MERAS HEALTHCARE LTD
General Data Protection Regulation (GDPR)
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation that came into effect on 25 May 2018 which is intended to strengthen and unify data protection for all individuals.
At MERAS Healthcare, we are committed to ensuring the protection of your personal information. In accordance with GDPR guidelines, our aim is to have safeguards in place to protect your privacy and ensure that you feel confident about the security of the personal data which you provide to us.
Data Protection Privacy Notice
This privacy notice is to let you know how MERAS Healthcare will look after your personal information.
If we provide you with a medical or nursing service, then we will use your personal information in the ways set out in this privacy notice.
Under Data Protection Laws, we can only process your personal information where we have a proper reason for doing so, such as:-
• it is in our legitimate interests to do so – for example a legitimate interest is when we have a reason to use your information to enable your consultant to provide treatment or care and order medical tests
• we are required to do so by law i.e a legal obligation
• you have entered into a contract with us for a service – for example processing credit card payment
• in the public interest – where this has a clear basis in law
• vital interests – for example protection of life in a medical emergency
What personal data do we collect?
Personal data is any information that is identifiable as belonging to you.
MERAS Healthcare will request personal data from patients attending the MERAS Health Centre for an outpatient appointment, for the sole purpose of creating a medical file on the individual patient.
The personal data held on file will be shared with
The Clinician (i.e. doctor, nurse, therapist or other healthcare professional) with whom the patient is attending
The Medical Insurance Company with whom the patient is insured (where applicable)
Personal data collected may include:-
• Patient’s name
• Date of birth
• NHS Number
• Contact telephone number
• GP name & address
• Private health insurance company, account number and authorisation code
• Medical records of your appointment at the MERAS Health Centre
• Bank details
• Email address
Why do we collect data and who are the recipients of the data?
We collect data to provide details to the Clinician in charge of your care and to enable the Clinician to provide continuing care via your General Practitioner.
Financial and health insurance data is collected for the purposes of payment of your medical bills.
How long will the data be retained?
Data will not be retained for any longer than is required. We adhere to the standards outlined by the Scottish Government Records Management: NHS Code of Practice (Scotland).
We will retain adult medical records for 6 years after date of last entry or 3 years after death if earlier. We will retain children’s medical records until their 25th birthday or 26th if the young person was 17 at the conclusion of treatment, or 3 years after death. If the illness or death could have potential relevance to adult conditions or have genetic implications, the advice of clinicians shall be sought as to whether to retain for a longer period.
Individual Rights under GDPR
You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below.
1. Right to be Informed – This is provided through the privacy notice on our website and in the patient information file in the MERAS Health Centre.
2. Right of Access – You have the right to access your personal data and supplementary information. We will aim to respond to any request received from you within one month from your request, although this may be extended in some circumstances in line with Data Protection Laws. If you wish to obtain access to your file, you must write to us at the address below. Access to your data will usually be provided free of charge, although in certain circumstances we may make a small charge where we are entitled to do so under Data Protection Laws.
3. Right to Rectification – The right to ask us to correct your information if you think the information that we hold about you is wrong or incomplete. We will respond within one month.
4. Right to Erasure – The right to object to our use of your information, or to ask us to delete, remove or stop keeping it if there is no need for us to keep it. This is known as the ‘right to object’, the ‘right to erasure’ or the ‘right to be forgotten’. There may however be legal or regulatory reasons why we need to keep or use your information.
5. Right to Restrict processing – We may sometimes be able to restrict the use of your information so that it is only used for legal claims or to exercise legal rights. In these situations, we would not use or share your information while it is restricted.
6. Right to Data Portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
7. Right to Object – Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority. There is a contractual requirement when patients attend a MERAS Health Centre for their personal data to be processed in order to provide medical care and treatment.
8. Right not to be evaluated on the basis of automated processing – Patients who attend a MERAS Health Centre will not be evaluated on the basis of automated processing nor is any decision making automated.
Links from our website
Our website may contain links to other websites. If you provide personal/sensitive data to a website to which we are linked to, we are not responsible for its protection and privacy. This privacy statement only applies to www.merashealthcare.com.
If you wish to exercise any of the above, please write to:-
MERAS Healthcare Limited (Head Office)
Unit 5/3 (Fifth Floor)
34 West George Street