PRIVACY NOTICE – How Seven Mile Medical Clinic Ltd. (the Clinic) uses your information to provide you with healthcare.
This privacy notice lets you know what happens to any personal or sensitive personal data that you give us, or any information that we may collect from you or about you from other organizations. Please read this privacy notice carefully, as it contains important information.
This notice explains:
- Your rights under the Cayman Islands Data Protection Law
- Information about who we are and our contact information
- The types of information about you we hold and use
- The legal grounds for processing your personal information, including when we share it with others
- What you should do if any of your information changes
- How long we retain your personal information
- Your rights under the Cayman Islands Data Protection Law 2017
The Cayman Islands Data Protection Law 2017 becomes law on 30 September 2019. Seven Mile Medical Clinic Ltd. (the Clinic) is committed to complying with this law and handling, protecting and safeguarding your data in a responsible manner.
This Privacy Notice is current from 1 September 2019 and is reviewed annually. Periodically we may make changes to our policies, processes and systems in relation to how we handle your personal information. We will update this Notice accordingly. This Notice and any subsequent changes will be made available on our website www.sevenmileclinic.ky and in a printed format at the Clinic.
Your Rights Under The Data Protection Law
- The law grants you the following rights:
- The right to be informed
- The right of access
- The right to rectification;
- The right to stop/restrict processing
- The right to stop direct marketing
- The right in relation to automated decision making and
- The right to complain and seek compensation.
Seven Mile Medical Clinic Ltd.
Unit 5 Queen’s Court, West Bay Road, George Town, Grand Cayman, Cayman Islands
P.O. Box 31440, Grand Cayman KY1-1206, Cayman Islands
The Clinic is a Data Controller of your information. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient. There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.
|Data Controller||Dr. Sook Yinfirstname.lastname@example.org||949-5600|
|Practice Manager||Christine Mathewsemail@example.com||949-5600|
The Types of Information Collected
The types of information we collect include personal data and sensitive personal data.
Personal data is any information relating to a living individual who can be directly or indirectly identified.
Sensitive personal data is personal data consisting of:
- the racial or ethnic origin of the data subject;
- genetic data of the data subject;
- the data subject’s physical or mental health or condition;
- medical data;
- the data subject’s sex life;
- the data subject’s commission, or alleged commission, of an offence; or
- any proceedings for any offence committed, or alleged, to have been committed, by the data subject, the disposal of any such proceedings or any sentence of a court in the Islands or elsewhere.
We collect information that is necessary and relevant to provide you with medical care and manage our medical practice.
The information we will collect about you will include:
|Personal Information||To include name, age, date of birth, gender, mailing address, residential address, contact telephone numbers and email address.|
|Next of kin information||To include name, telephone number and relationship to you.|
|Employment information||To include name, address, telephone number|
|Health insurance information||Including the name of the insurance company, the policy owner, the policy number and your insurance identification number. The contact name and number of the person responsible for the bill if it is unpaid will also be collected.|
|Appointment & Encounters||Details of appointments and encounters with the Clinic including notes about visits and details of your treatment and care and proposed plan including referrals and prescriptions and tests ordered.|
|Health Information||Personal and family medical history|
|Financial Information||Debit and Credit Card Information|
|Outgoing Information||Including referrals, and prescriptions and correspondence e.g. with health insurance providers|
|Incoming Information||Including information received from other healthcare professionals and medical facilities, caregivers and relatives. Also, information received from health insurance providers, government agencies and other organizations|
|Test results||Including radiology, pathology and laboratory reports|
The Legal Basis for Collecting and Processing Your Information
Our data collected will be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or processed. We need your personal, sensitive and confidential data in order to provide you with healthcare.
You will be asked to give consent to collect and process your personal and sensitive personal data.
The lawful purposes for collecting and processing your information are:
Legal obligation: the processing is necessary for the Clinic to comply with a law.
Vital interests: the processing is necessary to protect an individual’s life;
Public functions: the processing is necessary for the Clinic to perform a public function, or a function of a public nature exercised in the public interest;
Legitimate interests: the processing is necessary for legitimate interests pursued by the data controller or a third party.
Legal proceedings: the processing of sensitive personal data is necessary for legal proceedings, legal advice or legal rights;
Medical: the processing of sensitive personal data by a health professional or someone who owes an equivalent duty of confidentiality is necessary for medical purposes. “Medical purposes” includes the purposes of preventative medicine, medical diagnosis, the provision of care and treatment and the management of healthcare services.
Your information will not be further processed in any manner incompatible with the stated purposes.
How We Collect Information
We collect information in various ways, such as over the phone, in writing, in person in our Clinic or over the internet if you transact with us online. This information may be collected by medical and non-medical staff.
Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care providers. In emergency situations we may also need to collect information from your relatives or friends.
How We Use and Disclose Your Information
We collect and hold data about you for the purpose of providing safe and effective healthcare. We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.
We may need to share information with other healthcare providers outside of the Clinic when we order laboratory, diagnostic or preventative tests and when we make a referral. This is done to ensure you receive the care you need. Information may be provided to:
- Laboratories and imaging centers
- Other medical facilities including doctors, nurses and support staff who may receive the information
- Other persons involved with your care such as relatives, friends and caregivers if consent has been given for information to be released to them
- Insurance providers including when we submit a claim on your behalf for services rendered or request precertification of services.
You can withdraw consent to provide information to any one of the entities above, but this may result in a delay of care or in you having to pay for the services you receive at the Clinic or from its providers.
We may also be required to share your information to third parties. This includes the Police, the Courts, insurers, attorneys, government regulatory bodies. Whenever possible we will pass this information on in an anonymized format.
We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.
Accuracy of Information
We will make every effort and take all reasonable steps to ensure that the data we process is accurate and up to date. However, it is your responsibility to advise the Clinic of any change in your information, particularly your name, mailing address, telephone number, email address, insurance provider and next of kin.
You have the right to request that the Clinic rectifies, blocks, erases or destroys inaccurate data without delay. You can make a request for rectification verbally or in writing. The request does not have to be to a specific person or contact point.
Accessing Your Data
You have the right to view or have a copy of the data we hold with some exceptions. You do not need to give a reason for your request. If you want to see your medical record you may do so in writing. You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form), to another organisation, but we will require your clear consent to be able to do this.
There may be a fee associated with this if the time involved in responding to the request is excessive. If you wish to have a copy of the information we hold about you, please contact reception. Please note we have 30 days to respond to your request.
You have the right to ask for your information to be removed, however, if we require this information to assist us in providing you with appropriate medical services and diagnosis for your healthcare, then removal may not be possible.
Sometimes we record information about third parties mentioned by you to us during any consultation. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including yourself. Third parties can include: spouses, partners, and other family members.
Your data may be stored in a combination of paper and electronic formats including medical records recorded in writing and on paper and in an electronic medical record system.
Data will be deleted when it is no longer needed in any given format e.g. if copies of an x-ray is received by fax, the fax will be shredded once the document has been imported into your electronic medical record.
The Clinic will maintain your medical records for a period of ten (10) years after your last encounter at the Clinic.
Transfer of Information
As part of the Clinic’s Disaster and Recovery Plan our electronic records are backed-up daily to a secure site in Dublin, Ireland. This is allowed under the Data Protection Law as Ireland is a part of the European Union.
With your consent medical records may be transferred to non-European countries e.g. if medical records are required by a medical facility in the United States for continuity of care. Data may also be transferred in other circumstances as laid out in the Data Protection Act.
Safety and Confidentiality of Information
The Clinic will take appropriate technical and organizational measures against unauthorized or unlawful processing of your personal data and against accidental loss or destruction of, or damage to your personal data.
Personal information that we hold is protected by:
- Securing our premises;
- Placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
- Providing locked cabinets and rooms for the storage of physical records.
- Backing up electronic records to an off-island site daily.
Everyone working for our organisation is subject a confidentiality agreement. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law. Clinic staff are required to protect your information and keep it confidential.
We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.
We regularly review and update our processes and systems and we also ensure that our staff are properly trained.
If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal and/or healthcare information, then please contact our Data Controller in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.
You also have the right to complain to the Ombudsman about any perceived violation of the DPL, and to seek compensation for damages in the courts.
If you are unclear about how we process or use your information or have questions relating to the protection of your data, please contact our Practice Manager Christine Mathews
Posts / News
Board certified cardiologist Dr. Ofer Sagiv will be visiting the Clinic from September 20th – 22nd offering cardiology consultations and diagnostic testing. Please call 949-5600 for an appointment.read more
Please visit our booth at the Conquering Cancer Health Fair on Saturday 21st September at the Marriott Beach Resort beginning at 8:30 am. The Clinic will be offering a variety of health screenings, an opportunity to learn more about the Ideal Protein Diet Program and...read more
Seven Mile Medical Clinic Ltd. is pleased to welcome Dr. Ofer Sagiv M.D., F.A.C.C., R.P.V.I. as a visiting cardiologist. Dr. Sagiv is Board Certified in Internal Medicine, Cardiology, CT Angiography, Nuclear Cardiology, and Echocardiography. He is also a...read more
Seven Mile Medical Clinic loves empowered patients! Patients that take their health and well being serious and take greater control over their health decisions have been shown to have better health outcomes. However, it does matter where information comes...read more
Seven Mile Medical Clinic had a table at the well attended annual Heart Heroes Luncheon on September 28th 2018. The luncheon is a grand event and celebrates survivors of cardiovascular disease. It also alerts the community regarding heart disease risks and...read more
Monday – Friday: 8:00am - 5:30pm
Saturday: 9:00am – 1:00 pm
Closed Sundays and Public Holidays