Privacy Policy - Patient Data

This Privacy Notice sets out important details about how we handle your patient data and information that Operations Abroad Worldwide Ltd may collect and hold about you, how that information may be used and your legal rights. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.

Please take time to read this Privacy Notice carefully and contact us if you have any questions about its content.

The Data Protection Act and General Data Protection Regulation controls how your personal information is used by organisations, businesses or the government. Under the Act, Operations Abroad Worldwide is defined as a ‘data controller’ of personal information. We collect information to help us provide and manage healthcare to our patients.

What kind of personal information does Operations Abroad Worldwide collect?

We have information about you which you and others involved in your care and treatment (or their secretaries) or who are paying for your care and treatment have supplied to us. This is likely to include your name, date of birth and contact details (postal and email addresses and phone numbers) as well as emergency contact details, including your next of kin.

We may also hold more sensitive information about you which may include details of healthcare services provided previously by others such as GPs, dentists or hospitals, previous hospital visits and details of any medications you have been prescribed or taken. We may also hold details of your previous medical history, diagnosis & treatment recommendations together with any allergies or other health conditions. We refer to this as ‘more sensitive information’ in this Privacy Notice.

We may collect information from you when you visit our websites or enquire about our products or services. Please see our Privacy Policy Online at www.operationsbroadworldwide.co.uk/privacypolicy.

We may hold information about you contained in enquiry or booking forms, including through our "General Enquiry" or "Patient Quotation" sections of our websites.

In order for us to provide your medical care and/or treatment, we ask that you provide as much information to us as you can. Please bear in mind, however, that if you are only willing to share limited information, we may not be able to provide you with the full range of care and treatment (as applicable), and that could mean being unable to assist in arranging your medical treatment.

Why we collect information about you

The people who will provide your medical treatment will use your information and records to:

Provide the medical treatment and healthcare services requested by you
Make sure your treatment & hospital care is safe and effective
Work effectively with those providing you with medical treatment and healthcare services

How long do we hold information for?

Records are retained in accordance with national guidance from the Department of Health and Social Care and the Records Management Code of Practice for Health and Social Care 2016. Records including confidential information are securely destroyed in line with this code of practice.

Information Sharing

We will share your medical information with those involved in your health care or treatment (such as doctors, nurses and physiotherapists) for medical purposes (including the provision of health assessments). The hospital providing your medical treatment or surgeon may also create his or her own records about you and should therefore also make available to you their own privacy notice.

We use information about you in connection with planning your medical treatment and/or hospital care, including tests, assessments and medical examinations. We will use this also in connection with payment of fees.

For your benefit we may need to share information from your health records with other healthcare organisations from whom you are also receiving direct care, such as hospitals, surgeons or healthcare professionals.

We may also need to share your information, such as medical test results with other medical practitioners directly related to your medical treatment. We will always seek your permission to share your information with organisations for purposes other than for the benefit of your direct care.

Some of those involved with your healthcare treatment are external companies providing services such as blood tests, diagnostic scans, analysis of tissue samples and more. We may share information about you with these companies where required in connection with your care.

We may also share relevant parts of your medical information with your GP, dentist, NHS hospitals, other hospitals and the organisation paying for your treatment (for example your insurance company, embassy, employer or NHS commissioner).

We may share information about you with anyone you have asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin).

We may use your phone number (or email address where you have provided it to us) to contact you in advance of and after your admission or appointment for reasons connected with your health care or treatment. Where you have provided us with your mobile number or email address, we may send you confirmations/reminders via text message or email and we may respond to your email enquiries via email.

We may also use information about you where there is a legal or regulatory obligation on us to do so (such as the prevention of fraud) or in connection with legal proceedings. Sometimes, we are required to disclose information about you because we are legally required to do so. This may be because of a court order or because a regulatory body has statutory powers to access patients’ or health assessment clients’ records as part of their duties to investigate complaints, accidents or health professionals’ fitness to practise. Before any disclosure will be made, we will satisfy ourselves that any disclosure sought is required by law or can be justified in the public interest. Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime. On occasion, this may include the Home Office and HMRC.

We may also use information about you where you have provided your consent to us doing so.

We do not carry out automated decision making or profiling.

Where and for how long does Operations Abroad store information about me?

The information about you that we hold and use is held securely in the United Kingdom and stored in paper format and on our secure servers. However, in some instances, your personal information may be processed for medical purposes or (particularly information not involving your medical information, because there is a legitimate interest or it is necessary for the performance of services to you) outside the European Union ("EU") where the organisation paying for your health care or treatment is based outside the EU or where one of our suppliers is operating outside the EU. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.

We retain your records for certain periods (depending on the particular type of record) under our retention of records policy. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care; to support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate interests, and to meet legal requirements.

If you would like more detailed information on this, please contact our Data Protection Officer (contact details below).

What legal basis does Operations Abroad Worldwide have for using information about me?

Data protection law requires that we set out the legal basis for holding and using information about you. We have set out the various reasons we use information about you and alongside each, the legal basis for doing so.

Given that some information we hold about you is particularly sensitive (as described above), we need an additional legal basis which we have set out in the third bullet point (entitled ‘legal basis for more sensitive information’) explaining our reason for this.

Below we detail the reason for using the information about you and the legal basis for doing so:

Reason - Taking a Patient Enquiry
Legal Basis - Taking the necessary steps to provide you with healthcare
Legal basis for more sensitive information - We need to use the information in order to provide care and treatment to you

Reason - Establishing an initial patient record
Legal Basis - Taking the necessary steps to provide you with healthcare
Legal basis for more sensitive information - We need to use the information in order to provide care and treatment to you

Reason - Providing you with health assessment services, care and/or treatment
Legal Basis - Providing you with health services, care and/or treatment
Legal basis for more sensitive information - We need to use the information in order to provide care and treatment to you

Reason - Liaising with other healthcare professionals about your care and updating others (such as your emergency contact)
Legal Basis - Providing you with care and treatment. We have a legitimate interest in ensuring that other healthcare professionals who are routinely involved in your care (such as your GP) have full details of your treatment
Legal basis for more sensitive information - We need to use the information in order to provide care and treatment to you

Reason - Contacting you and resolving queries
Legal Basis - We have an appropriate business need to use your information which does not overly prejudice you
Legal basis for more sensitive information - The use is necessary for the provision of health assessment services, care or treatment pursuant to a contract with a health professional

Reason - Investigating and responding to complaints or claims, complying with our legal or regulatory obligations and defending or exercising our legal rights
Legal Basis - The use is necessary in order for us to comply with our legal obligations
Legal basis for more sensitive information - The use is necessary for establishing, exercising or defending legal claims

Reason - Managing our business: retaining patient records, maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (such as tax, financial, legal or public relations advice)
Legal Basis - Our having an appropriate business need to use your information which does not overly prejudice you. The use is necessary in order for us to comply with our legal obligations
Legal basis for more sensitive information - The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems. The use is necessary for establishing, exercising or defending legal claims

Reason - Advising you of other services offered by Operations Abroad Worldwide (marketing)
Legal Basis - Our having an appropriate business need to use your information which does not overly prejudice you & you have provided your consent
Legal basis for more sensitive information - More sensitive information about you would not need to be used in these circumstances

What are your rights?

The law provides you with certain rights in relation to the information about you that we hold. You may exercise these at any time by contacting our Data Protection Officer (contact details below) or as otherwise noted below.

There will not usually be a charge for handling a request to exercise your rights and if we cannot comply with your request, we will usually tell you why. If you make a large number of requests or it is clear it is not reasonable for us to comply with a request, then we do not need to respond or we can charge for doing so.

You have the right to withdraw and refuse consent to information sharing at any time, but note that not sharing your information may affect the quality and safety of the care you receive.

Where information from which you can be identified is held, you also have the right to:

Request that your information is corrected
Have your information updated where it is no longer accurate.

Right of access

You have the right to access information held about you. This includes details of what information we hold about you and a copy of that information. The information will be provided free of charge and, unless there are grounds for extending the statutory deadline, the information will be provided to you within one month of receipt of your request. Please note we will generally also ask for confirmation of your identity and may need further information from you in order to locate the information, in which case the time period starts from the date we have that detail. Please note that in some cases we may not be able to comply fully with your request, such as where your request also involves information about someone else and it would not be fair to that other person to provide the information to you.

Please contact the Data Protection Officer (contact details below) for further information.

Right to erasure

In some circumstances, you have a right to have information about you ‘erased’ and to prevent us using or holding information about you. Please note that we do not have to comply with such a request where it is necessary to keep your information in order for us to perform tasks which are in the public interest (including public health) or for the purposes of establishing, making or defending legal claims. If you make such a request and we comply with it, please be aware that we will retain a note of your name, the request made and the date we complied with it.

Please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

Right to restrict processing

In some situations, you have a right to ‘block’ or suppress our holding or using information about you. As with the right to erasure, please note that we do not have to comply with such a request where it is necessary to keep your information in order for us to perform tasks which are in the public interest (including public health) or for the purposes of establishing, making or defending legal claims.

Please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

Right to withdraw consent

You have the right to withdraw consent to us holding or using information about you, but only if consent is the basis for us holding or using your information. Please click the ‘unsubscribe’ button in marketing materials or otherwise please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

Right to object

You have the right to object to Operations Abroad Worldwide holding or using information about you in certain situations. Please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

Right to complain to the Information Commissioner’s Office

You can complain to the Information Commissioner’s Office (ICO) if you are unhappy with the way we have dealt with a request from you to exercise any of your rights or if you think we have not complied with our legal obligations. Whilst you do not have to do so, we would appreciate you making the Data Protection Officer aware of the issue and giving us an opportunity to respond and to address it before contacting the ICO.

Making a complaint will not affect any other legal rights or remedies that you have. More information can be found on the ICO website: https://ico.org.uk/ and the Information Commissioner’s Office can be contacted by post, phone, fax or email as follows:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 7459 (if you prefer to use a national rate number)

Fax: 01625 524 510

Email: casework@ico.org.uk

How do I access information recorded about me?

Under the Data Protection Act individuals have a right to access information that is held about them by an organisation. If you have undergone medical treatment at one of the hospitals within the network of Operations Abroad Worldwide Ltd and would like access to your medical file please contact the Data Protection Officer.

For further information please contact:

Jayne Hamilton-Smythe

Data Protection Officer
Operations Abroad Worldwide Ltd

Gainsborough House

109 Portland Street

Manchester

M1 6DN

Email: Jayne.Hamilton-Smythe@operationsabroadworldwide.co.uk
Tel: 01612363211

Privacy Policy - Patient Data

I'm a Patient

Medical Treatment Abroad

Rehabilitation Abroad

I'm a GP / NHS

I'm a Business

Our Hospitals

Europe

Americas

Middle East

Far East

Africa

About Us

Contact Us