MSCL PRIVACY NOTICE FOR PATIENTS

The Medical and Surgical Centre Limited (“MSCL” or “we” or “us”) owns and operates Wellkin Hospital (‘the hospital”). As a healthcare provider, MSCL collects, both in paper and electronic forms, and processes personal information relating to its patients in order to provide proper, necessary and effective treatment to its patients. When we do, we are regulated as a Controller of that personal information by the Data Protection Act 2017 or, where applicable, the European General Data Protection Regulations (“GDPR”) (together the “Data Protection Laws”). For purposes of this Privacy Notice, “personal information” means any information relating to you from which you can be identified. It does not include data where your identity has been removed (anonymous data).

We are committed to being transparent about how we process our patients’ personal information and to meeting our data protection obligations under the Data Protection Laws.

This Privacy Notice sets out important details about personal information that MSCL and doctors or other health practitioners responsible for your care, treatment and health assessments at the hospital may collect and hold about you, how that information may be used and your legal rights.  Please take time to read this Privacy Notice carefully and contact us if you have any questions about its content.

We will review this Privacy Notice on a periodic basis and we advise you to check back on our website for the latest version.

 

WHO WE ARE
MSCL is part of the CIEL Group. Our information details are as follows:

  • Business Registration Number: C07002054
  • Registered office : Georges Guibert Street, Floreal
  • Phone number: +230 605 1000
  • Fax number: +230 605 1100

 

WHAT PERSONAL INFORMATIONS DOES MSCL COLLECTS AND HOLD ABOUT YOU?
The personal information includes:

  • Your full name, date of birth, address, phone number, and email address
  • Your next of kin contact details (full name, address, phone number, and email address)
  • Medical test results, symptoms and diagnoses
  • Details of contact we have had with you, such as referrals
  • Details of the services you have received
  • Patient experience feedback and treatment outcome information you provide
  • Notes and reports about your health and any treatment you have received or need, including clinic and operational visits and medicines administered.

The personal information MSCL holds about you helps it to:

  • Provide a good basis for all health decisions made by you and your healthcare professional
  • Make sure your care is safe and effective
  • Work effectively with others providing you with care
  • Assess the quality of care we give you
  • Protect the health of the general public
  • Manage health services
  • Help investigate any concerns or complaints you or your family have about your healthcare
  • Report infectious diseases
  • Help with accounts and auditing
  • Secure clinical funding from your insurance companies
  • Evaluating and improving patient safety
  • Training other healthcare professionals (trainee doctors, nurses etc.)
  • Conducting clinical research and audit

MSCL records may include relevant information that you have told us, or information provided on your behalf by relatives or those who care for you and know you well, or from health professionals and other staff directly involved in your care and treatment.

Your records may be held by MSCL either in paper-form or electronically in a computer system.

 

SOURCE OF INFORMATION
We have personal information about you which you and others involved in your care and treatment or who are paying for your care and treatment have supplied to us. For our health assessment clients who come to us through their employer’s health assessment benefit scheme, we have information about you which your employer has supplied to us.

We may collect information from you when you visit our websites or enquire about our products or services.  We may hold personal information about you contained in enquiry or booking forms, including through our ‘Book an Appointment’ or ‘Patient Registration’ or ‘contact us’ or ‘Promotions’ sections of our websites.  In addition we may hold personal information about you that you provide in surveys or in feedback.

If you call our helpline, these telephone calls may be recorded and retained for a limited period for training and monitoring purposes and to help improve our services.

In order for us to provide your health assessment, care and/or treatment, we ask that you provide as much personal information to us as you can.  You are of course free not to disclose information to us and you should only provide such information as you feel comfortable doing so.  Please bear in mind, however, that if you are only willing to share limited information, we may not be able to provide you with a full health assessment or the full range of care and treatment (as applicable), and that could mean being unable to see you at the hospital (since we may not be able to share your information in the way required in order to provide your health assessment, care or treatment, or run our business (for example, billing) and comply with our legal obligations).

 

HOW WILL MSCL USE THE PERSONAL INFORMATION IT HOLDS ABOUT YOU?
We use information about you in connection with your health assessment, treatment and/or care, including tests or assessments and medical examinations. We will use this also in connection with payment of fees, including billing, invoicing and settlement of your account with us.

We may use your phone number (or email address where you have provided it to us) to contact you in advance of and after your admission or appointment for reasons connected with your health assessment, care or treatment.  Where you have provided us with your mobile number or email address, we may send you confirmations/reminders of your appointments via text message or email and we may respond to your email enquiries via email.

We may also use information about you for quality assurance, maintaining our business records, developing and improving our products and services and monitoring outcomes where we believe there is a business need to do so and our use of information about you does not cause harm to you.  This may include our workforce planning and workload management systems to help support our staff and clinicians to develop and plan the most appropriate levels of care to our patients and to ensure we have got the right levels of productivity and efficiency and good outcomes for patients.

We may also use information about you where there is a legal or regulatory obligation on us to do so (such as the prevention of fraud) or in connection with legal proceedings.

We may also use information about you where you have provided your consent to us doing so.

We do not carry out automated decision making or profiling.

 

WILL MSCL SHARE PERSONAL INFORMATION ABOUT ME WITH OTHERS?
MSCL will share your personal information with those involved in your health assessment, care or treatment for medical purposes. In addition to employed medical staff of the hospital, there are a number of visiting doctors and consultants who are not employed by us but who delivers medical services to our patients under a service agreement with MSCL. We ensure there is a single patient record for each patient who is seen by the consultants, whether as an inpatient, outpatient or day case and we ask consultants working at our hospitals to ensure a copy of their records, including consultation records, is included in each patient’s records at the hospital.  We also ensure that there are strict confidentiality requirements and data protection clauses binding the said consultants when administering care to patients at the hospital.

We will also share information about you with other members of staff involved in the delivery of your care on a needs to know basis (such as our housekeeping teams, medical secretaries and receptionists).

Some of those involved with your health assessment, treatment or care are external companies providing services such as blood tests and blood for transfusions, analysis of tissue samples, such as biopsies, and catering.  We work with some specialist companies that are based outside of Mauritius and we may share information about you with these companies where required in connection with your care.

We may also share relevant parts of your medical information with the organisation paying for your treatment (for example your insurance company) and assure you that in each case, we share only such personal information as is appropriate.

If we are concerned that you may be vulnerable or ‘at risk’, we may share information about you with the the police.

We may share information about you with anyone you have asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin).

 

SHARING PERSONAL INFORMATION ABOUT WITH THIRD PARTIES WHO ARE NOT INVOLVED IN YOUR HEALTH ASSESSMENT, CARE OR TREATMENT
We may share information about you with external organisations such as our lawyers, auditors, financial, tax and public relations advisors.  We may also share information about you with third party suppliers, which provide us with a secure credit/debit card storage system, document scanning and storage facilities, electronic patient and clinical staff administration and records systems and radiology imaging archiving and reporting systems.  We may also share information about you with those providing us with information technology systems, this includes an incident management and recording system and a system for electronic prescribing as well as other clinical and non-clinical software applications (and related services) and website hosting.  In each case, we would share only such information as was relevant.

 

SHARING WITH REGULATORS OR BECAUSE OF A LEGAL OBLIGATION
We may share information about you with our regulators.

We may be required to disclose information about you because we are legally required to do so.  This may be because of a court order or because a regulatory body has statutory powers to access patients’ or health assessment clients’ records as part of their duties to investigate complaints, accidents or health professionals’ fitness to practise. Before any disclosure will be made, we will satisfy ourselves that any disclosure sought is required by law or can be justified in the public interest.   Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime.

 

CHANGE OF HOSPITAL OWNERSHIP
If we were to sell or transfer the hospital or part of our business to another organisation, your patient and health assessment records would also transfer to the new owner.  Limited information may also be shared, where required, with legal and other professional advisors involved in that transaction.

The reason we would transfer your records is to minimise the disruption to current or past patients caused by the sale or transfer and to ensure we and a new owner are able to comply with our legal obligations regarding the retention of patients’ and other clients’ medical records and to ensure continuity of care.

 

WHERE YOU HAVE PROVIDED US WITH CONSENT
During the registration process or on our website, you may choose to opt in to receiving information about other services MSCL offers by email.

In each of these cases, your consent or decision to opt in is entirely voluntary.  Should you decide not to consent or opt in or should you change your mind at any time, you do not need to give a reason and your medical care and legal rights will not be affected.  You can opt-out by clicking on the ‘unsubscribe’ button in all our marketing communications.

Apart from this limited instances, we do not hold or share information about you based on (or at least solely on) consent.

 

WHAT LEGAL BASIS DOES MSCL HAS FOR USING INFORMATION ABOUT ME?
Data protection law requires that we set out the legal basis for holding and using information about you.  We have set out the various reasons we use information about you and alongside each, the legal basis for doing so.  Given that some information we hold about you is particularly sensitive (as described above), we need an additional legal basis which we have set out in the third column (entitled ‘legal basis for more sensitive information’) explaining our reason for this.

Reason for processing personal information Legal Basis Legal Basis for more sensitive information
Taking an enquiry and establishing an initial patient record Taking the necessary steps so that you can enter into a contract with us for the delivery of healthcare (or health assessment) The use is necessary for the provision of health care or treatment and to protect your vital interests.
Providing you with health assessment services, care and/or treatment Providing you with health assessment services, care and/or treatment

Fulfilling our contract with you for the provision of care and treatment

We need to use the information in order to provide care and treatment (or a health assessment) to you

The use is necessary to protect your vital interests including where you are physically or legally incapable of giving consent

Liaising with other healthcare professionals about your care and updating others (such as your emergency contact) Providing you with care and treatment

We have a legitimate interest in ensuring that other healthcare professionals who are routinely involved in your care (such as your GP) have full details of your treatment

We need to use the information in order to provide care and treatment to you to protect your vital interests including where you are physically or legally incapable of giving consent

The use is necessary in order for us to establish, exercise or defend our legal rights

Settling your bill Providing you with health assessment services, care and/or treatment and for the legitimate interests pursued by MSCL.

Fulfilling our contract with you for the provision of health assessment services, care and/or treatment

We have a legitimate interest to use your information which does not overly prejudice you.

We need to use the information for the performance of our contract with you and to provide you with a health assessment, care and/or treatment

The use is necessary in order for us to establish, exercise or defend our legal rights

Providing improved quality, training and security (for example, recording or monitoring phone calls) and conducting post-treatment surveys We have a legitimate interest to use your information which does not overly prejudice you We need to use the information in order to manage the healthcare services we deliver, including carrying out surveys (which are not a form of marketing) in order to identify and carry out any necessary improvements in the level of care or services we provide to our patients.
Contacting you and resolving queries Providing you with health assessment services, care and/or treatment

We have a legitimate interest to use your information which does not overly prejudice you

The use is necessary for the provision of health assessment services, care or treatment pursuant to our contract.

The use is necessary in order for us to establish, exercise or defend our legal rights

Investigating and responding to complaints or claims, complying with our legal or regulatory obligations and defending or exercising our legal rights The use is necessary in order for us to comply with our legal obligations The use is necessary for reasons of the provision of health care or treatment.

The use is necessary for establishing, exercising or defending legal claims.

Managing our business: retaining patient records, maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (such as tax, financial, legal or public relations advice) We have a legitimate interest to use your information which does not overly prejudice you

The use is necessary in order for us to comply with our legal obligations.

More sensitive information about you would not be used in all these circumstances, but where it is, the basis on which we would be doing so would be:

The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems

The use is necessary for establishing, exercising or defending legal claims

Advising you of other services offered by MSCL (marketing) Our legitimate interest to use your information which does not overly prejudice you

You have provided your consent

More sensitive information about you would not need to be used in these circumstances and so no reason is included here
Passing your records to a third party to whom we sold or transferred part of our business or a hospital Providing you with health assessment services, care and/or treatment

The use is necessary in order for us to comply with our legal obligations

We need to transfer the information in order for health assessments, care and/or treatment to be provided to you

The transfer is necessary to protect your vital interests.

We need to transfer the information in order for others to provide informed healthcare services to you

WHERE AND FOR HOW LONG DOES MSCL STORE INFORMATION ABOUT YOU?
The information about you that we hold and use is held securely in Mauritius and stored in paper format and on our secure servers.  However, in some instances, your personal information may be processed for medical purposes or (particularly information not involving your medical information, because there is a legitimate interest or it is necessary for the performance of services to you) outside Mauritius where the organisation paying for your health assessment, care or treatment is based outside Mauritius or where one of our suppliers is operating outside Mauritius.  We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.

We retain your records for certain periods (depending on the particular type of record) under our retention of records policy.  This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care; to support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate interests, and to meet legal requirements.

If you would like more detailed information on this, please contact our Data Protection Officer (contact details below).

 

WHAT RIGHTS DO I HAVE?
The law provides you with certain rights in relation to the personal information about you that we hold.  You may exercise these at any time by contacting our Data Protection Officer (contact details below) or as otherwise noted below and without adversely affecting your medical care.

There will not usually be a charge for handling a request to exercise your rights and if we cannot comply with your request, we will usually tell you why.  If you make a large number of requests or it is clear it is not reasonable for us to comply with a request, then we do not need to respond or we can charge for doing so.

RIGHT OF ACCESS
You have the right to access information held about you. This includes details of what information we hold about you and a copy of that information.  The information will be provided free of charge and, unless there are grounds for extending the statutory deadline, the information will be provided to you within one month of receipt of your request.  Please note we will generally also ask for confirmation of your identity and may need further information from you in order to locate the information, in which case the time period starts from the date we have that detail.  Please note that in some cases we may not be able to comply fully with your request, such as where your request also involves information about someone else and it would not be fair to that other person to provide the information to you.

Please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

 

RIGHT TO RECTIFICATION
We take reasonable steps to ensure the information we hold about you is both accurate and complete.  However, you are entitled to have the information rectified if that is not the case.  Unless there are grounds for extending the statutory deadline, we will respond within one month of receipt of a rectification request.

Please contact the Administrative Desk at the Hospital or the Data Protection Officer (contact details below) should you wish to exercise this right.

 

RIGHT TO ERASURE (SOMETIMES REFERRED TO AS THE RIGHT TO BE ‘FORGOTTEN’)
In some circumstances, you have a right to have information about you ‘erased’ and to prevent us using or holding information about you.  Please note that we do not have to comply with such a request where it is necessary to keep your information for the purposes of establishing, making or defending legal claims.  If you make such a request and we comply with it, please be aware that we will retain a note of your name, the request made and the date we complied with it.

Please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

 

RIGHT TO RESTRICT PROCESSING
In some situations, you have a right to ‘block’ or suppress our holding or using information about you.  As with the right to erasure, please note that we do not have to comply with such a request where it is necessary to keep your information for the purposes of establishing, making or defending legal claims.

Please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

 

RIGHTS RELATING TO AUTOMATED DECISION MAKING
You have the right not to be subject to a decision when it is based on automated processing (i.e. by a computer alone); and it produces a legal effect or a similarly significant effect on you.  As noted above, MSCL does not carry out automated decision-making in relation to patients.

 

RIGHT TO WITHDRAW CONSENT
You have the right to withdraw consent to us holding or using information about you, but only if consent is the basis for us holding or using your information.   Please click the ‘unsubscribe’ button in marketing materials or otherwise please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

 

RIGHT TO OBJECT
You have the right to object to MSCL holding or using information about you in certain situations – where this is based on legitimate interests or direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.

Please contact the Data Protection Officer (contact details below) should you wish to exercise this right.

 

RIGHT TO COMPLAIN TO THE DATA PROTECTION OFFICE
You can complain to the Data Protection Office (DPO) if you are unhappy with the way we have dealt with a request from you to exercise any of your rights or if you think we have not complied with our legal obligations.  Whilst you do not have to do so, we would appreciate you making the Data Protection Officer aware of the issue and giving us an opportunity to respond and to address it before contacting the DPO.

Making a complaint will not affect any other legal rights or remedies that you have.  More information can be found on the DPO’s website: http://dataprotection.govmu.org and the Data Protection Office can be contacted by post, phone, or email as follows:

Data Protection Office
5th Floor, Sicom Tower
Wall Street, Ebene
Mauritius

Phone: +230 460-0251
Email: dpo@govmu.org

 

CONTACTING MSCL & THE DATA PROTECTION OFFICER
For further questions or to exercise any rights set out in this Privacy Notice, please contact MSCL Data Protection Officer:

Data Protection Officer
Georges Guibert Street
Curepipe, Mauritius
Phone: +230 601-2300

 

Last Updated: May 2018

Start typing and press Enter to search