Privacy & Data Protection at The Health Equation

At The Health Equation, we take patient privacy, confidentiality, and data protection very seriously. Patients trust us to deliver safe, effective healthcare — and protecting their personal and clinical information is central to that trust.

We comply fully with the General Data Protection Regulation (GDPR, May 2018) and have a GDPR policy in place to safeguard patient data across our London and Marlborough clinics.

How We Manage Patient Data

  • All new patients register with us and set their contact preferences.

  • Patients can update these preferences at any time.

  • We have operated as a paperless practice since 2004, using PPS clinical software by Rushcliffe.

  • Data is stored on a secure off-site server, accessible only to authorised administrators and clinicians.

Patient Consent

We always request explicit patient consent for:

  • Storing personal, contact, and clinical data

  • Sending appointment confirmations, reminders, invoices, clinical updates, and test results by email

  • Sending appointment reminders by SMS

  • Contacting the patient’s referrer (GP or consultant) with reports following new consultations

  • Sending occasional service updates or information emails (around twice a year)

We never share patient contact details with third parties.

Confidentiality in Practice

  • All administrators and clinicians sign strict confidentiality clauses.

  • Mrs Susie Gajadharsingh (Administrator) and Mr Gerry Gajadharsingh DO (Data Protection Lead) manage all patient data securely.

  • Practitioners and staff only access the records they need.

  • Patient details (visits, addresses, appointments, or medical history) remain confidential.

  • We only share information with other health professionals or referrers with patient permission.

Data may only be shared without consent in exceptional circumstances — such as legal orders or serious safety risks.

Data Retention & Access

  • We are legally required to keep patient records for at least 8 years (or until age 25 for patients under 18).

  • After this period, patients may request deletion of their data.

  • Patients may also request a copy of their data at any time.

  • We provide requested data in electronic format within 28 days, subject to a signed request.

Data Breach Policy

In the unlikely event of a data breach, all patients will be contacted immediately and informed of the situation.

Our Commitment

We remain committed to:

  • GDPR compliance across all clinical and administrative processes

  • Protecting patient privacy at every stage of care

  • Maintaining trust through secure, transparent data management

If you have any questions about our Privacy & Data Protection Policy, please contact us at info@thehealthequation.co.uk