The Data Protection Act and General Data Protection Regulations, control the use of your personal information by companies, organisations or government departments.

Under the Act, Express Diagnostics (the Company) is defined as both a ‘data controller’ and ‘data processor’ of personal information.

The Company is registered with the Information Commissioners Office (Registration number Z5672122).

The objective of the Company is to provide our patients with high quality healthcare services.  In order to meet this objective, we need to use personal information relating to you, including records of diagnostic tests and treatments we have carried out or that are planned to be carried out with your consent.

The lawful basis for Express Diagnostics processing your personal information is based on Consent, for self-referral customers and a Legitimate Interest, relating to patients referred by their doctor for diagnostic tests at the Express Diagnostics Clinic and the analysis of the diagnostic test recordings.

The personal information the Company hold, may include your:-

Name
Address
Date of birth
NHS number
Gender
The diagnostic test request(s) from you or your doctor
The record(s) of any previous diagnostic test reports or assessments carried out in our Clinic or analysed and reported on by analysts (Company employees), using specialised computer analysis equipment.

Why we collect information about you

To assist the people who care for you, use the diagnostic test results and records produced at Express Diagnostics to:

• Provide a sound basis for all health decisions made by you and your healthcare professional involved in your care pathway.
• Allow you to work with those providing care.
• Make sure your care is safe and effective.
• Work effectively with those providing you with care.

Information Sharing

Departments within NHS England may also need to use the records we hold about you, in order to:-

• Check the quality of care we provide (called clinical audit).
• Collect data regarding public health matters.
• Ensure NHS funding is being allocated appropriately.
• Help investigate any concerns or complaints you may have about the services and care you have received.

For your benefit, we may need to share information from your health records with other healthcare providers involved in your direct care.

We will always seek your permission to share your information with organisations for purposes other than your direct care. However, in exceptional circumstances, we may need to share this information without your permission, where:-

• It is in the public interest – for example, there is a risk of death or serious harm.
• There is a legal requirement to share it – for example, to protect a child or vulnerable adult.
• A court orders us to share it.
• There is a legitimate enquiry from the police under the Data Protection Act for information relating to a serious crime.

You have the right to withdraw or refuse consent to your information being shared at any time but please note that not sharing your information, may affect the quality and safety of the care you receive.

For further information regarding the holding and sharing of your personal information, please ask to speak to the Company Data Protection Officer or Caldicott Guardian.

Under the Data Protection Act and the General Data Protection Regulations, you have a right, to be provided with access to your personal information held by the Company.   If you have undergone a clinical assessment or diagnostic test procedure at Express Diagnostics, you can write to the Company Data Protection Officer to find out how you can be provided with your health records.

If you find that your Personal Information held by the Company is either inaccurate or incomplete, you have the right to make the Company correct the information it holds in a timely manner.

You also have the right to have your Personal Information erased.  However, the Company will seek advice on complying with such a request.