GDPR, PRIVACY, LEGAL & COMPLAINTS

GDPR STATEMENT

Personal and Sensitive Information

Under the relatively new EU imposed General Data Protect Regulations (GDPR) 2018. We will be collecting both personal and sensitive data in accordance with the above regulation.

Sensitive information: Information that includes race, ethnicity, religious beliefs, mental health, medical records or sexual health. We shall only be using this specific information for the purposes of treatment or visits of medical nature this is to ensure patient safety.

Personal information: Is defined under the Data Protection Act (DPA) 1998 as information that could identify an individual. Examples of DPA information are email addresses, telephone numbers, and caller identifiers.

The legal defense we rely on

The regulation gives several defenses regarding the collection and storing of information. IPSA is committed to the protection of any information given by patients and service users. Below are the defenses we are relying on regarding your information;

1. Consent

In some cases, we may seek your consent for collecting this information about you this can be done through simply ticking a box on a consent form. As a patient, you may be asked sensitive information in order to get a safe diagnosis and treatment.

2. Contractual obligations

As a customer of IPSA any transactions you make create a contract between us and you. Therefore, we will need card details to process payment.

3. Legal Compliance

There are times where information must be processed to comply with relevant governing bodies. Examples of this include (but not exclusive to) proof of age or identity where the law requires it or gathering information as part of a formal investigation for legal proceedings.

4. Legitimate Interest

Data could be used in a way that is reasonable that does not have a significant impact on your rights or freedoms as part of our business improvement strategy. Examples include sending a text message with details of your appointment time or sending an email detailing various discounts and offers.

When do personal data we collect?

Any personal data can be collected through our website when making a booking or an inquiry. First-time bookings to see the GP do require card details to secure the booking the card is not charged until after the appointment.

 

 What personal data do we collect?

The data that we collect is predominately through our secure booking system where we take details of your name, address, phone number, and email. IPSA also require card details in order to secure a first time booking. All details written used are stored in a locked cabinet under the reception desk. All phone calls for monitoring purposes are recorded and CCTV footage is recorded. Survey results are anonymised taken from patients to measure how well the clinic is doing and if there are any improvements to be made.

How and why do we use personal data?

ISPA is committed to providing the best service and care to all of its customers, therefore, we use all data that is collected about you as an individual and tailor it to provide you the best experience possible. However, there are cases where we are obliged contractually or by law that we need to store this information. Allowing us to store your details ensures that your safety as it is easier to prevent fraud. Further benefits include enabling our staff to contact you when you make an inquiry, customer service support, and to give confirmation or reminders of appointments.

How do we protect your data?

IPSA is committed to your data security therefore, several procedures and policies are enforced to ensure that any data that is stored is stored correctly. Staff are regularly trained in DPA and GDPR matters. ISPA will never sell any information to third parties and will take all appropriate steps regarding to unauthorised access, lost or misused data.

How long do we keep your data?

Data is kept for as long as necessary. Certain information must be kept for legal or contractual purposes, however any personal information that is accumulated through other means will either be deleted if it is no longer of use or the data provided will be anonymised if it can aid in the continued success and growth of the clinic.

Cookies and Similar technologies

When accessing our website, we use a technology known as cookies which deals with any digital information and allows for a more personalized experience for example, personalised adds on Facebook. Cookies are helpful to our organisation as it provides information regarding to the usage of the site and the behavior of users. For further information please look at our Cookies policy.

Who do we share your personal data with?

IPSA is dedicated to protecting your information therefore we are committed to the following;

1. IPSA will not sell any information to third parties.
2. Any sensitive information gathered will not be used for marketing purposes.

Personal data can be used for IPSA’s own marketing purposes and may share non personal information such as IP addresses with companies such as Facebook as way of personalising advertisements.

What are your rights?

As it is your data you have the right to choose what we do with it. However, where we either have a contractual or legal responsibility then we might not be able to complete any request of removal from our system. The rights you as a patient or consumer are as follows;

1. Allow access to data that is held about you.
2. Make a request of information that is about you and if there is any data that is either out of date or incorrect should be removed or changed.
3. The right to be removed. However, in certain circumstances, IPSA may not be able to comply with such a request due to contractual or legal requirements.
4. The right to stop direct marketing. All personalised marketing is for your benefit to ensure that you get the best offers, discounts, and deals that IPSA are providing.
5. As a customer of IPSA, you do have the right to withdraw your consent of any personal information that you have provided us with. Exceptions of this right include any information that is kept in align with the contractual or legal requirements the service has.

How to stop any marketing messages?

If you do not wish to receive emails of our latest offers, discounts or updates then please click the unsubscribe button on your email.

Children

The service does not knowingly collect the information of under 16’s (sixteens) however, children under the age of 16 must have either parental or guardian consent for us to store any personal information of that child.

Privacy Policy Changes

Any changes to the privacy policy all customers will be notified. A notice will be put up in the clinic of any changes and email will be sent to all subscribers.

Complaints     

All complaints of any data being held can be reported to the data protection officers. Complaints should be made via verbal communication or in writing and sent the address below;

Data Protection Officer

7 Haben Parade,

Finchley Road,

London NW3 6JP

If you are unhappy with the satisfied with the process, please contact the UK Information Commission Office (ICO) by calling them on 0303 123 1113 or go on their website at https://ico.org.uk/

Questions

If you have any questions about your data, please contact IPSA’s data protection officer who will happily advise.

================================================================

IPSA MEDICAL GROUP

PRIVACY POLICY

IPSA will be holding all information that is personal or sensitive in accordance with UK’s domestic data protection laws the Data Protection Act 1998 (DPA) and the recently transposed European regulation the General Data Protection Regulation 2018 (GDPR).

IPSA Medical Clinic has a legal duty to explain how we use any personal information we collect about you, as a registered patient, at the practice. Staff at this practice maintain records about your health and the treatment in both electronic and paper format.

What information do we collect about you?

We will collect information such as past and current medical conditions, personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, consent records, treatment and medications, test results, X-rays, etc. Notes of conversations or incidents that might occur therefore, a record needs to be kept. Any correspondence relating to them and other health care professionals, for example in the hospital or Medical Specialist Group, and any other relevant information to enable us to deliver effective medical care.

Why do we hold information about you?

We need to keep comprehensive and accurate personal data about patients to provide you with safe and appropriate medical care. We will ask you yearly to update your medical history and contact details.

Security of information

Personal data about you is held in the practice’s computer system and/or in a locked manual filing system. The information is only accessible to authorized team members. Our computer system has secure audit trails and we back up information routinely.

How we will use your information

Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. We may need to disclose personal information about you to, Community services & Multi-Disciplinary Teams, Hospitals, Other health professionals caring for you, Medical Specialist Group, Social Services, Agents and Third parties as required by legal and law. Disclosure will take place on a ‘need-to-know’ basis. Only those individuals/organisations who need to know to provide care for you and for the proper administration of Government (whose personnel are covered by strict confidentiality rules) will be given the information.

In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.

The clinic may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.

In order to comply with its legal obligations, this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Additionally, this practice contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure.

Maintaining confidentiality and accessing your records

We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected.

Risk stratification

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually, this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including Mulberry Medical Practice; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.

Opt-outs

You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering to opt out online (national data opt-out programme) or if you are unable to do so or do not wish to do so online, by speaking to a member of staff.

Retention periods

IPSA adopts  the NHS Codes of Practice for Records Management, your healthcare records will be retained for 10 years after death, or if a patient emigrates, for 10 years after the date of emigration.

What to do if you have any questions

Should you have any questions about our privacy policy or the information we hold about you, you can:

1. Write to the data controller at am@ipsa.com
2. Ask to speak to the practice manager

Complaints

In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’.

Changes to our privacy policy

We regularly review our privacy policy and any updates will be published on our website, in our newsletter and on posters to reflect the changes. This policy is to be reviewed December 2018.

================================================================

IPSA MEDICAL COMPLAINTS PROCEDURE

We are sorry that you not satisfied with the Service you have received at IPSA Medical Clinic. We strive to do our utmost to ensure you have complete acre and satisfaction however occasionally things go wrong.

IPSA Medical Clinic is committed to providing a high quality private medical service to all patients. All clinic staff recognise that there may be occasions when patients may wish to complain about some aspect of the healthcare service which has been offered or received.

Please feel rest assured that your complaint will be taken very serious no matter what. We will do everything in our power to address and resolve any issue you may about the clinic, treatment, doctor or member of staff

If you feel you wish to discuss an issue, or indeed make a complaint, we would kindly ask that you bring this to the attention of a member of practice staff as soon as possible. This complaints procedure ensures that your complaint will be dealt with as quickly as possible.

Verbal Complaints

If you wish to speak to someone about an aspect of the IPSA Medical Clinic, please try to do so as soon as possible, preferably before you leave the clinic premises. Our Clinic staff will make every effort to resolve your complaint as quickly as possible. If your concerns are not resolved to your satisfaction, you will be advised on the process to make a formal written complaint.

If you prefer to speak on the phone you may call us on 0207 449 9490.

Written Complaints

All written complaints should be addressed to the Practice Manager at the practice address: IPSA Medical Clinic, Lower Floor 7 Harben Parade, Finchley Road, London NW3 6JP.

Or You may email practicemanager@ipsa.com

Please describe as fully as you can the nature of your complaint stating the following information.

• What are you unhappy about
• When the incident took place
• What clinic staff were present at the time

Your complaint will be acknowledged in writing within three (3) working days of receiving the letter, unless a full reply can be sent to you within twenty-eight (28) days. We will make all efforts to resolve your complaint as quickly as possible but sometime investigations can take time.

We will carry out a full investigation of the nature of your complaint and offer to meet with you in order to resolve the issue/s. You will receive a full written response within twenty-eight (28) days of the complaint being received.

If a full response cannot be given within twenty-eight (28) working days of receiving your complaint, We will write to you to explain the reason for the delay. You will receive a full written response within five (5) days of a conclusion being reached.

Who else can help?

Ombudsman

If you are still unhappy about the outcome of your complaint, you will be able to take your complaint to the Health Service Ombudsman. For more information please www.ombudsman.org,.uk or call 0345 015 4033

The Patients Association. This Charity Speaks up for patients

020 8423 8999 www.patients-association.org.uk

Citizens Advice Bureau

Your local Citizens Advice Bureau can be a great source of advice and support if you want to complain about the NHS, social services or local authorities. You can find your local Citizens Advice Bureau on its website.: http://www.citizensadvice.org.uk/

Please be assured that IPSA Medical Clinic will deal with all complaints confidentially and the following investigation, will consider making changes to the private medical service to improve the healthcare services on offer to all patients.

COMPLAINT FORM

Patient Full Name: ……………………………………………………………………………………………………

Date of Birth: ……………………………………………………………………………………………………

Address: ………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

Complaint details: (Include dates, times, and names of the Practice personnel, if known)

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

(Continue overleaf if necessary)

SIGNED ……………………………………………………………………………………………………

Print Name ……………………………………………………………………………………………………

Date ……………………………………………………………………………………………………

PATIENT THIRD-PARTY CONSENT

 

PATIENT’S NAME: ……………………………………………………………………………………………………………

TELEPHONE NUMBER: ………………………………………………………………………………………………………

EMAIL: ………………………………………………………………………………………………………………

ADDRESS: ………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

ENQUIRER / COMPLAINANT NAME:

………………………………………………………………………………………………………………

TELEPHONE NUMBER: ………………………………………………………………………………………………………

EMAIL: ………………………………………………………………………………………………………………

ADDRESS: ………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

………………………………………………………………………………………………………………

 

IF YOU ARE COMPLAINING ON BEHALF OF A PATIENT OR YOUR COMPLAINT OR ENQUIRY

INVOLVES THE MEDICAL CARE OF A PATIENT THEN THE CONSENT OF THE PATIENT WILL BE

REQUIRED. PLEASE OBTAIN THE PATIENT’S SIGNED CONSENT BELOW.

I fully consent to my Doctor releasing information to and discussing my care and medical

records with the person named above in relation to this complaint only, and I wish this person

to complain on my behalf.

This authority is for an indefinite period / for a limited period only (delete as appropriate)

Where a limited period applies, this authority is valid

until………………………….. (insert date)

Signed: …………………………………….………..…………………. (Patient only)

Date: ……………………………………………………..

================================================================

Infection Control Annual Statement 2019

IPSA Medical

 

Infection Control Annual Statement

Purpose

This annual statement will be generated each year in December in accordance with the requirements of The Health and Social Care Act 2018 Code of Practice on the prevention and control of infections and related guidance. It summarises:

 

• Any infection transmission incidents and any action taken (these will have been reported in accordance with our Significant Event procedure)
• Details of any infection control audits undertaken, and actions undertaken
• Details of any risk assessments undertaken for prevention and control of infection
• Details of staff training
• Any review and update of policies, procedures and guidelines

 

Infection Prevention and Control (IPC) Lead

IPSA Medical Leads for Infection Prevention and Control: Dr Ambia Mustafa.

Infection transmission incidents (Significant Events)

Significant events (which may involve examples of good practice as well as challenging events) are investigated in detail to see what can be learnt and to indicate changes that might lead to future improvements. All significant events are reviewed in the bimonthly partner meetings and learning is cascaded to all relevant staff.

In the past year there have been no significant events raised that related to infection control.

Infection Prevention Audit and Actions

The Annual Infection Prevention and Control audit was completed by Dr Ambia Mustafa 31^st March 2019

As a result of the audit, the following things have been changed in IPSA Medical’s Surgery:

• The clinic has nominated Mr. Abdul Mustafa as the Infection Control Deputy for IPSA.
• Besides Infection Control staff have been trained on hygiene – hand washing techniques and recognise that washing hands is one of the easiest ways to protect oneself and others from illnesses such as food poisoning and flu.
• Baby facilities have been introduced.

 

No infections were reported for patients who had had minor surgery at the Surgery.

As a result of the audit, no changes in procedures were deemed necessary.

IPSA Medical plan to undertake the following audits in 2019:

• Annual Infection Prevention and Control audit
• Domestic Cleaning audit
• Hand hygiene audit

 

 

Risk Assessments

Risk assessments are carried out so that best practice can be established and then followed. In the last year the following risk assessments were carried out / reviewed:

Legionella (Water) Risk Assessment: The practice has conducted/reviewed its water safety risk assessment to ensure that the water supply does not pose a risk to patients, visitors or staff.

Immunisation: As a practice we ensure that all of our staff are up to date with their Hepatitis B immunisations and offered any occupational health vaccinations applicable to their role (i.e. MMR, Seasonal Flu). We take part in the National Immunisation campaigns for patients and offer vaccinations in house and via home visits to our patient population.

Other examples:

Toys: Cleaning Specifications recommend that all toys are cleaned regularly, and we therefore provide only wipeable toys in waiting / consultation rooms.

Cleaning specifications, frequencies and cleanliness: We have added a cleaning specification and frequency policy poster in the waiting room to inform our patients of what they can expect in the way of cleanliness. We also have a cleaning specification and frequency policy which our cleaners and staff work to. An assessment of cleanliness is conducted by the cleaning team and logged. This includes all aspects in the surgery including cleanliness of equipment.

Hand washing sinks: The practice has clinical hand washing sinks in every room for staff to use. Some of our sinks do not meet the latest standards for sinks but we have removed plugs, covered overflows and reminded staff to turn of taps that are not ‘hands free’ with paper towels to keep patients safe. We have also replaced our liquid soap with wall mounted soap dispensers to ensure cleanliness.

Training

All our staff receive annual training in infection prevention and control.

Clinical and non-Clinical Staff undertook Level 2 Infection Prevention and Control training in May 2019 delivered by Dr Ambia Mustafa. The training was delivered using a training presentation developed on resources from BlueStream Academy and Camden CCG.

When nonclinical staff are first recruited, they will be trained in infection control in their induction period. Staff are migrating training through using recommended training software BlueStream Academy.

 

Policies

All Infection Prevention and Control related policies are in date for this year.

Policies relating to Infection Prevention and Control are available to all staff and are reviewed and updated bi-annually, and all are amended on an on-going basis as current advice, guidance and legislation changes. Infection Control policies are circulated amongst staff for reading and discussed at meetings on an annual basis.

Responsibility

It is the responsibility of everyone to be familiar with this Statement and their roles and responsibilities under this.

Review date

30/09/19

Responsibility for Review

The Infection Prevention and Control Lead and the Practice Manager are responsible for reviewing and producing the Annual Statement.

For and on behalf of IPSA Medical.

 

====================================================================================

REGISTRATION DETAILS 

IPSA MEDICAL CLINIC
Address of service provider: 7 Harben Parade
Finchley Road
Hampstead
London
NW3 6JP
Date of Registration: 12/11/2012

Certificate number: CRT1-525905819
Certificate date: 19/11/2012
Provider ID: 1-460603432

Name of registered manager
Dr. Ambia Mustafa

IPSA PHARMACY

GPHC Premise registration number: 1113425

Pharmacy owned by: IPSA Pharmacy Limited

Superintendent Pharmacist Details: Ali Aldijely

If any reason you have any complaints regarding our any of services please write to the following address:

Customer Services Manager
IPSA Pharmacy Ltd
7 Harben Parade,
Finchley Road,
London
NW3 6JP

 

What is this?