Patient Data Privacy Policy

Effective Date: February 1st, 2024

1. Introduction

At Doccla, safeguarding the privacy and confidentiality of personal information is our paramount concern. We are dedicated to safeguarding the privacy and security of your patient data while complying with all relevant data protection laws, including the General Data Protection Regulation (UK GDPR) and the Health Insurance Portability.

This policy is an amendment to the general Privacy Policy.

2. Data Controller

Doccla act as a Data Processor and, in scenarios where Doccla take clinical responsibility, we also function as a Joint Data Controller for the personal and health information we gather and manage. For any questions or concerns regarding this Patient Privacy Policy or your patient data, please the contact information is provided at the end of this policy.

3. Information We Collect

We may collect the following categories of patient data:

  • Personal Information: Such as patient names, addresses, phone numbers, and email addresses.
  • Health Information: Medical records, diagnoses, treatment history, prescriptions, and other health-related data.
  • Communications: Records of interactions with healthcare professionals, including emails, messages, and appointment records.

4. How We Use Patient Data

We process patient data for the following purposes:

  • Providing Healthcare Services: To diagnose, treat, and manage patient healthcare needs.
  • Health Records: To maintain patient health records and medical history.
  • Communication: To facilitate communication between patients and healthcare professionals.
  • Legal and Regulatory Compliance: To comply with legal and regulatory requirements, including UK GDPR

5. Legal Basis for Processing

We rely on various legal bases for processing patient data, including:

  • Consent: Processing based on patient consent when required.
  • Contractual Necessity: Processing necessary for the provision of healthcare services.
  • Legal Obligation: Processing required to comply with healthcare-related legal obligations.
  • Vital Interests: Processing necessary to protect the vital interests of patients.

6. Data Sharing

We may share patient data with:

  • Healthcare professionals and medical institutions involved in patient care.
  • Legal and regulatory authorities when required by law or for compliance purposes.

7. Data Security

We implement robust security measures to protect patient data from unauthorized access, disclosure, alteration, or destruction. We are ISO 27001 certified and has a security framework to maintain strict confidentiality regarding patient information

8. Data Retention

We retain clinical data for the necessary duration required by law or for legitimate business purposes. Once data is no longer needed, we securely dispose of or anonymize it to prevent unauthorized access.

9. Data Sharing and Partnerships

We share personal data with third-party service providers and partners to facilitate our services. This includes data received from partners as well as data we collect directly. Our partnerships are governed by strict confidentiality and data protection agreements to ensure the security and privacy of your data. We disclose only the necessary information to provide our services and comply with legal obligations.

10. Patient Rights

Patients have certain rights regarding their data, including:

  • Access: Patients can request access to their patient data.
  • Rectification: Patients can request corrections to inaccuracies in their data.
  • Erasure: Patients can request the deletion of their data in certain circumstances.
  • Data Portability: Patients can request a copy of their data in a structured, machine-readable format.
  • Withdrawal of Consent: Patients can withdraw consent, where applicable.
  • Objection: Patients can object to the processing of their data under certain circumstances.

To exercise these rights or for any privacy-related inquiries, please contact us using the details provided below.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our data processing practices or legal requirements. We will notify patients of significant changes and post the revised policy on our website.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data processing practices, or your data subject rights, please contact us at:

By email: dpo@doccla.com
By mail: Doccla LTD, 184 Shepherds Bush Rd, Hammersmith, London, England, W6 7NL

AboutClinical trialsJobsMediaTestimonialsContactPatients & CliniciansPrivacy and accessibility statementsImprint