Your Data's Journey through Nuffield Health, GP or Nurse Appointment or Health Assessment
Discover how your data may be processed through our GPs or Nurse Appointments or Health Assessments
Information you may be asked to provide
Before attending your appointment
If you are interested in having a Health Assessment with us, you will be asked to complete an online questionnaire and health profile before attending your appointment. Within the online questionnaire you may be asked to provide:
- Gender at birth
- Mobile telephone number
- Email address
- Postal address
- Date of birth
- Medical and lifestyle history
- Ethnic and social identity
- Relationship status.
We require this personal data in order to identify you within our systems and ensure that your information is processed securely. Additionally, this range of personal data allows our systems and clinicians to provide an accurate, tailored Health Assessment journey.
For many of our services, the personal data taken will vary depending on your method of booking. This can be via:
- A Nuffield Health booking agent over the phone
- Face to face bookings at Nuffield Health locations
- Your employer.
We endeavour to provide a smooth customer journey and having your contact information allows us to keep you informed of any bookings you have made or update you if any necessary amendments to existing bookings occur.
Some bookings methods may also take data such as:
- Card details
- Insurer membership details
- Insurer authorisation details.
We take this data so that the necessary payments can be processed as well as checking eligibility for discounts on our services.
During your appointment
Throughout your appointment we collect varying amounts of personal data. The amount of personal data that we collect will differ based upon the appointment service that you select. Personal data that we collect may include:
- Medical and lifestyle history
- Observations and measures of your physical characteristics
- Observations and measures of your psychological wellbeing
- Genetic data
- Ethnic and social identity
- Economic status
- Relationship status
- Occupational status.
We pride ourselves on delivering a thorough assessment and collect the above data in order to fully assess your wellbeing and construct the most clinically suitable treatment plans. Should there be any part or test within the appointment that you do not wish to complete, please inform your clinician on the day of the appointment.
During your appointment, your clinician may recommend additional tests that could incur an additional fee. Additional tests are only recommended if clinically indicated. It is your decision if you wish to have any additional tests completed that incur a fee.
Who may my personal data be shared with?
- Handovers to other health professionals – during your appointment journey it may be necessary to share your personal data with another health professional who is involved in your care (e.g. your GP, a consultant or laboratory staff). This could be with regards to referrals to the health professional or reporting back the results of their referral to the doctor.
- Specimen transport – physical specimens (e.g. blood sample) may be collected during your appointment. Specimens may be tested in laboratories that are not located at the site where your Health Assessment is carried out. In such cases, your specimens will be transported to the laboratory via an authorised and vetted courier.
- Research – to continue to improve clinical treatment Nuffield Health may use non-identifiable data as part of a research project or an assessment of our services.
- Third party pharmacies – during a GP consultation we may be required to share your personal data with a third party pharmacy to process your prescription in a timely manner. You will be informed of this during your consultation before data is shared, and you will be asked to consent to this process as well. You will be given the opportunity to withdraw your consent up until either your prescription has been put in the post, or the medication has been posted out to you by a 3rd party pharmacy.
What happens if things go wrong?
At Nuffield Health we pride ourselves with the quality of our services and consistent positive customer satisfaction. However, we understand that in a small number of cases you may have cause to raise a concern regarding an element of your customer journey. It is important that Nuffield Health learn from these episodes to continually enhance services and as such we carry out thorough investigations.
In order to fully investigate your concern we may need to share information with our compliance team and senior leaders not directly involved with your care. In any case, we will only share a limited amount of information, as little as is necessary to investigate the concern. We may also need to share details of your concern with the clinicians who conducted your appointment for the purposes of the investigation. If the concern has come via a third party (e.g. a regulatory body or solicitor) we may need to disclose your data with them in order to resolve, defend or investigate a concern.
Fair and Lawful Processing
Each organisation is required to demonstrate that they are processing personal data fairly and lawfully. To do this we must have a ‘lawful basis for processing’ personal data. Consent is probably the condition that has gained the most attention but we only rely on consent in limited circumstances e.g. to share information with a third party.
Health Assessments, GP and Nurse Appointments will mainly be processing data based on the following lawful basis for processing:
- Article 6 (1) (b) – Processing is necessary for the performance of a contract to which the individual is party or in order to take steps at the request of the individual prior to entering into a contract.
- Article 6 (1) (f) – Legitimate interests: the processing is necessary because of a legitimate interest or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
- Article 9 (2) (h) – Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of English Law or pursuant to contract with a health professional.
What does this actually mean?
In order to provide you with the level of support agreed to in our contracts in a safe and effective way we need to process the data discussed, and as such, we are doing so lawfully. This means we may not always ask your consent each time we use your data if what we are doing is linked to your treatment or doing something we must do by law.
Your rights in respect of your personal data
The law gives you certain rights in respect of the information that we hold about you. Below is a short overview of the key rights available to you.
- Data Subject Access Request – with some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you. Where the data is data that you have given to us, you have the right to receive your copy of it in a common electronic format, and to provide copies of it to other people if you wish (Right to Data Portability).
- Right to Rectification – you have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion, such as an assessment of your wellbeing from a clinician or an assessment of your fitness to work.
- Right to Erasure – in some limited circumstances, you have the right to have personal data that we hold about you erased (the “right to be forgotten”). This right is not generally available where we still have a valid legal reason to keep the data (e.g. because we are obliged to do so by law).
- Right to Restrict Processing – you also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data. For example, if you contest its accuracy or where we are processing it on the basis of our legitimate interest and you contest our assessment that our interest overrides your rights.
The above is not a complete and exhaustive statement of the law.
How long will Nuffield Health keep my personal data for?
The length of time that Personal Data is stored is set by national legislation and is outlined in Nuffield Health Policy. Adult health records are kept for 8 years. For individuals who are aged under 18 records will need to be kept until their 25th birthday or those who were aged 17 at the start of treatment until their 26th birthday.
Your Health Assessment or Appointment is tailored to you, as such our dedicated clinicians and supporting staff, will carefully take the time to understand you. We do not rely on any wholly automated decision taking as part of the Health Assessment, Nurse or GP appointment process.
For further information about how your data may be processed or to ask any questions, please raise this with your Health Assessment Clinician. If you are not satisfied with how we handle your personal data or a request to exercise one of your rights in relation to your data, you can contact the Data Protection Officer on firstname.lastname@example.org
Should you remain dissatisfied you have a right to complain to the Information Commissioner’s Office on 0303 123 1113 or through their website https://ico.org.uk/