Pay for yourself
Pay for yourself with our fixed price packages. This includes your pre-assessment, treatment, follow-ups and 6 months' aftercare
We will review this Privacy Notice on a periodic basis and we advise you to check back on our website for the latest version.
Circle Health, the independent hospital group, acquired BMI Healthcare in the year 2020 in a deal to deliver a new generation of best-in-class hospitals. Our hospitals are run by Circle Health Group (CHG). Some of our hospitals (BMI Southend Private Hospital, BMI Three Shires Hospital and BMI Syon Clinic) and some of the services in some of our hospitals (the oncology service at BMI Beardwood Hospital and some imaging services at BMI Mount Alvernia Hospital and BMI Three Shires Hospital) are owned by partner companies, each of which has a management contract with BMI Healthcare and forms part of the Circle Health Group. A partner company also owns the CT and MRI scanners at BMI The Meriden Hospital; this service is managed by UME.
All these companies are registered at Circle Health Group, 1st Floor, 30 Cannon Street, London EC4M 6XH and their full names and registered company numbers are as follows:
Each of these companies may, to the extent relevant, collect, retain and use information about you and we refer to these collectively as 'Circle Health Group' in this document.
We may from time to time include on our websites links to and from the websites of other organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies and notices before you submit any personal data to these websites.
We have information about you which you and others involved in your care and treatment (or their secretaries) or who are paying for your care and treatment have supplied to us. This is likely to include your name and contact details (postal and email addresses and phone numbers) as well as emergency contact details, including your next of kin. For our health assessment clients who come to us through their employer's health assessment benefit scheme, we have information about you which your employer has supplied to us. This is likely to include your name and contact details (postal and email addresses and phone numbers).
We may also hold more sensitive information about you, such as your current or previous physical or mental health, your sex life and/or sexual orientation, your religion, nationality, race and/or ethnicity and genetic or biometric data relating to you. This may also include details of healthcare services provided previously by CHG and others such as GPs, dentists or hospitals, previous hospital visits and details of any medications you have been prescribed or taken. We refer to this as 'more sensitive information' in this Privacy Notice.
We may collect information from you when you visit our websites or enquire about our products or services. We may hold information about you contained in enquiry or booking forms, including through our 'make an enquiry' or 'Live Support' sections of our websites. In addition, we may hold information about you that you provide in surveys or in feedback or from transactions you carry out on our websites or online payments you make.
If you call our helpline or hospitals contact our live support via our website, these telephone calls or live chats may be recorded and retained for a limited period for training and monitoring purposes and to help improve our services.
Sometimes we obtain information about you from credit reference agencies, debt collection agencies and government agencies such as HMRC or the Home Office.
In order for us to provide your health assessment, care and/or treatment, we ask that you provide as much information to us as you can. You are of course free not to disclose information to us and you should only provide such information as you feel comfortable doing so. Please bear in mind, however, that if you are only willing to share limited information, we may not be able to provide you with a full health assessment or the full range of care and treatment (as applicable), and that could mean being unable to see you at the hospital (since we may not be able to share your information in the way required in order to provide your health assessment, care or treatment, or run our business (for example, billing) and comply with our legal obligations).
We use information about you in connection with your health assessment, treatment and/or care, including tests or assessments and medical examinations. We will use this also in connection with payment of fees, including billing, invoicing and settlement of your account with us.
We may use your phone number (or email address where you have provided it to us) to contact you in advance of and after your admission or appointment for reasons connected with your health assessment, care or treatment. Where you have provided us with your mobile number or email address, we may send you confirmations/reminders of your appointments via text message or email and we may respond to your email enquiries via email.
We may also use information about you for quality assurance, maintaining our business records, developing and improving our products and services and monitoring outcomes where we believe there is a business need to do so and our use of information about you does not cause harm to you. This may include our workforce planning and workload management systems to help support our staff and clinicians to develop and plan the most appropriate levels of care to our patients and to ensure we have got the right levels of productivity and efficiency and good outcomes for patients.
We may also use information about you where there is a legal or regulatory obligation on us to do so (such as the prevention of fraud) or in connection with legal proceedings.
We may also use information about you where you have provided your consent to us doing so.
Please see also the more detailed information in the section below.
Yes; we set out these reasons below and assure you that in each case, we share only such information as is appropriate.
We will share your medical information with those involved in your health assessment, care or treatment (such as doctors, nurses and physiotherapists) for medical purposes (including the provision of health assessments). Some of our nursing staff and the resident doctors in our hospitals are provided by specialist staffing agencies. Consultants (such as surgeons, anaesthetists and radiologists) and some of their medical secretaries are also not employed by us.
We will share information about you with other members of staff involved in the delivery of your care (such as our housekeeping teams, medical secretaries, receptionists, and porters).
Some of those involved with your health assessment, treatment or care are external companies providing services such as blood tests and blood for transfusions, analysis of tissue samples, such as biopsies, and catering. We work with some specialist companies that are based outside of the United Kingdom; including for specialist medical devices, bespoke prostheses and certain genomic testing. Local NHS hospitals provide some of our hospitals with support services (such as blood tests and housekeeping) and we may share information about you with these hospitals where required in connection with your care.
We may also share relevant parts of your medical information with your GP, dentist, NHS hospitals, other private hospitals and the organisation paying for your treatment (for example your insurance company, embassy, employer or NHS commissioner). For our health assessment clients who come to us through their employer's health assessment benefit scheme, please be assured that we will not share your medical information with your employer.
If we are concerned that you may be vulnerable or 'at risk', we may share information about you with the local Safeguarding Team, the specialist members of which come from the local authority, NHS organisations and the police.
We may share information about you with anyone you have asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin).
We may share information about you with external organisations such as our lawyers, auditors, financial, tax and public relations advisors and NHS organisations. We may also share information about you with third party suppliers, which provide us with a secure credit/debit card storage system, document scanning and off-site storage facilities, electronic patient and clinical staff administration and records systems and radiology imaging archiving and reporting systems. We may also share information about you with those providing us with information technology systems, this includes an incident management and recording system and a system for electronic prescribing as well as other clinical and non-clinical software applications (and related services) and website hosting. In each case, we would share only such information as was relevant.
If your bill is not paid on time, we may share information (such as copy invoices) with debt collection agencies. If you apply for the BMICard (which offers payment options for treatment at our hospitals), information relating to your application will be shared with the CHG team which processes these applications and may also be shared with credit checking agencies.
Please be assured that your medical records would not be shared either with credit checking agencies or with debt collection agencies. If you do not apply for the BMICard and your bill is paid on time, then no information about you will be shared with these agencies.
* This section does not apply to health assessment clients as payment for those assessment services is made either by your employer or in advance by you where you pay for these services yourself.
It is a common practice for our consultants to write to your GP following consultation with us. If, however you ask us not to share your data with your GP, we shall respect your request where we are legally permitted to do so. A decision to restrict the sharing of information with your GP could be negatively detrimental to your health and care and we strongly advise against it.
We may share information about you with our regulators, including the Care Quality Commission, Healthcare Improvement Scotland and Healthcare Inspectorate Wales (which inspect our hospitals in England, Scotland and Wales respectively). Other regulators with whom we may share information about you include the Medicines and Healthcare products Regulatory Agency (which ensures medicines and medical devices used in the UK work and are acceptably safe), the Human Fertilisation and Embryology Authority (which regulates and inspects all our clinics providing fertility services or which store eggs, sperm or embryos), NHS England (which leads the NHS in England) and the Department of Health (the government department responsible for health and adult social care policy).
Sometimes, we are required to disclose information about you because we are legally required to do so. This may be because of a court order or because a regulatory body has statutory powers to access patients' or health assessment clients' records as part of their duties to investigate complaints, accidents or health professionals' fitness to practise. Before any disclosure will be made, we will satisfy ourselves that any disclosure sought is required by law or can be justified in the public interest. Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime. On occasion, this may include the Home Office and HMRC.
Most of the consultants treating patients in our facilities are not CHG employees; they are however self-employed practitioners working under strict confidential requirements. The consultant is the data controller of your personal data, either alone or jointly with CHG and they practice their specialties in accordance with the terms of our Practicing Privileges policy.
We try to ensure there is a single patient record for each patient who is seen at one of our hospitals, whether as an inpatient, outpatient or day case and we ask consultants working at our hospitals to ensure a copy of their records, including consultation records, is included in each patient's records at the hospital. In addition to this, your consultant may also create their own records about you; where this occurs, we may refer you to them to process and respond to any requests from you, where you may have exercised your information rights under Data Protection Laws. Audits, surveys and initiatives
In common with all healthcare providers (both NHS and private), we look at the quality of the care we provide to patients and health assessment clients and participate in national audits and initiatives to ensure that patients are getting the best possible outcomes from their treatment and care and to help patients make informed choices about the care they receive. We can assure you that your personal information remains under our control at all times and we ensure that, except as described below in relation to Quality Health, the survey provider we use for our patient surveys, any information we provide for national audits and initiatives outside of CHG will not contain any information in which any patient can be identified, unless it is required by law. Any publishing of this data will be in anonymised statistical form.
We use Quality Health, an independent survey provider, to help us with patient surveys. These surveys allow you to share your views to help us improve the services we offer (our patient satisfaction survey), help us to assess outcomes from your treatment and care (our outcomes survey), and give you the opportunity to share your views to help Consultants improve the services they offer (our consultant survey).
If you undergo a certain type of surgical procedure, you will be invited to complete two outcomes surveys, one survey before your operation and a second survey after your operation. The purpose of these surveys is to help ensure that patients are getting the best possible outcomes from their treatment and care. The outcomes surveys are offered in paper format. If you complete a paper outcomes questionnaire, we will share with Quality Health your name, date of birth, patient record number, and your Consultant's name.
Following your appointment or discharge from hospital, you will be invited to complete our patient satisfaction survey and our Consultant survey. We offer the patient satisfaction survey both in paper and online format. We will share with Quality Health your name and your email address so they can send you a link to the online patient satisfaction survey after you have been discharged. If you include your contact details on the online survey form or on the paper survey form, then Quality Health will hold those details. Quality Health collates and analyses the responses received and passes these to us; unless you choose to include your contact details, we cannot identify individual patients from those responses. Also, Quality Health shares information about NHS patients directly with NHS Digital for outcome and satisfaction data.
We offer the Consultant survey in paper format. If you complete this survey, we will share with Quality Health your name, date of birth, patient record number, the date you attended the hospital for your appointment, and your Consultant's General Medical Council registration number.
We may also ask you questions about the quality of our service at the end of our telephone-based pre-assessment screening.
One of the national programmes we participate in is run by the Private Healthcare Information Network (PHIN) which is an independent statutory entity enabling patients to compare privately-funded healthcare (both hospitals and consultants). PHIN has its own privacy notice (a copy of which can be accessed via their website). We may share some of your personal data (including NHS Number in England and Wales, CHI Number in Scotland or Health and Care Number in Northern Ireland, as well as age, gender, ethnicity or race, diagnosis, and details relating to the procedure you underwent) with PHIN. That would enable PHIN to send this Number to the relevant national information authority (for example NHS Digital in England) which can link it to national hospital and mortality data. The linked information, with your personal data removed, would then be provided to PHIN to measure quality of care, check for adverse events after discharge from this hospital, such as unplanned readmissions to hospital, emergency transfers between hospitals, or deaths following treatment. Additionally, the records we send to PHIN will include your postcode to enable statistical processing. Personal information is treated with high standards of confidentiality in accordance with data protection laws and the duty of confidentiality. Any information that is published will always be in anonymised statistical form and will not identify you. This information will not be shared or analysed for any purpose other than those described in this section. As we are required by law to share this information with PHIN, and it is also necessary for the purposes of the management of the private health sector, we do not need your consent in order to share it.
In addition, we are also required to provide Patient Reported Outcome Measures (PROMS) – patient reported health improvements following treatment and details of any adverse events relating to the patients treated.
If we were to sell or transfer a hospital or part of our business to another organisation, your patient and health assessment records would also transfer to the new owner. Limited information may also be shared, where required, with legal and other professional advisors involved in that transaction.
The reason we would transfer your records is to minimise the disruption to current or past patients caused by the sale or transfer and to ensure we and a new owner were able to comply with our legal obligations regarding the retention of patients' and other clients' medical records and to ensure continuity of care.
You may choose to opt in to receiving information about other services CHG offers by post or email.
In this case, your consent or decision to opt in is entirely voluntary. Should you decide not to consent or opt in or should you change your mind at any time, you do not need to give a reason and your medical care and legal rights will not be affected. You can opt-out by clicking on the 'unsubscribe' button in all our marketing communications.
Apart from this limited instance, we do not hold or share information about you based on (or at least solely on) consent.
Data protection law requires that we set out the legal basis for holding and using information about you. We have set out the various reasons we use information about you and alongside each, the legal basis for doing so. Given that some information we hold about you is particularly sensitive (as described above), we need an additional legal basis which we have set out in the third column (entitled 'legal basis for more sensitive information') explaining our reason for this.
We need to use the information for reasons of substantial public interest
The information about you that we hold and use is held securely in the United Kingdom and stored in paper format and on our secure servers. However, in some instances, your personal information may be processed for medical purposes or (particularly information not involving your medical information, because there is a legitimate interest or it is necessary for the performance of services to you) outside the United Kingdom ("UK") where the organisation paying for your health assessment, care or treatment is based outside the UK or where one of our suppliers is operating outside the UK. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
We retain your records for certain periods (depending on the particular type of record) under our retention of records policy. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care; to support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate interests, and to meet legal requirements. Your records may be transferred to an off-site storage provider, who will digitise and retain an electronic copy of your records, only. Your records may not be retained in hard copy form where a digital copy exists.
If you would like more detailed information on this, please contact our Head of Information Governance and Data Protection Officer (DPO) (contact details below).
The national data opt-out is a service that allows the public to register to opt-out of their confidential patient information being used for research and planning, in line with the recommendations of the National Data Guardian. It gives people more control over how their confidential patient information is used. Information is available on the NHS website and you can raise your queries by emailing the Head of Information Governance and Data Protection Officer (DPO).
We use third party providers such as Google, Facebook and other social media platforms to display relevant and focused adverts to target audiences. This is a form of automated decision making, undertaken by third parties, which can be based on specific criteria. For instance, adverts may be displayed in Google search results to reflect your search terms, or an event promotion on Facebook based on criteria such as demographics, location and job title. You have a right to not be subject to decisions that are made about you by computer alone. To update your preferences for advertising in this way, please contact these third-party providers directly.
Under certain circumstances, you have rights under data protection laws in relation to any personal information that we hold about you.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you wish to exercise any of the rights set out below, please contact the Data Protection Officer (DPO) using the contact details set out below.
Details of your rights are set out below.
You are usually entitled to a copy of the personal information we hold about you and details about how we use it.
Your information will usually be provided to you in writing, unless otherwise requested. If you have made the request electronically (e.g. by email) the information will be provided to you by electronic means where possible.
You are entitled to the following under data protection law.
Under data protection law we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you:
We also need to provide you with a copy of your personal information.
If you are a patient of CHG and you wish to request details of or a copy of your medical records, please contact the hospital at which you have received the care and treatment. For all other requests for any personal information we may hold (such as employment records, if you are an ex-employee) please direct your request to the Data Protection Officer (DPO) using the contact details below.
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
In some circumstances, you have the right to request the erasure of the personal information that we hold about you. This is also known as the 'right to be forgotten'. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
In some circumstances, you have the right to object to the processing of your personal information. However, there are exceptions to this right and we do not have to "pause" the processing of your information where, in particular, if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.
As detailed in the 'marketing' section above, you can ask us to stop sending you marketing messages at any time and we must comply with your request. You can do this by contacting the Head of Information Governance and Data Protection Officer (DPO) .
You have a right to not be subject to automatic decisions (i.e. decisions that are made about you by computer alone) that have a legal or other significant effect on you.
You have the right to withdraw your consent where we rely upon this as a legal ground for processing your information. You can do this by contacting our Head of Information Governance and Data Protection Officer (DPO).
You have the right to complain to the Information Commissioner's Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations under data protection law.
Making a complaint will not affect any other legal rights or remedies that you have.
More information can be found on the Information Commissioner's Office website: https://ico.org.uk/ and the Information Commissioner's Office can be contacted by post, phone, fax or email as follows:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 9 (if you prefer to use a national rate number)
Fax: 01625 524 510Email: [email protected]
We use CCTV in various parts of our hospitals. CCTV is used for the safety and security of our patients, health assessment clients, visitors, and staff.
We (or third parties acting on our behalf) may transfer, store or process information about you in countries outside the UK. Where this is the case we take the required steps to ensure that your personal information is protected. As described briefly above in this Privacy Notice we may, from time to time and where it is necessary to do so in order to provide you with the best care and treatment, engage and work with some specialist companies that are based outside of the UK. This includes providers of specialist medical devices, such as robotic surgical aids and cardiac monitoring, bespoke prostheses and certain genomic testing. In order to make use of those services, your personal data may have to be transferred to the provider of the device or service in question, all of whom are currently based in the US. That transfer would only take place where there are robust technical and organisational measures including standard contractual clauses prescribed by the UK's Information Commissioner, which oblige the recipient of your data to ensure that it is appropriately safeguarded.
We may also transfer specimens to specialist clinics in the US for particular specialised tests, but this will only take place in circumstances where we have a lawful basis to do so (of both the specimen and data) and there are adequate technological and organisational securities in place.
This list of transfers of personal data outside the UK is correct as of the date of this Privacy Notice.
For further questions or to exercise any rights set out in this Privacy Notice, please contact BMI Healthcare's Head of Information Governance and Data Protection Officer:
Head of Information Governance & DPO
BMI Healthcare Limited
30 Cannon Street
Email: [email protected].
Pay for yourself with our fixed price packages. This includes your pre-assessment, treatment, follow-ups and 6 months' aftercare
We are widely recognised by health insurers. Ask your insurer about your cover and for an insurer pre-authorisation code
Pay for yourself with monthly repayments spread over 12 months, interest-free (terms and conditions apply)