PRIVACY
Medical Disclaimer
This website contains general information about medical conditions and treatments. The information is not individual advice, and should not be treated as such. It represents the opinion of Dr Monk, based on his practical experience and research and is provided “as is” without any representations or warranties, express or implied.
You must not rely on the information on this website as an alternative to medical advice from your doctor or other professional healthcare provider.
If you have any specific questions about any medical matter you should consult your doctor or other professional healthcare provider.
You must not rely on the information on this website as an alternative to medical advice from your doctor or other professional healthcare provider.
If you have any specific questions about any medical matter you should consult your doctor or other professional healthcare provider.
Privacy Policy
PRIVACY POLICY
Dr Michael Monk includes monkmedicalgroup and The Restless Legs Clinic. This Privacy Policy explains how we comply with the General Data Protection Regulation 2018 (GDPR), why we collect your personal information, and what we do with it and what your rights are.
As a healthcare practice we have always collected information about patients and stored and managed this in the medical record. This is what is known as ‘data processing’.
All ‘data processing’ under GDPR has to have a ‘Lawful Basis’. When you supply your personal information to us it is stored and processed under 4 legal categories (Lawful Bases):
- Contract
- Legitimate Interest
- Legal Obligation
- Consent
- Contract We need to collect basic personal information about you, such as name and contact details, in order to make an appointment, enter you on our database, and to open a patient record. Your requesting treatment and our agreement to provide that constitute a Contract. You can, of course, refuse to provide the information, but if you were to do so, we would not be able to make an appointment and go on to provide treatment. If you cancel your first appointment we will delete your details from our database because the contract has been terminated.
- Legitimate Interest It is obviously important that we can contact you to confirm your appointments with us or to update you on matters related to your medical care, or about the Clinic. This falls under Legitimate Interest. In addition, we have to retain billing and accounts information in order to manage our business - again this is Legitimate Interest. We also process some information for the purposes of clinical audit, research, and developing and improving treatment approaches. This data, which includes patient outcomes and relevant data, is ‘pseudonymised’ which means that you cannot be identified from the data when it is used in this way. In one group of patients (those with Restless Legs Syndrome) pseudonymised data may be subject to ‘further processing’ for statistical research and clinical audit, and this has the Lawful Basis of Legitimate Interest. This may be made available to people such as prospective patients or other health professionals who are interested in finding out about the effectiveness of treatment. This information will never be sold for marketing purposes. You can object to ‘further processing of data’ but it could make it more difficult to deliver the full treatment. Rarely there may be a conflict between your objection to managing some types of information and our need to manage our business legally, and our Legitimate Interest could override yours. This would need discussion on a case by case basis.
- Legal Obligation We have a Legal Obligation to retain your records for 8 years after your last appointment (or age 25, if this is longer), but after this period you can ask us to delete your records. Otherwise we may retain your records indefinitely in order to provide care should you need to see us at some future date.
- Consent If you would like us to, we may occasionally send you general health information in the form of articles, advice or newsletters, but only if you have given your consent. This is by a ‘sign-up’ on the website. You may withdraw this consent at any time – just follow the links on the website to ‘unsubscribe’.
Access to your information and your rights
You have the right to request a copy of the information that we hold about you. If you would like a copy of some, or all, of your personal information, please write to Dr Michael Monk, Brewers Cottage 35 London Road Copford COLCHESTER CO6 1LG. We will need to ask you to provide proof of identity for this.
Your medical record, which has been collected on the Lawful Basis of legal obligation cannot be altered or deleted or removed and we have to retain it for a minimum of 8 years. You can ask for incorrect factual information to be corrected and, if agreed, this amendment will be held along with the original information. Even if no amendment is made we need to record that you have asked.
Complaints
You have the right to complain about how we process your information. In the first instance, please state your complaint to Dr Michael Monk who is responsible for Data Processing, and we will try to put it right. If you are still not satisfied you can also complain to the supervisory authority - the Information Commissioner’s Office at www.ico.org.uk or in writing to Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Third parties
As part of ‘further processing’ we use software from Private Practice Software, Google, SurveyMonkey and DataHero. These ‘third parties’ do not have access to information which could identify you. In addition, each has stated that they are compliant with GDPR.
As you would expect, our computer hardware and software systems have to be maintained by an external company and this company is bound by a Confidentiality Agreement and is compliant with GDPR 2018.
Other administrative staff such as our Personal Assistant and Data Analyst may have access to pseudonymised information but do not have access to your medical record. They have also stated that they are compliant with GDPR 2018 and have signed Confidentiality Agreements
If I write to your GP or to another referring Consultant about you, this would fall under Legitimate Interest. You can object to this sharing of information and we will respect that. However, if I felt strongly that it was in your best medical interest to contact another health practitioner about you, I would discuss this with you and we would ask for your written consent to this.
We may be asked to provide personal confidential data from an insurance company, solicitor, or employer (or similar third party). We would need your written consent to this.
We will not share your information with any third party for marketing purposes.
Storage
Your records are stored digitally on our computers which are password protected and backed up regularly.
Communicating with you
We may send you appointment reminders and information or feedback relating to your medical problem or a specific enquiry you have made. Because this falls under the category of Legitimate Interest (yours) we do not need your specific consent to do so. We may also need to tell you about changes to the location of the practice or practice hours for example and, again, Legitimate Interest applies.
We may send out occasional newsletters with information which is not directly related to your medical problem and we certainly need your written Consent for these. This is only done online through the website and you can unsubscribe at any time, by following the steps online.
In the main, we will communicate with you using email, which is probably how you will contact us. The Information Commissioner’s Office confirms that emails are secure in their own right and we do not need to use encryption software. But please bear in mind that, if you use a work email address, personal information may be read by someone else within your workplace – if you were on holiday or had moved to another job but had not told us. If you give us an email address shared with a partner or spouse we will assume that you have no objection to us using this address for personal information.
For highly sensitive information such as your complete medical record or any particularly personal medical information, we will use password - protected documents, sending the password by a different means.
It is your responsibility to let us know about any changes to your contact information or your GP. Please do this in writing, either by email or by post.
In the event that the practice is sold, some or all of the data may be transferred to the new owner so that they are able to continue your healthcare, which is normal practice.
Changes to the Privacy Policy
We keep our Privacy Policy under regular review and we will place any updates on our websites. Should we make changes to the way we use your information, we will inform you in advance of any changes being made. This Privacy Policy was last updated on 15 February 2023.
How to contact us
Please contact us if you have any questions about our privacy policy or information we hold about you.
- By email at [email protected]
- Or write to us at Unit 98036, PO Box 6945, London, W1A 6US
Michael Monk
MB BS MRCS LRCP DMRD MLCOM DipMedAc
GMC No 1455388, BMAS No. 512