United Open MRI Ltd is committed to protecting and respecting your privacy. This privacy notice will inform you as to how we look after your personal data when you use our services, and tell you about your privacy rights and how the law protects you.
UNITED OPEN MRI LIMITED – trading as The London Upright MRI Centre, The Leeds Upright MRI Centre, and The Birmingham Upright MRI Centre – is the data controller and is therefore responsible for your personal data (collectively referred to as “we”, “us”, or “our” in this privacy notice).
We have appointed a data protection office (DPO) who is responsible for any questions in relation to this privacy notice. If you have any questions regarding this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details below.
Company Name: United Open MRI Ltd
Postal address: FKS House, 40-44 Newman Street, London, W1T 1QD.
Name and title of DPO: Guy Timmis, Group Operations Manager
Email address: email@example.com
The type of personal data that we may collect and process includes:
The types of special category data that we may collect and process are all health related, and will include:
Further data may be collected if you choose to share it, such as previous medical imaging for the sake of comparison purposes, previous clinical reports, previous clinical letters or other related medical documents that will assist our consultant radiologists in authoring a fully comprehensive clinical report.
The methods by which we collect this information include:
The lawful basis under which we collect and process this data is ‘legitimate interest’, as it is necessary for the provision of healthcare.
We may use your personal information in the following ways:
We will not share your personal information with any third parties other than those explicitly necessary for us to perform our duties, and we will not use any of your contact information for marketing purposes.
Medical imaging requires two separate systems to be processed – a Radiology Information System (RIS), which is a networked software system for managing medical imagery and associated data, and a Picture Archive and Communication System (PACS), which is used to store and view the diagnostic imaging files. The providers that we use for each of these services, and with whom we will share your relevant data, are as follows:
We will sometimes transfer your medical imaging report and diagnostic images to your referring consultant or hospital via the Image Exchange Portal (IEP), operated by Sectra AB - https://sectra.com/
UOMRI has GDPR compliant contracts with all the processors with whom data is shared.
Your medical imaging report and diagnostic images will be shared with your referring consultant, or, if you self-referred, your GP. If your referral is for medico-legal purposes, your medical imaging report and diagnostic images will be shared with your solicitor.
We may on occasion be required to share certain information with healthcare regulators, primarily the Care Quality Commission (CQC), General Medical Council (GMC), and the Health and Care Professions Council (HCPC). This will only occur when necessary – such circumstances may include, but are not limited to, an investigation involving a clinician who has been involved in your care, or if you were to make a complaint to one of these bodies that required further investigation.
If you are insured, we will share with your insurance company the relevant and required information to facilitate the invoicing process. We will only share the information to which they are entitled.
On rare occasions, we may share your personal information with a third-party debt collection agency if your account is not settled and our own efforts to contact you for this purpose are unsuccessful.
If a third party contact us requesting access to your personal information without providing evidence of explicit consent, we will contact you to confirm that you have authorised for this information to be provided to a third party, and request that you complete an ‘Access to Health Records – Third Party’ document if you wish for this data to be shared.
We are committed to ensuring that any information you provide to us is secure. In order to prevent unauthorized access or disclosure and to prevent personal date being destroyed or lost, we have put in place suitable organisational and technical security measures and procedures to safeguard and secure the information that we collect. These range from internal policies and procedures relating to data security, to software designed to prevent/restrict access or backup/protect data.
Any personal data you provide will be held for as long as is necessary to facilitate the purpose for which it was collected, and in strict accordance with the appropriate guidance and all applicable data protection laws.
We follow the guidance of the Royal College of Radiologists in regards to the data retention period, which is in turn based on the NHS Records Management Code of Practice for Health and Social Care 2016:
We do not employ any automated decision-making.
You have the following rights regarding your personal information. If you wish to exercise any of these rights, please contact us directly by emailing firstname.lastname@example.org
Right of Access
You have a right to access the personal data we hold about you or obtain a copy of it.
Right to Rectification
If you believe that the information we hold for you is incomplete or inaccurate, you may contact us to ask us to complete or correct that information.
Right to Erasure
The General Data Protection Regulation allows you the right to request the erasure of your personal data – however, this does not apply to what is considered special category data. Some of the information that we may hold falls under one of these two categories:
‘If the processing is necessary for the purposes of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (e.g. a health professional).’
If you wish for us to erase personal data that does not fall under special category data, please contact us directly.
Right to Withdraw Consent
You have the right to withdraw the consent you have provided us to handle your personal information.
Right to Data Portability
The right to request the personal information that we hold to be transferred to you or a third party in a readable format.
Right to Lodge a Complaint
You have the right to complain to the Information Commissioner’s Office (ICO) if you believe there is a problem with the way in which we are handling or proceed to handle your data. You can contact the ICO by phoning 0303 123 1113, or by visiting https://ico.org.uk/
This privacy notice will be updated annually, or prior to that if necessary. The most recent version will always be available on our website: www.uprightmri.co.uk
We are approved by all the major private insurance providers for MRI.