Privacy Policy

User Provided Information

Personal information provided to The Keep Clinic by you will only be used for the purposes stated when the information is requested, such as creating a self-referral. Information received by external referrers, such as your GP or another healthcare professional, related to you will be treated similarly.

The Personal Data We Collect

• Personal details such as full name, date of birth, gender, marital status, ethnicity
• Address and contact details including e-mail address and phone numbers
• Emergency contact details and next of kin
• National Health Number
• Details of other healthcare professionals involved in your care
• Financial information as part of our billing system
• Details of your private medical insurance

Medical Information We Collect

• Details about your current and past medical and mental health history including treatments by other clinicians
• Medical records of past treatments and investigations
• Imaging such as ultrasound, x-ray and MRI reports, images and videos

We also collect information directly from you through our Patient Reported Outcome Measures (PROMS) questionnaires. Please be assured that personal information will not be sold to third parties, or provided to direct marketing companies or other such organisations without your express permission. Personal information collected and/or processed by The Keep Clinic is held in accordance with the provisions of the General Data Protection Regulation (GDPR) 2018.

How We Store Information

Information which you provide to us will be stored either on our secure servers or our Medical Management System, whose servers are hosted in London and comply with all EU privacy regulations including GDPR. Personal data is kept as long as necessary to comply with legal and regulatory requirements in line with the Information Governance Alliance Records Management Code of Practice for Health and Social Care 2016.

Information Security

• We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems and data.
• We restrict access to personal information to The Keep employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations.
• We encrypt any sensitive data that needs to be provided outside of The Keep for both agents and patients.

Accessing and Updating Your Personal Information

The General Data Protection Regulation 2018 gives you the right to access information held about you. We aim to provide you with access to your personal information. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate — unless we have to keep that information for legitimate business or legal purposes.

To do so, please contact our Data Protection Officer: bethan@mskdoctors.com

Use of Personal Data

Personal data will be used for the following:

• Arranging appointments, investigations, procedures and surgery
• Ensuring that you are receiving the appropriate care
• In response to queries, complaints and concerns
• Quality assurance by evaluating your treatment and outcomes
• Processing invoices and payment
• Disclosure to another healthcare professional for further treatment e.g. physiotherapy or to the referring clinician

Legal Disclosure

We may be legally obliged to disclose your personal information to third parties if we are under a duty to disclose or share such information as necessary in order to prevent and detect crime, protect public funds and make sure the personal information is accurate. These third parties include government departments, local authorities and some private sector organisations, but this will only be in the exceptional circumstances listed above.

Compliance and Cooperation with Regulatory Authorities

We regularly review our compliance with our Privacy Policy. We also adhere to national data protection regulations. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

Making a Complaint

If you are unhappy with the way we have dealt with a request from you with regards to GDPR or if you think we have not complied with our legal obligations, you can make a complaint to the Information Commissioner's Office (ICO). We would appreciate you informing the Data Protection Officer of the issue and allowing them to address the complaint before contacting the ICO.

More information: www.ico.org.uk