How can we help?
Get in touch
We are One Stop Doctors Ltd, a company incorporated in England and Wales trading under the name of OSD Healthcare. Our Company number is 09692848 and our registered address is One Medical House, Boundary Way, Hemel Hempstead, Hertfordshire HP2 7YU.
Registration number: ZA161795
OSD Healthcare is committed to protecting and respecting your privacy.
We may from time to time include on our website links to and from the websites of other organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies and notices before you submit any personal data to these websites.
We hold 2 types of data about you.
This sort of data could include:
We collect information about you which you have supplied or from others involved in your care and treatment (i.e. your GP, employers) or those who are paying for your care and treatment have supplied to us.
This is likely to include your personal data see Personal Data (see definition in section 2)
For our health assessment clients who come to us through their employer’s health assessment benefit scheme or referral, we have information about you which your employer has supplied to us. This is likely to include your name and contact details (postal and email addresses and phone numbers).
We may also hold more sensitive information about you, see Sensitive data (see definition in section 2)
This may also include details of healthcare services provided previously by OSD Healthcare and others such as GPs, dentists, or previous hospital visits and details of any medications you have been prescribed or taken. (Special category (Sensitive data) definition)
We may collect information from you when
If you call our contact centre or contact via our website, these telephone calls or live chats may be recorded and retained for a limited period for training and monitoring purposes and to help improve our services.
Sometimes we obtain information about you from:
We use information about you in connection with
We will use this also in connection with payment of fees, including billing, invoicing and settlement of your account with us.
We may use your phone number (or email address where you have provided it to us) to contact you in advance of and after your admission or appointment for reasons connected with your care or treatment. Where you have provided us with your mobile number or email address, we may send you confirmations/reminders of your appointments via text message or email and we may respond to your email enquiries via email.
We may also use information about you for
This may include our workforce planning and workload management systems to help support our staff and clinicians to develop and plan the most appropriate levels of care to our patients and to ensure we have got the right levels of productivity and efficiency and good outcomes for patients.
We may also use information about you where there is a legal or regulatory obligation on us to do so (such as the prevention of fraud) or in connection with legal proceedings.
We may also use information about you where you have provided your consent to us doing so.
We do not carry out automated decision making or profiling.
We carefully control who has access to your information. Staff only have access where they are required to do so to provide direct care or support (i.e. receptionist and secretary). Where possible we limit the access that staff have on our clinical systems. We also carry out spot checks and audits to see if there has been any inappropriate access. Where that occurs, disciplinary action may be taken against the staff, and in serious cases court action. If the data breach includes access to your information, we will contact you. We also have an obligation if it is a serious data breach to inform the Information Commissioners Office.
In order to reduce risk of a data breach OSD Healthcare have in place robust policies and procedures and we carry out training for all staff on an annual basis.
All clinical staff providing direct care are registered with the appropriate professional and regulatory bodies, i.e. GMC, NMC, CSP and have a responsibility to uphold the highest standards when handling patient/client information.
Yes; we set out these reasons below and assure you that in each case, we share only such information as is appropriate, necessary and proportionate.
Sharing information with those involved in your health assessment, care or treatment (or with those who are paying for your care or treatment)
We may share information about you with external organisations such as:
We will only do this where we have a legal basis to do so or with your consent
We may also share information about you with third party suppliers, which provide us with
We may also share information about you with those providing us with information technology systems, this includes:
In each case, we would share only such information as was relevant, necessary and proportionate
If your bill is not paid on time, we may share information (such as copy invoices) with debt collection agencies. Information relating to your application will be shared with the OSD Healthcare team which processes these applications and may also be shared with credit checking agencies.
Please be assured that your medical records would not be shared either with credit checking agencies or with debt collection agencies.
We may share information about you with our regulators, including the
Sometimes, we are required to disclose information about you because we are legally required to do so. This may be because of a:
Before any disclosure will be made, we will satisfy ourselves that any disclosure sought is required by law or can be justified in the public interest.
Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime. On occasion, this may include the Home Office and HMRC.
In common with all healthcare providers (both NHS and private), we also look at the quality of the care we provide:
We can assure you that your personal information remains under our control at all times. Any information we provide for national audits and initiatives outside of OSD Healthcare will not contain any information in which any patient can be identified, unless it is required by law. Any publishing of this data will be in anonymised statistical form.
One of the national programmes we participate in is run by the Private Healthcare Information Network (PHIN) which is an independent statutory entity enabling patients to compare privately-funded healthcare (both hospitals and consultants).
If we were to sell or transfer OSD Healthcare or part of our business to another organisation, your patient and health assessment records would also transfer to the new owner. Limited information may also be shared, where required, with legal and other professional advisors involved in that transaction.
The reason we would transfer your records is to minimise the disruption to current or past patients caused by the sale or transfer and to ensure we and a new owner were able to comply with our legal obligations regarding the retention of patients’ and other clients’ medical records and to ensure continuity of care.
You may choose to opt in to receiving information about other services OSD Healthcare offers by post or email.
In this case, your consent or decision to opt in is entirely voluntary. Should you decide not to consent or opt in or should you change your mind at any time, you do not need to give a reason and your medical care and legal rights will not be affected. You can opt-out by clicking on the ‘unsubscribe’ button in all our marketing communications.
Apart from this limited instance, we do not hold or share information about you based on (or at least solely on) consent.
Data protection law requires that we set out the legal basis for holding and using information about you. We have set out the various reasons we use information about you and alongside each, the legal basis for doing so. Given that some information we hold about you is particularly sensitive (as described above), we need an additional legal basis which we have set out in the third column (entitled ‘legal basis for more sensitive information’) explaining our reason for this.
|Reason||Legal Basis||Additional legal basis for special categories of personal data:|
|Receiving an enquiry and establishing an initial patient contact||
|Providing direct healthcare||
All Article 9(2)(h)
|Seeking and receiving payment of fees, including billing, invoicing and settlement of your account with us including debt collection where applicable||
|Administration and management of healthcare services (such as maintaining records including patient medical records, receiving professional advice)||
|Communicating with you and resolving any queries or complaints that you might have. Communicating with any other individual that you ask us to update about your care (such as your emergency contact) and liaising with other healthcare professionals about your care||
|Complying with our legal and regulatory requirements including investigating complaints or claims and defending or exercising our legal rights||
|Safeguarding purposes (for example, in order to ensure the health and safety of an individual)||
|Preventing and investigating fraud. This might include sharing your personal information with third parties such as the police or fraud prevention agencies, or carrying out fraud, credit, anti-money laundering and other checks||
|Carrying out marketing activities and providing marketing information to you||
|Passing your records to a third party to whom we sold or transferred part of our business or service||
The information about you that we hold and use is held securely in the United Kingdom and stored electronically and in paper format and on secure servers.
No records are stored outside the EU.
We retain your records for certain periods (depending on the particular type of record) under our retention of records policy. OSD Healthcare follows the recommend best practice contained in the NHS Records Management Code of Practice. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including:
Your records may not be retained in hard copy form where a digital copy exists.
If you would like more detailed information on this, please contact our Information Governance Team (contact details below).
Under certain circumstances, you have rights under data protection laws in relation to any personal information that we hold about you.
If you wish to exercise any of the rights set out below, please contact the Governance Team using the contact details set out below.
You are usually entitled to a copy of the personal information we hold about you and details about how we use it.
Your information will usually be provided to you in the form you request, if we are unable to do that we will inform you. If you have made the request electronically (e.g. by email) the information will be provided to you by electronic means where possible.
You are entitled to the following under data protection law.
Under data protection law we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity (this will be proportionate) and ensure your right to access your personal information (or to exercise any of your other rights). We may also contact you to ask you for further information in relation to your request to speed up our response.
We respond to all requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
The right to request correction of your personal information
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete and up to date. However, if you do not believe this is the case, you can ask us to update or amend it.
The right to request erasure of your personal information
In some circumstances, you have the right to request the erasure of the personal information that we hold about you. This is also known as the ‘right to be forgotten’. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question.
The right to object to the processing of your personal information
In some circumstances, you have the right to object to the processing of your personal information. This would usually apply to processing for other purposes other than your direct health care i.e. research
The right to request a transfer of your personal information
In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.
The right to object to marketing
As detailed in the ‘marketing’ section above, you can ask us to stop sending you marketing messages at any time and we must comply with your request. You can do this by contacting the Governance or Marketing Teams
The right not to be subject to automatic decisions (i.e. decisions that are made about you by computer alone)
You have a right to not be subject to automatic decisions (i.e. decisions that are made about you by computer alone) that have a legal or other significant effect on you. We at present do not use any of these.
The right to withdraw your consent
You have the right to withdraw your consent where we rely upon this as a legal ground for processing your information. You can do this by contacting our Governance Team.
We use CCTV in various parts of OSD Healthcare. CCTV is used for the safety and security of our patients, health assessment clients, visitors, and staff.
You have the right to complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations under data protection law.
Making a complaint will not affect any other legal rights or remedies that you have.
More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/ and the Information Commissioner’s Office can be contacted by post, phone, fax or email as follows:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 (if you prefer to use a national rate number)
Fax: 01625 524 510
Governance Team contact details:
Email address: firstname.lastname@example.org
Head of Governance: 01442 331935
For more general information on cookies see the Wikipedia article on HTTP Cookies.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
Please visit the following websites to learn more (depending on the browser you use):
This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
When you submit data through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell products it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.
For more information on Google AdSense see the official Google AdSense privacy FAQ.
Please contact us via the following webpage https://osdhealthcare.co.uk/patient-information/find-us/ if you have any questions regarding cookies on our website.