing the processing of personal data are observed.
• Personal data shall be processed fairly and lawfully;
• Personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes;
• Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed;
• Personal data shall be accurate and, where necessary, kept up to date;
• Personal data shall be kept for no longer than is necessary for the purposes for which it is processed;
• Personal data shall be processed in accordance with the rights of data subjects under the Act;
• Personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage; and
• Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection.
Information about you and the services you receive may be held in a number of formats and will be kept for the specific retention periods outlined by the relevant professional bodies. We use secure electronic systems to store medical records, diagnostic test results and details of prescriptions.
How your records are used
We use your records to:
• Ensure that any treatment or advisory services we provide to you are based on accurate information;
• Send a letter about your care to your GP or other health professional (as required);
• Work effectively with other services providing you with treatment or advice;
• Monitor the quality of our care and help us to understand the outcomes of care;
• Investigate any concerns or complaints you or your family have about your health care; and
• Provide information that is needed for financial transactions in relation to payment for treatment, such as billing. This may include details shared with your insurance company upon your request and consent.
We may remove your name and other details that could identify you so that we can use the information in your record anonymously to:
• Monitor and improve the quality of care received by patients;
• Protect the health of the general public, for example we may share anonymous and aggregated patient information with organisations such as the National Institute for Clinical Excellence and the Cancer Registry, for research or statistical purposes; and
• Train and educate staff.
Wherever possible, we anonymise your data or use a quasi-identifier such as a patient number.
Sharing your health record
Dr Naomi Whitelaw is responsible for protecting the confidentiality of patient information and making sure that information is shared where this is appropriate.
To make sure you receive the care and treatment you need, we may need to share the information in your health record with other staff and organisations. This could include:
• Other healthcare professionals, such as doctors, pharmacists;
• Other hospitals and private sector organisations involved in your care;
• Local authority departments;
• Voluntary organisations providing on-going support; and
• Administrative support staff.
Note that anyone who receives information from us also has a legal duty to keep it confidential.
We may also share information that identifies you where:
• You ask us to do so.
• We ask for specific permission and you agree to this.
• We are required to do this by law.
• We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed).
• Unless you have signed an additional consent, we will not contact you after your visit for purposes other than:
a) Follow up of care;
b) Collecting your views about your visit to us;
c) Settlement of any account that may be due, if appropriate; and
d) Complaints and concerns handling.
Sharing information with your family and friends
Your emergency contact should be someone that you trust and feel close to. It does not have to be a blood relative; it can be a good friend. We ask patients to name their emergency contact so that we know who you would like us to keep informed about the care we provide or the decisions we need to make should you consent to sharing this information with them.
You can also name other people, with whom you would like us to share information about you. We make best efforts to ensure that information provided over the telephone is restricted to those you have named and we share on a need to know basis. Sometimes this means refusing to disclose information about you to someone who feels they should know about your treatment and progress. Please make your family and friends aware of this.
Sometimes we have a legal duty to provide information about people; examples are reporting some infectious diseases, and when a court order instructs us to do so. Records may also be shared without the patient’s consent in exceptional situations, such as to safeguard adults or children.
How can I stop my information from being shared?
If you do not want us to share your information with others, please tell the team looking after you. But please note that not sharing your information may affect the care that can be provided for you.
You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. Where your wishes cannot be followed you will be told the reasons including the legal basis. You may at any time withdraw any consent you have previously given to us to process information about you.
If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with the professional in charge of your care or the DPO, or email us typing ‘Opt Out Request’ in the subject line of the email.
We will use your personal information to send you our marketing communications only in the following circumstances:
• Where you have specifically asked us to send you the marketing information in question; and
• Where you have consented to us sending you our marketing communications.
You can alter the channels through which we send you marketing such as email, post and telephone by emailing firstname.lastname@example.org.
If we are sending you marketing communications based on your consent, you have the right to withdraw your consent at any point in time. To withdraw your consent please follow the opt-out links on any marketing message sent to you or contact email@example.com.
Withdrawal of consent to receive our marketing communications will not affect the processing of personal data for the provision of our services.
We will never share your personal information with a third party for their own marketing.
We occasionally pass your information on to market research companies which carry out surveys and collate feedback on our behalf. We use this information to help improve our services and develop and improve products.
Your legal rights
Dr Naomi Whitelaw is the Data Controller of the data held about patients and staff.
You have the right to confidentiality under the Data Protection Act 1998, the Human Rights Act 1998 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply. Your personal data is also protected under the General Data Protection Regulations (GDPR).
You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.
You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing, or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:
• The right to obtain a copy of your record in permanent form;
• The right to have the information provided to you in a way you can understand, and explained, where necessary. For example, where abbreviations have been used.
• You would not be entitled to see information that:
a) Has been provided about you by someone else if they haven’t given permission for you to see it;
b) Identifies another person who has not given permission for you to see the information about them;
c) Relates to criminal offences;
d) Is being used to detect or prevent crime; and
e) Could cause physical or mental harm to you or someone else.
• If you are currently receiving services from us and wish to view the record without obtaining a copy, discuss your request with the professional in charge of your care or DPO.
You have the rights to have your data corrected or removed or transferred to another service provider and also to ask that we stop using your data. Where you have previously given your consent, you have the right to have that consent removed or adjusted, unless a legal authority prevents us from doing so.
You also have the right to be informed of certain security incidents which might have an impact on you.
You have the right to raise a complaint with the data protection authority (Information Commissioner’s Office, please find their details below).
Obtaining a copy of your record
If you wish to apply for access to the information we hold about you:
• You should send your request in writing to us by email to firstname.lastname@example.org;
• You should provide enough information to enable us to correctly identify your records, for example include your full name, address and date of birth;
• We will take every reasonable step respond to you within 30 days of receiving your request;
• You may be required to provide a form of ID before any information is released to you; and
• Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.
Links to other websites
Our website may contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their Privacy Notices. When you leave our website, we recommend that you read the Privacy Notice of any website you visit.
Status of this policy
Further information about data protection issues can found at:
Information Commissioner’s Office
The Information Commissioner’s Office Wycliffe House
Cheshire SK9 5AF
Helpline: 08456 30 60 60