Privacy Notice
This Privacy Notice was last updated on 11 November 2019
Dr Iyas Assalman is the ‘data controller’ for the personal information you provide to the Practice. As the data controller, Dr Assalman is responsible for, and controls the processing of, your personal information by the Practice. Dr Assalman is registered with the Information Commissioner’s Office (ICO).
This Privacy Notice describes the basis on which any personal information the Practice collects from you, or that you provide to the Practice, will be processed by the Practice. We would be grateful if you could read this Privacy Notice carefully as it details important information regarding the Practice’s use of your personal information.
If you would like to contact the Practice you can email us at secretary@drassalman.co.uk or write to us at Dr Iyas Assalman , 55 Harley Street, London W1G 8QR.
Personal information collected by us
You may give the Practice personal information by filling in our Registration Form or by speaking with us over the telephone, emailing us or otherwise corresponding with us. The personal information you give us may include basic details such as your name, address, e-mail address, phone number, date of birth, next-of-kin contacts, GP information and medical insurance information for example.
We will also collect information relating to your health and medical history as well as details about the treatment you receive (special category information). The information you provide to Dr Assalman may be recorded in writing as part of the history taking.
We will also collect and process personal information that you and other medical professionals may send to us, such as referral letters, reports or assessments, or results of blood tests for example. We may also collect personal information about you that is given to us by your family members or other individuals known to you.
Your personal information is held securely on a cloud-based electronic patient medical record database, accessed only via two-factor authentication.
How we use your personal information
We will use your personal information to carry out our obligations under our contract with you as detailed in the Patient Information Letter and to pursue our legitimate interests, that is, in order to provide healthcare services. Please note, that in certain circumstances your personal information may need to be shared with a Psychiatrist colleague in order to ensure continuity of your care and this would only be on an as needed basis and, unless in an emergency situation, your consent would be requested prior to your information being shared.
We will also use your personal information to ensure you or your health insurance provider receives the correct bill, as well as to ensure that you receive the information and services that you request from us.
Your personal information will also be used to notify you of any changes to the information currently set out in our Patient Information Letter and for other administrative purposes.
Disclosure of your personal information
We may disclose some of your personal information to:
- Other cliniciansinvolved in your care, including your GP or other referring professional, pharmacists, therapists or other medical professionals.
We will seek your consent before sharing your personal information with such third parties.
If you do not consent to Dr Assalman sharing information with your GP, Dr Assalman will discuss with you the most appropriate way forward depending on your circumstances.
In cases where there is a potential risk to your health (for example if you are acutely unwell, or have relapsed in severe addiction or have intense suicidal thoughts), Dr Assalman may discuss with you that she is not able to continue holding responsibility for your psychiatric care unless you provide consent for her to speak to third parties (such as a family member, your GP or local NHS Mental Health Services such as the Crisis team) in order to ensure your safety and to avoid misleading other people involved in your care. If this is the case, Dr Assalman will discuss this with you with a view to arriving at an acceptable solution.
In certain emergency or extreme circumstances Dr Assalman may contact a third party (usually the Next of Kin you have provided in the Registration Form or a health professional involved in your care such as your GP or a Therapist). This can happen if there is a significant risk to your health or safety or that of others, or if there is a safeguarding concern or a situation where there is a concern about your mental capacity (as per the Mental Capacity Act) or there is a need for a Mental Health Act Assessment (as per the Mental Health Act). This is in accordance with the standards of practice for all Psychiatrists licensed to practice in the UK. In every case, Dr Assalman will make her best effort to discuss the situation with you prior to contacting anyone.
- Your health insurance provider. We will seek your consent before sharing medical information with your health insurance provider.
- The Care Quality Commission, the Court or other regulatory or public body if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, including if a crime is being investigated or a formal court order has been issued;
- Our indemnity organisation/insurer and our solicitors in the event of a civil claim being brought against the Practice;
- Our payment services providersto enable the processing of your payment details. In these cases, only the minimum information such your name and email will be shared, as well as information relevant to the invoice such as the date of the consultation or other services charged such as a repeat prescription.
The majority of payments made online will be processed via Stripe, our third party credit card processor. Stripe encrypts all payment transactions and details of their privacy policy can be found at https://stripe.com/gb/privacy. In some instances, online payments may be processed by PayPal or SumUp - Data Processors. Data processors are third parties who process data on our behalf. We have Data Processing Agreements in place with our data processors which means that they cannot do anything with your personal information unless we have instructed them to do so. Our data processors will hold your personal information securely and will retain it for the period we instruct. Our data processors will not share your personal information with any individual or organisation apart from us.
The data processors we use are:
- Organisations which manage financial transactions as mentioned above
- Software providers/hosts for our secure database which holds your personal data and our email service provider
- Online pharmacies
Keeping your personal information secure
All personal information you provide to us or we collect from you is stored on secure servers and any payment transactions will be encrypted using SSL technology.
No personal information is retained on paper – all hardcopy personal information is securely shredded as soon as the personal information has been processed electronically to our secure database.
Whilst we will use all reasonable efforts to safeguard your personal information, we are all aware that the transmission of information via the internet is not 100% secure and therefore we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet.
Once we have received or collected your personal information we will adhere to our strict procedures and security protocols to try to prevent unauthorised access.
Some of the information we hold is stored in servers outside the EEA and we will only transfer your personal data outside the EEA provided that the country in which your personal data is transferred ensures an adequate level of protection for your rights and freedoms as well as that the transfer is necessary in the performance of our contract with you.
Retention of your personal information
By law, mental health records need to be kept by the Practice for 20 years after the last contact with the patient. If you have not been in touch with the Practice for more than a year, you will no longer be considered an active patient. Your personal information will remain archived in our secure electronic database and will no longer be displayed as an active record. As mentioned previously, no hard copy or paper records are retained or stored, regardless whether you are an active or inactive patient. We need to retain your records even if you are no longer an active patient in order to comply with our ethical, regulatory and legal obligations.
Your rights
Under the Data Protection Act 1998, and General Data Protection Regulation (GDPR) (2018) you have rights as an individual which you can exercise in relation to the information we hold about you.
We will generally submit this information to you electronically using secure encrypted email, unless you specifically ask for this information to be sent to you by other method such as standard email or post.
In addition to the above rights, you may also:
- Request that we amend any inaccurate factual data about you
- Request that access to your data is restricted
- Request that some of your data be erased where there is no longer an ongoing need for processing. Please note that we cannot erase any medical records as we have a statutory duty to keep them as per the Data Protection Act 1998. We are professionally and legally obliged not to alter any medical records. However, if you disagree with any information contained on your medical records, a note can be added to the relevant entry to explain to any future readers that the patient disagrees with this information, and you can add an explanation if you wish
- Object to the processing of your personal data and your objection will be considered
If you wish to exercise any of these rights or to make a request for any personal information we may hold (a ‘Data Subject Access Request’) you can email us at secretary@drassalman.co.uk or write to us at Dr Iyas Assalman , 55 Harley Street, London W1G 8QR