St. Andrews Clinics Data Policy
St. Andrews Clinics provides space and logistic support to a number of independent practitioners. Consultations and medical services are rendered by the practitioners themselves and there is no contractual obligation between them and St. Andrews Clinics. The information shared during the consultation is strictly confidential and at no point is the administration privy to what goes on. Each practitioner is, as a result, solely responsible for any records he or she may keep and is bound in his or her personal capacity to uphold the principles of the Data Protection Act. St. Andrews Clinics does not hold any patient data, apart from a few exceptions outlined below.
Data collected on the website: data collected through the various contact forms on the website, be they for the clinic or for the pharmacy is required for record keeping, for the proper processing of requests, and to be able to maintain contact and follow up general queries. At no point is the data collected or marketed to third parties, and any information saved is done so on our secure servers, with adequate back up. At the same time, you will also be given the option to opt out of website analytics by switching off cookies.
Data collected at reception: the data collected by the receptionist at point of querying, booking, attending and paying for a consultation is used purely for internal auditing, and to offer organisational support to the attending doctors for the proper running of the sessions. Yet again, St. Andrews Clinics will not at any point share that data with any third parties and will neither use it for its own marketing purposes without obtaining prior consent.
Data collected during procedures or investigations: the data collected during investigations or procedures carried out at St Andrews, such as Ultrasound results, Echocardiograms, Skin Allergy Tests and PRP procedures, may be kept on our secure server for the sole reason of facilitating on-site record keeping and back-up as expected by law and to facilitate the retrieval of results by the practitioner/s who requested or carried out the procedure.
General notes regarding data collected by the family doctors: the data collected by a general practitioner is done so for the purpose of keeping proper health records, as is both good medical practice as well as required by law. The data is ideally kept for 10 years, but definitely no less than five years after the last encounter. This is a medico-legal requirement and also stipulated in the Professional Indemnity Act. Each doctor is the sole custodian of any data collected and will take all measures to safeguard that data. St. Andrews Clinics does not automatically hold any of the said data. For more information, feel free to discuss with your doctor.
Finally, we would like to point out that while complying with the GDPR, the safety of our patients and the interest of public health come first, and processing of health data has primarily to conform to domestic legislation. The GDPR contains derogations in the field of healthcare.