Branded roundel graphic

Privacy notice

About this page

  • Last updated

Imperial College Healthcare Private Care Privacy Notice

Date last amended: 05/10/2023

Our contact details

Name: Philip Robinson, Data Protection Officer

Address: 8th Floor Salton House, ICT Division, St Mary’s Hospital, Praed St, London W2 1NY

Phone Number: 020 370 48355

E-mail: imperial.dpo@nhs.net

The type of personal information we collect  

Imperial College Healthcare Private Care is a constituent body of Imperial College Healthcare NHS Trust, which is a registered data controller under the Information Commissioner’s Office. 

Imperial College Healthcare NHS Trust provides acute and specialist care in five hospitals (Charing Cross, Hammersmith, Queen Charlotte’s and Chelsea, St Mary’s and Western Eye) and a growing number of community services in North West London. When you attend one of our hospitals or services, or when you contact us using our online and phone services, information is recorded about you on paper and electronically. This includes details about: 

  • your identity – name, date of birth, NHS number 
  • how to contact you – address, telephone, email address 
  • your ‘next of kin’ – a close relative or friend 
  • your financial information, or the information of the company or individual responsible for the payment of bills and invoices relating to your care 
  • A&E visits, hospital admissions or clinic appointments 
  • scans, X-rays or tests 
  • your diagnosis or treatment 
  • any allergies or health conditions
  • information about your nationality and entitlement to treatment in the UK 

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

1. We want to provide you with the best possible care. Accurate and up-to-date information allows: 

  • doctors, nurses and other healthcare professionals to decide the best possible treatment for you. This includes private consultants and related agents (such as private medical secretaries) who support your care
  • insurers and other possible sponsors (such as charities and embassies) to audit your medical records to ensure that the payments for private healthcare services are accurate and appropriate to the services received
  • us to process and receive payment for the provision of private healthcare services to you as a patient of Imperial College Healthcare Private Care
  • us to review and improve the quality of our care and services
  • your care to be continued safely if you are seen by clinicians in another of our services or hospitals or in a partner health and care organisation 
  • your concerns to be properly investigated if you want to raise a concern or make a complaint

2. We share your information with other NHS organisations to contribute to planning or service improvement. The collection of NHS statistics allows those organisations to plan for the future and ensure that the needs of patients are met nationwide. 

3. We use your information in medical research undertaken by our staff or one of our research partners. This helps researchers to understand how to diagnose illnesses earlier and to develop new treatments. We aim to apply research discoveries to healthcare as quickly as possible in order to improve the lives of our patients and the wider population. Researchers will not be allowed to use information that identifies you personally – such as your name, address and contact details – unless you have given explicit, informed consent.

We also receive personal information indirectly, from the following sources in the following scenarios: 

Moneypenny; a third-party organisation we work with to provide a telephone answering service and a live chat service. The information can only be used by Moneypenny in the way that we instruct them to use it. We have a legal and data processing agreement in place with Moneypenny which ensures they comply with their legal obligations to keep your information secure. 

Moneypenny help us collect and process your information in accordance to our data sharing processing agreement with them, for example to run our referral system and to provide telephone answering and live chat services.  

We use the information that you have given us in the following ways:  

  • provide you with care 
  • service improvement and planning- We share your information with NHS England and other central NHS organisations because they hold official authority under the NHS Act 2006. 
  • transparency on quality and outcome of private healthcare- As part of a UK-wide, government-mandated programme to improve the public’s access to information on the quality and outcome of private healthcare, we share some of your personal data with the Private Healthcare Information Network (PHIN). This is processed by PHIN to measure quality of care and outcomes. Processing is necessary in order to comply with legal obligation under the Competition and Market Authority’s Private Healthcare Market Investigation Order 2014. 
  • medical research- Improving medical diagnosis and treatment is in the interest of communities and public health. Research undertaken by the Trust, other NHS organisations or universities is lawful because we are acting within the capacity of a public authority and performing research in the public interest. Research sponsored by commercial companies or charitable organisations is lawful because it is within our legitimate interests as an NHS Trust to conduct this research and we will always consider how it affects your right as an individual. 
  • other situations- There are some situations where staff are legally required to pass on information. For instance, they will have to share information to register a birth or they may share information with the police in order to prevent a serious crime. 

We may share this information with: 

1. We share your information with other health and social care organisations directly involved in you care. We will always have a legal agreement in place with these organisations and ensure that your information will be held securely: 

  • NHS organisations involved in your case – we share your information with other NHS trusts, GP surgeries and other care providers involved in your treatment. 
  • Non-NHS health and social care professionals – we share your information with local authorities, social workers and private consultants concerned with your care. Our aim is to ensure that other health and social care providers have access to information that supports your care. Your data may be shared with agents of private consultants – namely private medical secretaries – in the course of this process. 

2. We share your information with organisations involved in planning and improving your care. We provide anonymised information or require legal justification if they request information that may identify you. 

  • NHS bodies – your information may be requested by NHS bodies concerned with the planning and commissioning of healthcare services, such as, clinical commissioning groups 
  • Regulatory, audit and inspection bodies – these organisations are concerned with regulating aspects of care and deciding where improvements may be made. 

3. We share your information with private consultants involved in your care. These private consultants are considered to be discrete data controllers where providing outpatient care services, with Imperial College Healthcare NHS Trust offering a venue through which to provide this service. This differs from inpatient care, where the Trust remains the data controller of your information. 

4. We may share your information with insurers and other possible sponsors (such as charities and embassies) to allow audit of your medical records to ensure that the payments for private healthcare services are accurate and appropriate to the services received. 

5. Imperial College Healthcare Private Care subscribes to a voluntary scheme, providing independent adjudication on complaints about the service provided to its patients. Any referrals to this body will be contingent on your documented consent as a patient of Imperial College Healthcare Private Care. 

6. In some situations, we use other organisations to help us process your information to help us deliver your care. We will always have a legal agreement in place with these organisations which ensures that they can only use your information as we instruct. 

7. We undertake much of our research in partnership with other organisations, in particular with Imperial College London as we jointly run one of the largest biomedical research centres in England. All research with or about our patients has to be ethically approved. In order to achieve more impact, researchers may need to link your health information to other data held about you elsewhere, such as the statistics about hospital attendance collected by NHS England. However, researchers can only use your information in the way we have permitted in advance. 

8. We work with Moneypenny who are a third-party organisation providing telephone answering and live chat services. Moneypenny may collect your personal information in the first instance and then share this information with Imperial College Healthcare Private Care. 

We will not provide researchers with information that identifies you personally, unless you have provided explicit, informed consented to this or there is legal justification to provide this information. 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:  

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting imperial.pals@nhs.net 

(b) We have a contractual obligation

(c) We have a legal obligation

(d) We have a vital interest

(e) We need it to perform a public task

(f) We have a legitimate interest

How we store your personal information  

Your information is securely stored

Medical information is retained for a minimum of eight years from when you were last seen for most patients. For some types of information, we retain the information a longer period. For example, maternity and children’s records must be retained for at least 25 years. 

Records of financial transactions will be held for a minimum of six years. The retention period for debtor records is contingent on their being cleared. Once cleared, such records will be retained for a minimum of two years. 

As part of an NHS organisation we also follow NHS E-Records Management Code of Practice 2021 and process patient data in accordance to Imperial College Healthcare NHS Trust Patient Privacy Notice which can be accessed at https://www.imperial.nhs.uk/privacy

Your data protection rights 

Under data protection law, you have rights including: 

Your right of access - You have the right to ask us for copies of your personal information.  

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.  

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.  

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances. 

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. 

Please contact us at imperial.private.healthcare@nhs.net, 020 3311 7700, Lindo Wing, Imperial College Healthcare Private Care, South Wharf Rd, London W2 1BL if you wish to make a request.

How to complain 

If you have any concerns about our use of your personal information, you can make a complaint to us at: 

ICHC-tr.Complaints@nhs.net.  

You can also complain to the ICO if you are unhappy with how we have used your data. 

The ICO’s address:             

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 
 

Helpline number: 0303 123 1113 

ICO website: https://www.ico.org.uk