Manoj V. Parulekar
Consultant Ophthalmic Surgeon
BMI Priory Hospital
Priory Road Edgbaston
B5 7UG
Spire Little Aston Hospital
Little Aston Hall Drive
Little Aston B74 3UP
Nuffield the Manor Hospital
Beech Road Oxford
OX3 7RP
As a Data Controller my Compliance for my Private Practice is as follows:
- I am registered with the ICO (Information Commissioners Office) and my Registration number is ZA041495
- My Medical Secretary is Bethan Sweetman and for the purpose of the GDPR, she is a Data Processor. She is also registered with the ICO and her Registration number is ________.
- Concerning the processing of Records and Data Inventory:
- My patient’s notes are kept in a locked room at a secure address. If they are not in the locked room, they are in my personal possession at all times. They are not left unattended.
- Files on my personal computer (desk top) that contain patient information are encrypted (zip file).
- When referring to any individuals that are identifiable by reference to personal data in electronic correspondence with my secretary, the Data Processor or in electronic correspondence with the individual themselves, I use Encrypted email on my work email which is secretarymanojparulekar@protonmail.com
- I do not keep any special category personal data on my patient unless it is directly applicable to their ocular or general health care. For the purpose of dictation of clinic letters, I use the Olympus dictation app on my I-phone. I have confirmed that the Olympus dictation app is on an EU Server and all file transfers are secured with 256-bit encryption through a secure HTTPS connection.
- I confirm that I have a Contract with my Data Processor, specifically my secretary Ms Bethan Sweetman concerning adherence to GDPR and I have a written copy of this contract.
- I can confirm that most of the patient communication and results from GP or optometry practices, or various hospitals are sent to me in written record form. However, when I do receive results by email, I can confirm that I have received assurances from the Health Professionals sending me the results that they are GDPR compliant.
I can confirm that I have a Privacy Policy Procedure Notice (PN) in place that is available to all my patients.