How we use your personal information
Dr Qureshi and his team maintain records about your health and any
treatment or care you have received. These records are used to help to
provide you with the best possible healthcare.
These records may be electronic, on paper or a mixture of both, and we
use a combination of working practices and technology to ensure that
your information is kept confidential and secure. Records Dr Qureshi and
his team hold about you may include the following information:
• Details about you, such as your name, address, carers,
legal representatives and emergency contact details
• Any contact Dr Qureshi and his team has had with you, such
as appointments, clinic visits, emails, etc.
• Notes and reports about your health
• Details about your treatment and care
• Results of investigations such as laboratory tests, x-rays,
• Relevant information from other health professionals,
relatives or those who care for you
To ensure you receive the best possible care, your records are used to
facilitate the care you receive. Information may be used within Dr
Qureshi’s practice for clinical Audit to monitor the quality of the
do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use
information collected lawfully in accordance with:
• Data Protection Act 1998 and General Data Protection
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality, Information Security and
• Information: To Share or Not to Share Review
Every member of staff who works for Dr Qureshi receives training and
has a legal obligation to keep information about you confidential.
Internal audits of compliance with GDPR regulations are undertaken
We will only ever use or pass on information about you if others
involved in your care have a genuine need for it. We will not disclose
your information to any third party without your permission unless there
are exceptional circumstances (i.e. life or death situations), where the
law requires information to be passed on and / or in accordance with the
new information sharing principle following Dame Fiona Caldicott’s
information sharing review (Information to share or not to share) where
“The duty to share information can be as important as the duty to
protect patient confidentiality.” This means that health and social care
professionals should have the confidence to share information in the
best interests of their patients within the framework set out by the
Caldicott principles. They should be supported by the policies of their
employers, regulators and professional bodies.
Who are our partner organisations?
We may also have to share your information, subject to strict
agreements on how it will be used, with the following organisations:
• Private Sector Providers (e.g. HCA, BMI, TrustPlus,
consultants, dieticians, etc.)
• NHS Trusts / Foundation Trusts
• Independent Contractors such as dentists, opticians,
• Social Care Services
• Health and Social Care Information Centre (HSCIC)
• Police & Judicial Services
• Other ‘data processors’ which you will be informed of
How to update your
Dr Qureshi and his
team use text messaging (e.g. to send patients details about their next
appointment, to request appointments to see an allied healthcare worker
or another consultant, etc). We will never send urgent communications of
personal medical information via text messaging.
Dr Qureshi and his
team also communicate by e-mail (e.g. to send patients details about
their next appointment, to request appointments to see another an allied
healthcare worker or another consultant, send patient’s their results
and reports, etc.).
On 25th May 2018 we
will be switching our clinical systems to “explicit consent”. In order
to continue to receive text message reminders you will need to
re-confirm your consent preferences with us, otherwise we cannot
continue to send these to you. You can download a consent form from the
link below and email it to
Downloadable Consent Form
Your contact details will only be used in relation to appointments or
other healthcare services offered by Dr Qureshi, and you can choose to
opt out at any time in the future.
You will be informed who your data will be shared with and in some cases
asked for explicit consent for this happen when this is required.
In the event of personal data breach
Qureshi and his team have in place procedures to detect, report and
investigate a personal data breach.
Certain types of personal data breach have to be informed to relevant
supervisory authorities. In this event, this will be done within 72
hours of becoming aware of the breach, where feasible.
Where breach is likely to result in a
high risk to your rights and freedoms (e.g. discrimination, damage to
reputation, financial loss, loss of confidentiality or other significant
economic or social disadvantage),
will also be informed without undue delay.
Access to personal information
You have a right under the Data Protection Act 1998 to request access to
view or to obtain copies of what information the surgery holds about you
and to have it amended should it be inaccurate. In order to request
this, you need to do the following:
• Your request must be made in writing to Dr Qureshi. For
information from the hospital you should write direct to them
• There may be a charge to have a printed copy of the
information held about you
• We are required to respond to you within 1 calendar month.
• You will need to give adequate information (for example
full name, address, date of birth and details of your request) so that
your identity can be verified and your records located
Summary of your rights
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right not be subject to automated
decision-making including profiling
Objections / Complaints
Should you have any concerns about how your information is managed,
please contact Dr Qureshi and his team. If you are still unhappy
following a review by Dr Qureshi and his team, you can then complain to
the Information Commissioners Office (ICO) via their website (www.ico.gov.uk).
If you are happy for your data to be extracted and used for the
purposes described in this privacy notice then you do not need to do
anything. If you have any concerns about how your data is shared then
please contact Dr Qureshi and his team.
Change of Details
It is important that you tell Dr Qureshi and his team if any of your
details such as your name or address have changed or if any of your
details such as date of birth is incorrect in order for this to be
amended. You have a responsibility to inform us of any changes so our
records are accurate and up to date for you.
The Data Protection Act 1998 requires organisations to register a
notification with the Information Commissioner to describe the purposes
for which they process personal and sensitive information. This
information is publicly available on the Information Commissioners
Office website www.ico.org.uk. Dr Qureshi is registered with the
Information Commissioners Office (ICO).
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure
and confidential is:
Floor, wards block
Northwick Park Hospital
Harrow HA1 3UJ
Should you have any concerns about how your information is managed by Dr
Qureshi and his team please contact:
Consultant in Diabetes and Endocrinology
7th Floor, wards block
Northwick Park Hospital
Harrow HA1 3UJ
If you are still unhappy following a review by
you can then complain to the Information Commissioners Office (ICO).
www.ico.org.uk, firstname.lastname@example.org, telephone: 0303 123 1113 (local
rate) or 01625 545 745