Privacy & Confidentiality Policies

1. Introduction

At the Centre for ADHD Research and Excellence (CARE ADHD), we take the privacy and confidentiality of your personal information very seriously. This Privacy Policy outlines how we collect, use, store, and protect your data in compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal data is:

Centre for ADHD Research and Excellence
Unit 8 The Courtyard, Gaulby Lane,
Stoughton, Leicester, LE2 2FL
Email: enquiries@careadhd.co.uk

3. Information We Collect

We may collect the following types of personal data:

  • Personal Details: Name, date of birth, address, ethnicity and contact information.

  • Medical Information: Health history, symptoms, treatment plans, and medical records.

  • Appointment Information: Details of appointments, consultations, and interactions with our clinic.

  • Communication Records: Correspondence with healthcare professionals and administrative staff.

  • Research Data: If you participate in our research studies, we may collect additional data with your explicit consent.

4. How We Use Your Data

We use your personal data for the following purposes:

  • Healthcare Services: To provide you with healthcare services, including diagnosis, treatment, and follow-up care.

  • Appointment Management: To manage your appointments and consultations.

  • Communication: To communicate with you regarding your healthcare, send appointment reminders, and handle administrative matters.

  • Service Quality: To ensure the safety and quality of our healthcare services.

  • Research and Analysis: To conduct research and analysis aimed at improving our services and contributing to scientific knowledge in the field of ADHD, with your consent.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contractual Obligations: To fulfil our contractual obligations to provide healthcare services to you.

  • Legal Compliance: To comply with legal and regulatory obligations, including clinical governance and safeguarding requirements.

  • Consent: With your consent, for specific purposes such as research participation or marketing communications.

  • Vital Interests: To protect your vital interests, particularly in cases where your health or safety is at risk.

  • Legitimate Interests: For the legitimate interests pursued by CARE ADHD, such as improving healthcare services and conducting research, provided that your fundamental rights and freedoms are not overridden.

6. Sharing Your Data

We may share your personal data with the following recipients:

  • Healthcare Professionals: Doctors, nurses, therapists, and administrative staff involved in your care.

  • Other Healthcare Providers: Other healthcare organisations or providers involved in your treatment, with your consent.

  • Public Authorities: Regulatory bodies or public authorities where required by law or for safeguarding purposes.

  • Third-Party Service Providers: Service providers who assist us in delivering healthcare services, IT support, and administrative functions.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, or as otherwise agreed with you. After this period, your data will be securely deleted or anonymised.

8. Your Rights

You have the following rights regarding your personal data:

  • Right to Access: You can request access to your personal data and information about how it is processed.

  • Right to Rectification: You can request corrections to any inaccurate or incomplete data.

  • Right to Erasure: You can request the deletion of your personal data under certain circumstances.

  • Right to Restrict Processing: You can request restrictions on the processing of your data in certain situations.

  • Right to Data Portability: You can request a copy of your data in a commonly used, machine-readable format.

  • Right to Object: You can object to the processing of your data based on legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent: If we process your data based on consent, you can withdraw your consent at any time.

9. How to Contact Us

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us:

Data Protection Officer
Centre for ADHD Research and Excellence (CARE ADHD)
Email: enquiries@careadhd.co.uk

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be published on our website and communicated to you as appropriate.

Confidentiality Policy

1. Introduction

At the Centre for ADHD Research and Excellence (CARE ADHD), we are committed to maintaining the confidentiality of all personal and sensitive information entrusted to us by our patients, staff, and stakeholders. This Confidentiality Policy outlines our commitment to safeguarding the privacy of individuals’ information in accordance with legal and ethical standards.

2. Policy Statement

CARE ADHD aims to:

  • Respect Privacy: Respect the privacy and confidentiality of all individuals associated with our clinic, including patients, staff, volunteers, and stakeholders.

  • Secure Handling: Ensure that all personal and sensitive information is handled securely and disclosed only on a need-to-know basis for legitimate purposes.

  • Legal Compliance: Comply with relevant data protection legislation and professional standards governing the handling of confidential information.

3. Confidential Information

3.1. Definition: Confidential information includes, but is not limited to:

  • Personal details (e.g., name, address, contact information)

  • Medical records and health information

  • Financial information

  • Staff records and employment details

  • Any other information deemed sensitive or confidential

3.2. Handling: All confidential information must be stored, transmitted, and accessed securely to prevent unauthorised disclosure or access.

4. Access to Confidential Information

4.1. Authorised Access: Access to confidential information is restricted to individuals who require it for legitimate purposes, such as providing healthcare services, conducting administrative tasks, or fulfilling legal requirements.

4.2. Confidentiality Agreements: All staff, volunteers, and third-party contractors with access to confidential information must sign confidentiality agreements acknowledging their responsibilities and obligations.

5. Disclosure of Information

5.1. Disclosure Purpose: Confidential information may be disclosed only for purposes consistent with the individual’s consent or as required by law, regulatory authorities, or professional standards.

5.2. Patient Consent: Patient consent must be obtained before disclosing any confidential information, except where disclosure is necessary to protect the individual’s or others’ health and safety.

5.3. Medication Information Sharing: If you are initiated on medication treatment, CARE ADHD will share relevant information with other healthcare professionals, such as your GP, in accordance with the General Medical Council (GMC) guidelines on safe prescribing of medication.

5.4. Objections to Sharing: If a patient objects to the sharing of personal information, we will not disclose it unless justified in the public interest or if it benefits a patient who lacks capacity. Patients will be informed of the potential consequences of such a decision.

6. Data Security and Protection

6.1. Security Measures: CARE ADHD employs appropriate technical and organisational measures to ensure the security and protection of confidential information against unauthorised access, loss, or disclosure.

6.2. Data Breach Response: In the event of a data breach or unauthorised disclosure, CARE ADHD will promptly investigate, mitigate any potential harm, and notify affected individuals and regulatory authorities as required by law.

7. Training and Awareness

7.1. Staff Training: All staff, volunteers, and contractors receive training on confidentiality policies and procedures during induction and ongoing professional development.

7.2. Awareness Campaigns: CARE ADHD conducts regular campaigns to reinforce the importance of confidentiality and privacy.

8. Policy Review

This Confidentiality Policy will be reviewed regularly to ensure compliance with relevant legislation, professional standards, and best practices. Updates or revisions will be communicated to all staff and stakeholders.

9. Children and Young People (CYP) Portal 

This Confidentiality Policy will be reviewed regularly to ensure compliance with relevant legislation, professional standards, and best practices. Updates or revisions will be communicated to all staff and stakeholders.

9.1. How We Use Information

Our Children and Young People (CYP) Portal allows us to securely collect and manage information so we can provide safe and effective care. It also enables secure communication between the young person, their authorised representatives, and our clinical team. When a young person has the capacity to make their own decisions, we will seek their explicit consent before creating or granting access to their portal account. If capacity is unclear or not established, we will obtain consent from a parent or legal guardian who has the appropriate authority to act on the young person’s behalf. 

9.2. Compulsory Sharing of Outcomes with GPs

To maintain clinical safety and ensure appropriate oversight, it is now a requirement of our service that assessment outcomes and relevant updates are shared with the young person’s GP. This ensures that their primary healthcare provider is aware of our involvement and can support coordinated care. This requirement applies to all individuals accessing or continuing to access our services. 

9.3. Lawful Basis for Processing

We process personal information through the CYP Portal under the UK GDPR. Our primary lawful basis is Article 6(1)(e), which allows processing necessary for tasks carried out in the public interest, specifically the provision of health and social care. For special category data such as health information, we rely on Article 9(2)(h), which permits processing necessary for the assessment, diagnosis, and delivery of health or social care. 
In limited circumstances, such as the creation of a portal account or communication via a representative, we may rely on explicit consent. Where consent is used, it may be withdrawn at any time, although doing so may affect access to the portal or elements of the service.

9.4. International Transfers

Some of our digital systems may involve the processing or storage of information outside the UK. Any international transfers are carried out in compliance with UK GDPR using appropriate safeguards such as adequacy regulations or standard contractual clauses. These measures ensure that your information is protected to the same standard as if it were processed within the UK. 

9.5. Keeping You Informed

If we introduce new uses of personal data or make changes that affect how your information is processed, we will update this notice and inform relevant service users so that our processing remains transparent, fair, and compliant. 

These Privacy and Confidentiality Policies are designed to protect your rights and ensure the highest standards of privacy and confidentiality at CARE ADHD. If you have any questions, please do not hesitate to contact us.