Karina Cox MBBS FRCS MD
Consultant Breast and Oncoplastic Surgeon
As your clinician and therefore custodian of personal information relating to your medical treatment, I must only use that information in accordance with all applicable law and guidance. I will use your personal information for a variety of purposes including, but not limited to, providing you with care and treatment, sharing it with other medical professionals and National clinical audit programmes.
In addition, you have a number of rights as a data subject. You can, for instance, seek access to your medical information, object to me using your information in particular ways, request rectification of any information which is inaccurate or deletion of information which is no longer required (subject to certain exceptions).
In the event that you have any queries, comments or concerns in respect of the manner in which I have used, or potentially will use, your personal information then you should contact me via my secretary on 0208 325 3623 and I would be happy to discuss this further.
I am a Data Controller in respect of your personal information, which I hold about you. This will mainly relate to your medical treatment, but will be likely to also include other information such as financial data in relation to billing. I must comply with the data protection legislation and relevant guidance when handling your personal information, and so must any medical secretary who assists me in an administrative capacity. Your personal data may include any images taken in relation to your treatment which must not only be managed in accordance with the law but also all applicable professional standards including guidance from the General Medical Council and British Medical Association.
I will provide your treatment from BMI Blackheath Hospital and, in due course, it may be necessary for BMI Blackheath Hospital to also process your personal data. I will do so in accordance with the law and to the extent that it is necessary to do so. This could be where BMI Blackheath Hospital needs to arrange other healthcare services as part of your treatment, such as nursing or dietician advice, or to support other aspects of the treatment, which I provide to you. In that case BMI Blackheath Hospital will become a joint Data Controller in respect of your personal information.
Your personal data, medical notes and treatment photographs will be stored securely by DGL Practice Management and will be kept for a period of seven years from the date of your last clinic appointment.
Your personal data and medical notes will be accessible only by my medical secretaries Lauren Shelton and Audrey Harper as well as the other consultant clinicians in our group. Namely; Mr Aaron Sweeney, Mr Eddie Challoner, Dr Anne Rigg and Mr Prakash Sinha.
When corresponding via email with other clinicans or healthcare professionals involved in your care, I will only use secure or encrypted email servers. Your personal data may be used in initiatives to monitor patient safety and quality such as the National Implant Registry (NHS Digital) and the Private Healthcare Information Network (PHIN). I will only share this information if you have provided your consent for me to do so.
Unless you request otherwise, following a consultation with me or procedure performed under my care, a letter will be sent to your general practitioner (GP) containing information about the consultation/ procedure and any on going treatment plan. You will receive a copy of this letter. Your GP will also receive a copy of any letters that are sent to you regarding your consultation/ procedure or medical treatment plan.
I may collect personal information about you from a number of different sources including, but not limited to: GPs, dentists, other hospitals (both NHS and private), mental health providers, commissioners of health care services and other clinicians (including their medical secretaries).
I may exchange personal information about you with third parties when: I liaise with your insurance policy provide, liaise with credit reference companies and liaise with debt collection agencies.
I may communicate with you in a range of ways, including by telephone, SMS, email and/or post. If I contact you using the telephone number(s) which you have provided (landline and/or mobile), and you are not available, which results in the call being directed to a voicemail and/or answering service. I may leave a voice message on your voicemail and/or answering service as appropriate, and including only sufficient basic details to enable you to identify who the call is from, very limited detail as to the reason for the call and how to call me back.