Last Updated: 17 October 2024

Privacy Policy

We are committed to respecting and protecting your privacy when handling your personal information. This privacy notice provides details on the information we collect about you, how we protect and use it, and your rights. If you have any questions about how we use your information, please send an email to info@drwhitecrossclinic.com.

Dr Gia Whitecross is the ‘data controller’ for the personal information you provide to the Practice. As the data controller, Dr Whitecross is responsible for, and controls the processing of, your personal information by the Practice. Dr Whitecross’s clinic, operating under Whitecross Health Ltd, is registered with the Information Commissioner’s Office (ICO).

Personal Information Collected by Us

You may give the Practice personal information by filling in our Registration Form, speaking with us over the telephone, emailing us, or otherwise corresponding with us. The personal information you give may include details such as your name, address, email address, phone number, date of birth, next-of-kin contacts, GP information, and medical insurance information.

We will also collect information related to your health and medical history and details about the treatment you receive (special category information). The information you provide to Dr Whitecross may be recorded in writing as part of history-taking.

We will collect and process personal information that you and other medical professionals send, such as referral letters, reports, assessments, or test results. We may also collect personal information about you provided by family members or other individuals known to you.

Your personal information is securely held on a cloud-based electronic patient medical record database, Semble, which uses two-factor authentication for access.

How We Use Your Personal Information

We use your personal information to fulfil our obligations as detailed in the Patient Information Letter and to provide healthcare services. In certain circumstances, your personal information may need to be shared with a Psychiatrist colleague to ensure continuity of care; this would only occur as needed, and unless in an emergency, your consent would be requested before sharing your information.

We will also use your personal information to ensure that you or your health insurance provider receives the correct bill and to provide the information and services that you request from us.

Your personal information may also be used to notify you of any changes to the information currently set out in our Patient Information Letter and for other administrative purposes.

Disclosure of Your Personal Information

We may disclose some of your personal information to:

1. Other clinicians involved in your care, including your GP, referring professionals, pharmacists, therapists, or other medical professionals. We will seek your consent before sharing your personal information with third parties. If you do not consent to Dr Whitecross sharing information with your GP, Dr Whitecross will discuss with you the most appropriate way forward based on your circumstances.

In cases where there is a potential risk to your health (e.g., if you are acutely unwell, have relapsed in severe addiction, or have intense suicidal thoughts), Dr Whitecross may discuss with you that she cannot continue holding responsibility for your psychiatric care unless you provide consent for her to speak to third parties (such as a family member, your GP, or NHS Mental Health Services like the Crisis team) to ensure your safety. If this is the case, Dr Whitecross will discuss this with you to find an acceptable solution.

In certain emergency or extreme circumstances, Dr Whitecross may contact a third party (usually the next of kin provided in the Registration Form or a health professional involved in your care, such as your GP or Therapist). This can occur if there is a significant risk to your health or safety or that of others, if there is a safeguarding concern, a concern about your mental capacity (as per the Mental Capacity Act), or a need for a Mental Health Act Assessment. Dr Whitecross will make her best effort to discuss the situation with you before contacting anyone.

2. Your health insurance provider. We will seek your consent before sharing medical information with your health insurance provider.

3. The Care Quality Commission, the Court, or other regulatory or public bodies if required to disclose or share your personal data to comply with any legal obligation, including investigations of a crime or a formal court order.

4. Our indemnity organisation/insurer and solicitors in the event of a civil claim against the Practice.

5. Our payment services providers, such as Stripe, to enable processing of your payment details. Only the minimum necessary information, such as your name, email, and relevant invoice details (e.g., consultation date), will be shared. Please note that if payment is made via bank transfer, Stripe will not be involved in the transaction.

6. Data Processors. Data processors are third parties who process data on our behalf. We have Data Processing Agreements with our data processors, meaning they cannot act on your personal information unless instructed by us. Our data processors hold your personal information securely and will retain it only for the instructed period, without further sharing.

The data processors we use include:

o Organisations managing financial transactions, including Stripe and HealthCode software for eBills to health insurance companies.

o Software providers/hosts for Semble, our secure database, and our email service provider.

o Online pharmacies.

Keeping Your Personal Information Secure

All personal information provided to us is stored on secure servers, with payment transactions encrypted using SSL technology. No personal information is retained on paper—any hard copies are securely shredded after electronic processing into our secure database.

While we make every reasonable effort to safeguard your personal information, it is important to understand that information transmitted over the internet may not be fully secure. We cannot guarantee the security of personal data during transmission, but we adhere to strict protocols to prevent unauthorised access once received.

All data is stored within the European Economic Area (EEA).

Retention of Your Personal Information

By law, mental health records must be kept for 20 years after the last patient contact. If you have not been in touch for more than a year, you will no longer be considered an active patient. Your personal information will remain archived in our secure electronic database but will not be displayed as an active record. No hard copy or paper records are retained, whether you are an active or inactive patient.

Your Rights

Under the Data Protection Act 2018 and General Data Protection Regulation (GDPR), you have rights regarding the information we hold about you, including:

• Requesting correction of any inaccurate factual data.

• Requesting restricted access to your data.

• Requesting that some data be erased where no ongoing need exists (medical records cannot be erased as they are legally required, but a note of disagreement can be added if needed).

• Objecting to the processing of your personal data, subject to consideration.

To exercise any of these rights or make a request for personal information we hold, please contact us at info@drwhitecrossclinic.com.