General Data Protection Regulation - Behr Cardiology Limited

Data privacy issues are taken very seriously and carefully balance the requirement for timely access to vital medical information against risk of data privacy breach. Sensitive patient data will only be held and used for the following purposes: 1. To manage patients’ health needs and future requirements. 2. To communicate with other healthcare professionals in the interests of the patient. 3. To bill insurance companies appropriately. To comply with General Data Protection Regulation (GDPR) the following principles will be adhered to: 1. Your data may be shared with authorised third-party organisations to perform the task of administering letters and reports. These organisations will be registered with the ICO (Information Commissioner) and subject to Data Protection and General Data Protection Regulations 2018. 2. Only employees and contractors specifically employed to engage with relevant business duties may access personal data, and only to perform their duties. They are strictly prohibited from any other use. 3. Personal data will be retained all for at least the legally required period. 4. Personal data will not be provided to any unauthorised third party, except of course in the unusual event that it is required by law. 5. You have the right to ask us for a copy of your personal data and have the right to amend or delete the data.  You have the right to restrict processing. 6. Personal electronic data will be stored securely on an encrypted server with password protection. Access will only be available using encrypted password accessed personal computers 7. Paper records will be stored in a locked and secure filing system in a locked office. 8. Personal data will only be transferred electronically between organisations or to patients if it is encrypted or password protected. ICO Registration Number: ZA425870