Allied Neuro Therapy Ltd operates as the Data Controller and determines the purposes for which, and the manner in which, any personal data about patients is processed. If any of your questions are not answered fully in this document, please contact the Data Controller via email firstname.lastname@example.org or phone 0800 193 9895. If you are not satisfied with the answers from the Data Controller, you can contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.
Why do we need to collect personal data?
We will collect personal data relating to patients in order to communicate with patients and the referring agency (if applicable), to understand the patients’ psychological needs, and provide the patients with appropriate psychological services.
The legal basis for collecting and processing patient data is to fulfil the performance of the contract for which the patient or a third party representing the patient have entered into, or in order to take steps at the request of a patient or a third party representing the patient to enter into such a contract.
What personal information do we collect?
In order for us to provide psychological assessments/treatment to the patient, we will collect the following types of information from the referrer or from the patient: name, date of birth, contact details such as address, telephone number, email address, and sensitive data such as their physical and psychological health history.
This information may be collected from the patient, the referring agency (case management, solicitor), treatment funder, a family member/carer acting on the patient’s behalf, a guardian if the patient is under eighteen years, and health professionals and health providers.
How do we use the information we collect?
By providing personal information relating to the patient directly to ANT Ltd, you are agreeing to its processing and use by ANT Ltd for the purpose for which it was given.
We use the information we collect in the following ways: a) to provide appropriate psychological services (assessment/treatment) to patients as set out in a contract; b) in order communicate with patients, the referrer and other health professionals regarding treatment (if applicable); c) to monitor the patient’s treatment progress over time; and d) for record keeping/bookkeeping purposes.
Processing sensitive personal data is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards.
Who do we share patient information with?
In order to fulfil our obligations of the contract we have entered into, we will only share data with individuals or other organisations that are an essential part of providing services to the patient (e.g. case manager, solicitor, other health professionals, treatment funders, if applicable). The information shared will include, but will not be restricted to, appointment scheduling, the sharing of clinical notes and reports detailing the information collected, and details of the patient’s progress in treatment.
Information that the patient does not wish to be shared should be communicated to the company/the psychologist and appropriate steps will be taken to ensure this data is not shared, unless it is considered that withholding this information could result in harm to the patient or to others.
Patient data will never be provided to third parties not already involved in the patient’s treatment without obtaining consent. If access to the data is requested or required by others not already involved in the patient’s care, we will request that specific consent forms relating to this data sharing are provided. Patient details will never be used for marketing processes. Personal data used for audit or research purposes will be anonymised or pseudonymised to prevent patients from being identified.
We may disclose your information to comply with a legal requirement or as ordered to do so by a Court or Tribunal. We will take reasonable efforts to communicate with you prior to doing so unless we are legally restricted from doing so.
How we keep patient personal information safe?
ANT Ltd will take all necessary steps to make sure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. This will include physical, electronic and managerial procedures to safeguard and secure the information we collect and hold about patients. Some of our data storage systems involve transfer of information to data centres across the United States.
When we share data with others in the course of the patient’s care, we will ensure, to the best of our ability, that they process the personal information in accordance with our confidentiality and security requirements.
Retention of patient information
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We are required to keep some personal information relating to the psychological therapy patients receive for twenty years after discharge from our service. This data includes reports and clinical notes written during assessment and/ or treatment. This retention period may vary depending on the nature of the patient’s condition. This retention period is in-line with the statutory limitation periods set by the NHS. After this period, the data (in all formats) will be deleted and disposed of confidentiality and completely.
How can patients’ access information held about them?
Subject Access Request (SAR) regulations gives rights to individuals in respect of the personal data held about them. These rights include the right to access the data we hold on them, the right to object to and restrict the processing of their data, the right to rectification, the right of data portability and the right to be forgotten. If data is rectified or deleted at the request of the patient they will be provided with evidence to this effect. Patients can obtain a copy of Allied Neuro Therapy Ltd’s Subject Access Request Form that outlines the process for dealing with a request for data, disclosure by emailing email@example.com.
We may withhold personal information that you request to the extent permitted by law.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
Personal data breaches
A personal data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. If we discover that a breach has occurred that we consider will result in adverse consequences to a patient, we will contact the patient and provide them with information relating to the breach and the measures taken to prevent further unauthorised access to the data, and provide advice on how they can protect themself from the harm that may arise as a result of the breach.
We are committed to safeguarding the privacy of our website visitors.
When you complete the referral form on this website, we collect your name, email address, telephone number and any additional notes you provide. This information is not retained on the website. We do not send the information you submit to any third parties.