The Healthcare Management Trust (HMT) understands the importance of an individual’s right to privacy. As a data controller, HMT complies with laws relating to the management of personal data or information, including the Data Protection Act (DPA). In discharging their duties, our clinical staff understand and comply with the Common Law Duty of Confidentiality and the Caldicott Principles
The data controller is The Healthcare Management Trust (HMT) whose registered address is: 14 Queen Anne’s Gate, London SW1H 9AA.
HMT is a charitable company limited by guarantee, registered in England: Company Number 1932882 and Registered Charity Number 292880.
What is personal data?
Personal data is information relating to a living individual that enables them to be identified.
What is sensitive personal data?
Sensitive personal data is information relating to what are defined as ‘special categories’ of data. These include ethnicity, religion, sexual orientation and physical or mental health information.
What personal data may we collect from you?
The personal data or information we collect about you will depend on your relationship with HMT. It may include:
- Name and contact details, including address, date of birth, email address and telephone number. You may have provided this information verbally, in writing or electronically (by email or via our website).
- We will also usually record these details for your next of kin. It will be your responsibility to ensure that your next of kin consents to this.
- Health information including your medical history, medication, allergies and lifestyle. We will only record sensitive personal data, including heath information, religious beliefs etc. that is relevant to your relationship with us.
- Details of referrals and treatments you have received from a third party, for example, your GP or the NHS.
- Recordings of calls we receive from you.
- Information received from you in questionnaires, for example Patient Feedback forms.
- Information about complaints.
- Information you provide when you make a payment to us.
When do we collect your personal data?
We will collect your personal data, including relevant sensitive personal data, if you:
- Express an interest in, or apply for, a position of employment with HMT.
- Visit one of our websites.
- Contact us either in person, by telephone, by email or by social media.
- Complete any surveys relevant to HMT, including staff surveys and patient or resident feedback questionnaires.
- Register as a patient or resident with HMT.
- Make a payment for services.
- Participate in marketing.
Processing personal data and the law
As a data controller, HMT applies the principles of the General Data Protection Regulation (GDPR) when processing personal data. Article 5 of the GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initialpurposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified withoutdelay;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;and
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational
- HMT needs to process the personal data of its patients, residents and staff for a number of purposes. A data controller must have a legal basis for processing this information. However, the particular legal basis will vary depending on the purpose for processing.
We may process information about you for the following reasons:
- compliance with legal, including regulatory obligations
- gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
- In providing safe and effective and appropriate treatment or care
HMT will also process your non-sensitive personal data (name, address, contact details) to help the company create and manage its contractual agreement with you.
You may also supply us with sensitive personal data relating to your physical and mental health, which is gathered for the purposes of your treatment.
We will usually only collect and record sensitive personal data with your prior consent. However, occasionally we may do so without consent where required or permitted to do so by applicable law (e.g. to comply with public health requirements).
When you use our website we may gather information about you through Internet access logs, cookies and other technical means. ‘Cookies’ are text files placed on your computer to collect Internet log information and user behaviour information. These are used to track website usage and monitor website activity and for other data processing reasons set out below.
Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to delete them, please contact us (see below).
When do we receive personal data from third parties?
- Our consultants are independent practitioners and data controllers in their own right. They will share relevant personal data with us if they intend to consult or treat patients at one of our hospitals. In this case, the two parties have a joint responsibility for the management of the personal data.
- When we treat patients who have private health insurance, the insurance company will need to share relevant personal information with us. This will include confirmation of the type of treatment (and investigations) required.
- HMT works closely with the NHS in providing patient care. The personal data of patients that the NHS has asked us to see and treat will be shared with us for these purposes.
- Other third parties, including General Practitioners, will share personal data with us when they refer a patient for consultation or treatment at HMT Hospitals.
Disclosure of your personal data to third parties
HMT uses third parties to support the delivery of some of our services. When we enter a contractual agreement with another company for this purpose, both parties are required to sign a Data Sharing Agreement (DSA). A DSA provides us with the assurance that in each case, the third party will manage personal data to the standards required by law.
Systems used to process data
We gather information directly from you and also via our websites and other technical systems. These may include, for example, our:
- computer networks and connections
- CCTV and access control systems
- communications systems
- remote access systems
- email and instant messaging systems
- intranet and Internet facilities
- telephones, voicemail, mobile phone records
- medical consultation processes and procedures.
Private Healthcare Information Network (PHIN)
In 2014, following a review of private healthcare practices in the UK, the Competition and Markets Authority (CMA) published its findings. The relevant Order came into law in April 2015. The Order required private hospital operators to disclose specific information relating to the doctors who work within their facilities. Below is the relevant information that HMT is required to publish, as outlined in the Order.
As required by the CMA Order, HMT submits patient outcome data to the Private Healthcare Information Network (PHIN), the nominated Information Organisation (IO). For further information on PHIN, please refer to its website at: www.phin.org.uk
Data processing and your rights
You have certain rights when your personal data is held and processed by a data controller. This includes the right to:
- If the data we hold about you is incorrect, you have the right to have that inaccuracy corrected.
- You may have the ‘right to be forgotten’. Except where a data controller can justify retaining personal data, you may have the right to have that data erased.
- Submit a Subject Access Request. You have the right to request full details on what personal information we hold about you. In addition, what we do with that data, who has access to it and how it is stored.
You can contact us at the address below if you require information about the data we may hold on file for you.
If we have asked for your consent for processing of your personal data in specific circumstances, for example, marketing, you have the right to withdraw this consent at any time. For further information on withdrawal of consent for the processing of your personal data, please speak to any member of our staff or contact our Data Protection Officer: DataProtectionOfficer@hmt-uk.org
Or write to us directly:
Data Protection Officer
The Healthcare Management Trust
14 Queen Anne’s Gate
Please also contact us if you would like to correct or request (in accordance with applicable law) information that we hold relating to you or if you have any questions in relation to the above.