DocHealth provides doctors with confidential consultations, advice about their careers, emotional support, and when needed, advice on other expert help. DocHealth is a not-for-profit registered company, company number 10210032.
If you have any questions regarding this policy, please contact:
Mrs Chris Loizou
DocHealth, British Medical Association, BMA House, Tavistock Square, London. WC1H 9JP.
Email: [email protected]
DocHealth only collects the personal data required to carry out these functions.
This policy applies to information we collect about:
- Visitors to our websites
- People who use our services
- DocHealth employees
INFORMATION WE COLLECT AND WHAT WE USE IT FOR
Visitors to our websites
When someone visits our site, we collect standard internet log information and details of visitor behaviour patterns, we do this to find out things such as the number of visitors to the various parts of our site. We collect this information in a way that does not identify anyone.
You may request that DocHealth remove your identifiable information from our records at any time. In these instances, we will endeavour to consider each request on a case by case basis and try to remove your data.
The DocHealth website address is http://www.dochealth.org.uk.
We do not collect personally identifiable information from people who use our website. We only obtain personally identifiable information when you are arranging an appointment or submitting an enquiry.
Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our site.
Search queries and results are logged anonymously to help us improve our website and search functionality, no user-specific data is collected by either DocHealth or any other third party.
People who use DocHealth online
The DocHealth website is solely a portal for individuals to make contact with the service.
People who telephone us
When we receive a call from an individual requesting to use the service, we may record the details of the call in the section of the self-referral database record, to allow us to respond to your request.
People who email us
DocHealth email blocking software may also be used. Your emails will be stored by DocHealth in accordance with the DocHealth Retention Policy.
We ask patient to fill our confidential questionnaires prior to attend their first DocHealth consultation. These can be accessed by clicking on the link contained in the email we send to you.
It is important for us to know how and for whom the service is working, whether it is effective and which changes might be needed.
Every doctor referring themselves to DocHealth is thus invited to fill out some questionnaires at different stages of their making use of the service.
Filling out the questionnaires is entirely voluntary, declining to do so will not affect in any way the treatment at the service. However, we would appreciate the completion of the questionnaires as they will help us shape the future of the service.
A first set of questionnaires will be given prior to using the service. These cover items concerning the present personal situation including psychological and work-related functioning.
Another set of questionnaires will be given at the time of the conclusion of the consultation sessions at DocHealth, including a user satisfaction survey.
Finally, some questionnaires will be sent out 6 months after the conclusion of the consultation sessions at DocHealth.
The answers to these questions will be fully encrypted immediately in order to secure confidentiality. All data will be treated with the strictest confidentiality. Records will be confidential and access to them will be restricted to your Medical Consultant and the administrator to the unit. You will be allocated an identification number and the computer databases will only use this number and not your name. Consequently no publication resulting from the collection of this data will permit individual identification.
You will be given the option to have Skype consultations with our staff if you wish. This is entirely voluntary and will only be done with your consent. These calls will not be recorded.
Complaints about DocHealth
All complaints about DocHealth are treated seriously and we will only use the personal information we collect to process the complaint and to check on the level of service we provide.
Complaints about our staff
DocHealth has a strict complaint and conduct process. In order to process a complaint, it is necessary to obtain certain details, which will usually include some personal information. We need to process this information as part of our regulatory role, and may need to keep the information even if the complaint is subsequently withdrawn. We usually have to disclose the complainant’s identity to the member of staff concerned. However, there are occasions when we can take anonymous complaints. Usually, if we find that we can independently verify the allegations. We always ask for consent from the complainant from the outset to disclose their identity to the member of staff. Without consent, the complaint would be considered as a third-party complaint and processed in this way. We will keep personal information in a safe place and access is restricted according to the ‘need to know principle’.
Information of individuals who access the service
As part of the self-referral process we ask all of our patients to provide certain types of information so that we are able to process their referral and create a record on our database. This includes:
- Home address
- Telephone number
- Email address
- Skype ID
- Date of birth
- Grade and Specialty
- Place of work
- GP name and address
- Reason for referral
Patients are asked to pay by bank transfer or via Stripe, however, patient bank details are not stored by us nor are they passed on to any third-party organisations.
Job applicants, current / former DocHealth employees, committee members and the Board of Trustees
When individuals apply to work or take up a position at DocHealth, we will only use the information they supply to us to process their application and to monitor recruitment statistics.
Personal information about unsuccessful candidates will be held for 6-12 months after the recruitment exercise has been completed. It will then be destroyed or deleted. We may use anonymised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
We hold the bank detail of all staff members in order to process salary payments and expenses. We value the importance of storing individuals’ data securely. With this in mind, our staff bank details are only stored within our secure database, which is solely accessible by staff members.
Special category data
We take particular care of this information, using appropriate security measures, including limiting who has access to such information.
- Information in relation to our staff team (such as Disclosure and Barring Service (DBS)), which is necessary for the performance of our contract with them or under employment law.
Analysis and research
We analyse anonymised personal data in order to understand trends and to improve the service.
- We will not share identifiable data.
- Anonymised, statistical data might be shared in publications or with organisations (such as the NHS or royal colleges).
Lawful processing of personal data
DocHealth will only process your personal data in accordance with one of the conditions for lawful processing set out in the UK GDPR. The main ways in which we process data are as follows:
- Processing on the basis of consent
- Processing is necessary for the performance of a contract
- Processing based on “legitimate interests”
Legitimate interests – Where it is necessary to process personal data for our purposes as an organisation (our “legitimate interests”), we may do so provided that this does not override the rights and freedoms of the person whose data we are processing. DocHealth exercises some functions where it is necessary to process personal data for the performance of its regulatory and public protection functions (such as the processing of complaints). In these cases, DocHealth may rely on its legitimate interests as a body set out to promote and maintain high standards in the profession. In some cases, there will be some prejudice to the rights and freedoms of participants who are subject to complaints, as they may be subject to an adverse decision. However, any such prejudice will be outweighed by DocHealth’s legitimate interests in maintaining high standards in the profession and protection of the public.
Where it is necessary to use personal data to provide services and consent has not been provided, we will rely on our legitimate interests in providing the services to further our organisation’s aims, provided they are not outweighed by the rights and freedoms of those using the services.
Retention of data
Information about how long we keep the personal data of patients and staff is set out in our retention policy, available on request by contacting us. The DocHealth retention period is 10 years.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Recipients of personal data
We may occasionally on the request or agreement of our patients transfer relevant personal data to other organisations, including:
- Healthcare and welfare advisors or practitioners
- Persons making an enquiry or complaint
- Ombudsmen and regulatory authorities
We will ensure we have a legal basis for any such transfers before doing so.
We will respect your confidentiality and will keep the information about you confidential. We store it securely and control who has access to it.
The security of your Personal Information is important to us, but remember that no method of transmission over the internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can make a request to access your personal data by emailing [email protected]
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(a) if you want us to establish the data's accuracy;
(b) where our use of the data is unlawful but you do not want us to erase it;
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to this privacy notice
We aim to keep this notice under review to reflect changes to law or practice.