Patients of Dr Claire Taylor - you may need to ensure your private medical data is safe
It has become apparent that Dr Taylor may not have saved many patient records on the clinical record system at Jura Health. Those not on Jura’s protected system under GDPR seem to be held elsewhere outwith that clinic, very possibly on a home computer. This means your data isn’t held under the information shared on the privacy statement on her website, for which Jura Health was the data controller.
This is not good, or safe, for your private medical data.
If you are concerned the first steps are to submit subject access requests for all data held on you from both Jura Health and from Dr Taylor.
Here is an outline from the Information Commissioner’s Office on how to go about this:
https://ico.org.uk/for-the-public/getting-copies-of-your-information-subject-access-request/
Here is what to expect after submitting your requests:
The above link contains information on timelines. Generally organisations have one month to respond with your information. They can request a further two months but they MUST inform you of this in writing.
If you are not successful in gaining your data, you may wish to make a complaint:
https://ico.org.uk/make-a-complaint/data-protection-complaints/
However, if it is confirmed that your data has not been (at all or fully) held on Jura’s clinical systems, then it would be prudent to make a complaint to Dr Taylor directly, then escalate to the Information Commissioner’s Office if the issue is not resolved.
A home computer system does not have the same protection as a clinical system. Your data there is not held under GDPR.
You may even want to request for your data to be erased from an unsafe system - but it is a very good idea to take the ICO’s advice first.
Please note, this is NOT about attacking an individual Dr. It IS about letting you know that your very sensitive medical data may not have been held appropriately, safely or with adequate process. Given patients were lead to believe, via the privacy statement, that Jura was the data controller, this is a breach of trust and may pose a danger to you.
Your medical data is exceptionally sensitive. It is best to make sure it is safe. There is good reason why health providers are required to adhere to GDPR rules.
I appreciate this is a sensitive topic. Please assess this information and decide your own course of action.