Privacy Notice

Code of Practice

Dr Chinthapalli is a data controller and is registered with the Information Commissioner’s Office. This document outlines how he is compliant with the General Data Protection Regulation (GDPR).

What data do we store?

  • Personal details such as name, age, address, phone number, email address and GP
  • Health records provided to me by other facilities, other healthcare professionals or you
  • All clinic letters and records produced by me, including consent forms
  • All medicolegal documentation in relation to my expert witness reports
  • Email records of conversations with my staff

What do we use the data for?

Dr Chinthapalli keeps accurate and up-to-date clinical documentation to provide ongoing clinical care to patients or to complete dependable medical reports.

Who do we share the data with?

The data are shared with Dr Chinthapalli’s secretary. Your GP or other medical professionals may be informed unless you explicit disagree. Medicolegal reports may be shared with your solicitor or the court. This is by secure email or by letter. Some of your personal details may be shared with hospital or clinic staff for your appointments, your insurance company, my billing company or my accountant. Any other disclosure is with your specific consent.

How are the data stored?

The data are stored in a personal computer encrypted drive to which only Dr Chinthapalli and his secretary have access. An encrypted physical backup is also stored separately. Emails are stored on the local email server and personal computer. Emails are not encrypted. Medical records are stored for 8-30 years as per the Records Management Code of Practice for Health and Social Care 2016.

Your rights

You have the right to access your records and this needs to be in writing or in person. You have the right to object to the use of data above but this will affect my ability to provide you with medical care. You are entitled to have your data corrected or updated.

How we will contact you

We may contact you by email, phone or letter in relation to your clinical care. Your clinic letters will be encrypted and emailed to you or else posted to your address.