UK Medicare Screening Clinic

1. Introduction

UK Medicare Screening Clinic is committed to protecting and respecting the privacy, confidentiality, integrity, and security of all personal and special category data entrusted to us. We recognise that privacy and confidentiality are fundamental to the delivery of safe, ethical, and high-quality healthcare services.

This Privacy Policy explains how UK Medicare Screening Clinic collects, uses, stores, protects, shares, and processes personal information relating to patients, visitors, employees, contractors, business partners, and website users.

The Clinic is committed to ensuring that all personal information is handled lawfully, fairly, transparently, and in accordance with the principles of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. About UK Medicare Screening Clinic

UK Medicare Screening Clinic is a private healthcare and diagnostic screening provider offering preventative health assessments, diagnostic testing, cancer screening, cardiovascular risk assessment, wellness checks, genetic testing, laboratory services, imaging referrals, and associated healthcare services.

The Clinic processes sensitive health information to deliver safe and effective healthcare services and to meet legal, regulatory, professional, and clinical obligations.

3. Definitions

4. Information We Collect

5. How We Collect Information

Information may be collected through online booking forms, website contact forms, telephone calls, email correspondence, face-to-face consultations, medical questionnaires, laboratory referrals, third-party healthcare providers, insurance companies, employers (where occupational screening applies), referrals from clinicians, and diagnostic equipment and laboratory systems.

6. Legal Basis for Processing

7. Special Category Health Data

As a healthcare provider, UK Medicare Screening Clinic processes special category data including sensitive health information.

8. Genetic Testing and Genomic Information

Where genetic, epigenetic, nutrigenetic, or pharmacogenetic testing services are provided, additional safeguards apply due to the highly sensitive nature of genomic information.

The Clinic may process DNA analysis results, genetic predisposition information, hereditary cancer risk data, nutritional genomic data, and pharmacogenetic medication response information.

Patients will receive appropriate information regarding the purpose of testing, potential implications of results, confidentiality arrangements, data storage procedures, and third-party laboratory involvement.

Genetic information will not be shared with employers, insurers, or third parties without lawful justification or explicit patient consent unless legally required.

9. How We Use Personal Information

UK Medicare Screening Clinic may use personal information to deliver healthcare services, arrange appointments, provide diagnostic testing, produce medical reports, communicate screening results, process payments and invoices, verify identity, respond to enquiries, improve service quality, maintain clinical records, meet regulatory requirements, conduct audits and governance reviews, prevent fraud and misuse, ensure patient safety, and conduct safeguarding investigations.

10. Confidentiality and Clinical Records

All patient information is treated as strictly confidential.

Clinical records are stored securely, accessible only to authorised staff, protected by secure IT systems, maintained in accordance with professional standards, and retained according to legal retention requirements.

Healthcare professionals working with the Clinic are bound by professional codes of conduct, confidentiality obligations, GDPR requirements, and clinical governance standards.

Unauthorised disclosure of confidential information may result in disciplinary action, regulatory reporting, or legal proceedings.

11. Data Sharing

The Clinic may share information where lawful and necessary with laboratories, consultants and clinicians, diagnostic imaging providers, GPs (with patient consent where appropriate), hospitals, regulatory bodies, insurance companies (where authorised), payment providers, IT service providers, legal advisors, and public authorities.

Information sharing is always limited to necessary data only, conducted securely, subject to confidentiality agreements, and monitored and documented.

The Clinic does not sell personal information to third parties.

12. International Data Transfers

Where information is transferred outside the United Kingdom, the Clinic will ensure adequate safeguards are in place, UK GDPR requirements are met, approved contractual mechanisms are used, and data security protections remain equivalent.

This may apply where overseas laboratories, software providers, or cloud-based systems are utilised.

13. Data Security

UK Medicare Screening Clinic takes data security seriously and implements robust technical and organisational measures including encrypted systems, password protection, multi-factor authentication, secure servers, access controls, role-based permissions, secure disposal procedures, antivirus and cybersecurity protections, staff confidentiality agreements, cybersecurity monitoring, regular system audits, and backup and recovery systems.

Paper records are stored securely in restricted-access environments.

14. Retention of Records

The Clinic retains records only for as long as necessary and in accordance with the NHS Records Management Code of Practice, CQC expectations, legal requirements, clinical obligations, and insurance requirements.

Retention periods may vary depending on the type of information processed.

When records are no longer required, they are securely destroyed using approved confidential disposal methods.

15. Your Rights Under UK GDPR

16. Subject Access Requests

Individuals may request access to their personal data by submitting a Subject Access Request (SAR).

Requests should include full name, date of birth, contact details, proof of identity, and details of the information requested.

The Clinic aims to respond within one month unless extensions are legally permitted.

17. Marketing Communications

The Clinic may occasionally send health awareness information, screening reminders, wellness campaigns, service updates, and promotional materials.

Marketing communications will only be sent where consent has been obtained, or another lawful basis applies.

Individuals may opt out of marketing communications at any time.

18. Cookies and Website Tracking

The Clinic website may use cookies and similar technologies to improve user experience, monitor website performance, analyse visitor trends, enhance security, and support appointment systems.

Users may manage cookie preferences through browser settings.

19. Children’s Privacy

Where services involve minors or young persons, the Clinic will ensure appropriate parental or guardian involvement where required, compliance with safeguarding standards, age-appropriate confidentiality practices, and lawful consent arrangements.

20. Safeguarding and Public Interest Disclosure

The Clinic may share confidential information without consent where legally justified, including safeguarding concerns, serious risk of harm, court orders, public health emergencies, prevention or detection of crime, and regulatory investigations.

Such disclosures will be carefully assessed and documented.

21. Data Breaches

UK Medicare Screening Clinic has procedures in place to identify, investigate, manage, and report personal data breaches.

Where required, breaches may be reported to the Information Commissioner’s Office (ICO), affected individuals, and relevant regulatory authorities.

The Clinic maintains a Data Breach Register and conducts investigations to prevent recurrence.

22. Staff Responsibilities

All staff, contractors, and healthcare professionals working with UK Medicare Screening Clinic must maintain confidentiality, complete mandatory GDPR training, follow information governance policies, use secure systems appropriately, report breaches immediately, and handle patient information responsibly.

Failure to comply may result in disciplinary action.

23. Third-Party Service Providers

The Clinic may use third-party providers for laboratory analysis, IT infrastructure, cloud storage, payment processing, appointment systems, email communications, and telemedicine systems.

All providers are subject to due diligence assessments, data processing agreements, security reviews, and confidentiality requirements.

24. Complaints

If you have concerns regarding how your information has been handled, you may contact the Clinic directly.

We aim to respond promptly and resolve concerns in line with our complaints and information governance procedures.