Privacy Policy

1. Lawful Reason to Use Your Personal Information

HS Health Group Limited is committed to handling your personal information lawfully and transparently. We collect and process your data primarily for providing direct care under:

GDPR Article 6(1)(e): Performance of a task carried out in the public interest.
GDPR Article 9(2)(h): Medical diagnosis, provision of healthcare, or management of healthcare systems.

In certain cases, we may require your explicit consent to process your data:
GDPR Article 6(1)(a): Explicit consent.
GDPR Article 9(1)(a): Explicit consent for special category data.

Your consent will be recorded in our SystmOne. HS Health Group clinicians and other staff have a duty to care for you safely. If they cannot ensure your care safety with the withdrawal of your information which they need, they may need to discharge you from the Service and ask you to return to your GP.



2. National Data Opt-Out

We comply with the National Data Opt-Out policy. This means that if there is a data request that is in scope of the National Data Opt-out, and you have provided your NHS number to us and registered your choice with the National Data Opt-out programme, your data would not be shared by us. To manage your opt-out preferences and to find out more, please visit www.nhs.uk/your-nhs-data-matters or call 0300 3035678.

Your choice will only apply to the health and care systems in England. Your individual care will not be affected if you have applied the National Data Opt-out.

3. What data do we collect

In order to provide a safe and professional service, we need to keep certain records about you and we therefore may process the following types of data:

Your basic details and contact information e.g. your name, address, date of birth and next of kin;
Health and social care data about you, which might include both your physical and mental health data.
We may also record data about your race, ethnic origin, sexual orientation or religion.
Any contact the service has had with you, such as appointments and clinic visits
Notes and reports about your health
Details about your treatment and care
Results of investigations such as laboratory tests and x-rays
Relevant information from other health professionals, relatives or those who care for you
 
We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.

We process your data because we have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.

We process your special category data because
It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
It is necessary for us to provide and manage social care services;
We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.

4. Where do we process your data?

To provide high quality care and support we need specific data. This is collected from or shared with:

You or your legal representative(s);

We do this face to face, via phone, via email, via our website, via post.
Third parties are organisations we have a legal reason to share your data with. These may include:

Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, and other health and care professionals;
The Local Authority;
The police or other law enforcement agencies if we have to by law or court order.

5. Maintaining Confidentiality

We protect your privacy by adhering to the following laws and guidelines:

General Data Protection Regulation (GDPR) 2018.
Data Protection Act 2018.
Human Rights Act 1998.
Common Law Duty of Confidentiality
Health and Social Care Act 2012
NHS Codes of Confidentiality and Information Security
Information Governance: To Share or Not to Share Review.

Staff members only access your records with a legitimate purpose. All access is logged for monitoring and audit purposes. Unauthorised access is treated as a serious breach.

5. Sharing Information

We only share your data with other healthcare providers involved in your care or with your explicit consent, except in exceptional circumstances (e.g., life-threatening situations).

6. Accessing Your Records

Every member of staff who works for HS Health Group Ltd has a legal obligation to keep information about you confidential. Individual staff may only view your records with a legitimate reason for a legitimate purpose. This would of course include the clinician(s) directly involved in your care or other staff who might be ordering or receiving results linked to your care.

Other administration or management staff may need to access and use your records to contact you regarding appointments or your treatment. SystmOne, where your records are stored creates a record of who has accessed your record for control and audit purposes.

Accessing or allowing someone else to access, your record without a legitimate purpose by a member of our staff is a serious data breach and is dealt with under our disciplinary procedures and reported to the Information Commissioners Office.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it only with your explicit consent. We will not disclose your information to any 3rd party without your explicit consent unless there are exceptional circumstances (i.e., life or death situations), where the law requires information to be passed on and / or in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where ‘The duty to share information can be as important as the duty to protect patient confidentiality.’ This means that healthcare professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. This is supported by our policies, regulators and professional bodies.

7. Subject Access Request:

You have the right to access your personal information under GDPR, 2018. A Subject Access Request (SAR) is an important facet of GDPR and is likely a future privacy law. It is what allows you to request and receive a copy of your personal data. We must comply with an SAR without undue delay and at the latest within one month of receiving your request at no extra cost.

To request your records:
Complete our Enquiry form on our website or email us at [email protected]

8. Retention of Records

Health records are retained as follows:
A minimum of 8 years after discharge.



9. Communication Preferences


We will contact you via your preferred method (telephone, SMS, email, or post). Let us know if your preferences change.



10. Security Measures

We store your data securely on UK-based systems with multiple layers of encryption and restricted access. Data transmission complies with NHS encryption standards.

11. Your Rights

You have the following rights under GDPR:
Access: View or obtain copies of your data.
Rectification: Correct inaccurate or incomplete data.
Objection: Object to data processing in specific circumstances.
Restriction: Limit data processing under certain conditions.

12. CCTV Data

If visiting premises with CCTV:
Images are collected for security purposes and retained for 28 days.
Access is restricted to authorised staff.
You can request access to CCTV data by emailing us on [email protected]
You have the right to block the processing of your personal data at any time by sending an email request to [email protected]
You can also block the processing activity when the operation is unlawful, and you oppose to the erasure of the data. However, blocking is not possible in case of an official investigation.
You can also request for deletion of your data by sending your request to [email protected]
Your data is not shared unless we have the request and permission from you.

13. Complaints and Concerns

If you have concerns about data handling, contact:
Data Protection Officer: FAO: DPO [email protected]
Information Commissioner’s Office (ICO): 0303 123 1113 or www.ico.gov.uk.


14. Updates to This Privacy Policy

We may update this policy to reflect changes in legislation or practice. Please review it regularly for updates.
If you have any questions or concerns, contact us at [email protected]. Thank you for trusting us with your care.

At HS Health Group Limited, our commitment is to provide the highest quality of care and service to all our patients. Your feedback is incredibly valuable to us as we strive to continually improve and enhance our services. We would be grateful if you could take a few moments to share your experience regarding the treatment and services you received. Your insights help us understand what we are doing well and where we can make improvements.

You can provide your feedback by clicking on the link below and completing the form to be sent by emailing it back to us on [email protected] or [email protected].

You can also scan the QR code and provide your feedback through Google review of Trustpilot platforms.

If you wish to speak to us and provide with your feedback or send it to us via post, please refer to the following contact information:

FAO Service Manager

HS Health Group Limited

Read House, Gilbert Drive

Boston, PE21 7TQ

0333 014 7700

However excellent our efforts might be in providing our services to you, there could always be a cause for dissatisfaction in an area of healthcare service such as ours.  It is not feasible, nor desirable, to have a complaint free service as complaints provide the opportunity to continually improve the quality of care we strive to deliver through effective reflection.

If you are unhappy with the treatment or service you have received while under our care, you have the right to make a complaint, have it investigated thoroughly, and have a response with action plans identified.

We provide a range of services to the NHS, occupational health sectors, medicolegal sector, employers, and the public, all of whom are included within this complaint management procedure.

Complaint Process

You may make a comment or complaint either in person, in writing, email or by telephone. The member of staff who receives the complaint should fill in the complaint action sheet and inform you (the complainant) that we will look into the matter and when you can expect a reply.

You will  be contacted within three working days to acknowledge that their complaint has been received, explain the procedure and, where necessary, clarify any issues arising from the complaint.

We have a duty to ask you (the complainant) what you want from the complaint, which may help the us decide the best way to deal with the matter. It is very important for us to record all discussions and document your desired outcome. Any unrealistic expectations can, therefore, be addressed at this time.

Stage 1) Local Resolution

Where a verbal complaint is made, the clinic tries to resolve the complaint by means of local resolution measures. HS Health Group Ltd’ Deputy clinical service lead will collect all the information necessary and speak to you to resolve the complaint. If the complaint resolves, then the DCSL will record the complaint and discuss with the service manager. HS Health Group Ltd management will reflect on the type of complaint and take necessary actions to improve the quality of care and clinical governance. If a complaint does not resolve locally then the DCSL will explain about the stage 2 process of complaint procedure and pass your complaint over to the complaint’s officer/ service manager of the organisation.

Stage 2) Complaint Officer

The second stage is where the complaint cannot be resolved in the clinic then complaints officer (Dipika Khanal) who deals with complaints will follow up the complaint.

If your complaint is directly related to the complaints officer and you feel unable to write directly to them, then instead you should forward your complaint to the Managing Director. We request that all complaints be made in writing to the postal address or to the email address below.

[email protected][email protected]

Postal Address:

Your complaint should be addressed to:

Complaints Officer – HS  Health Group Ltd.
Read House, Gilbert Drive, Boston, PE21 7TQ
Contact telephone number: 0333 014 7700

When Complainants are Not Satisfied

Most complaints are resolved at  Stage 1 and Stage 2 levels. However, in some cases the complainant may not be satisfied following conciliation. We are a member of ISCAS (Independent Sector Complaints Adjudication Service) who will be involved at this stage for complaint review and management. We might also signpost the complainant to the Professional organisation such as Chartered Society of Physiotherapy or Health and Care Professions Council for further advice. This needs to be done within 56 days of the  final response sent at the end of Stage 2 investigation.

Investigating the Complaint

We will acknowledge the receipt of such a complaint within 3 working days and aim to resolve any possible issues within 14 working days of receipt.

Depending on the nature of the complaint, the Complaints Officer will attempt to resolve the matter to the satisfaction of the complainant. If the complaint involves either a clinical matter or staff member’s attitude, the Complaints Officer will, with the patient’s agreement, involve the  staff member concerned or the lead clinician for the clinics.

Replying to the Complainant

The Complaints officer should inform the complainant of the results of the investigation in writing. This should be completed as quickly as possible and will normally be completed within 14 working days. If it is not possible to complete the investigation within 14 working days, the complainant should be informed of the reason for the delay and when they can expect to receive a reply.

The response should include an explanation of how the complaint has been considered, the conclusions reached in respect of each specific part of the complaint, details of any necessary remedial action, and any actions taken / to be taken, because of the complaint.

The complainant should be informed at the end of the letter how to access the next stage of the complaints process if the complainant remains unsatisfied.
On completion of the investigation, a comprehensive response will be put together within the expected deadline.

This response should include the following, as appropriate:

  • a summary of the patient’s treatment
  • an outline of the investigation process.
  • details of the staff involved
  • answers to all aspects of the complaint
  • any statements from staff or notes of interviews held.
  • an apology, where appropriate.
  • copies of any clinic policies, procedures or national guidance, which are relevant to the case; and
  • an outline of any agreed action or risk reduction measures.

Complainants should be advised that they may request an independent review of their complaint and an ISCAS review will be initiated, or it can be done by the complainant  contacting the Healthcare Commission within 56 days of the date of the final response letter.

Time Limits for Making a Complaint

Normally a complaint should be made within 6 months from the incident. However, you can ask for the reasons for the delay and extend the time limits where it would be unreasonable to expect the complaint to have been made earlier and will be evaluated on case basis. This might be because the complainant had not realised there was a problem earlier, was ill or was caring for the patient. It may also depend on whether it is still possible to investigate the facts of the case, in spite of the delay. Wherever possible, you should address the complainant’s concerns constructively, while remaining fair to staff.

The Parliamentary and Health Service Ombudsman

NHS Patients who remain unsatisfied with the local resolution and independent review can also seek further review from the Health Service Ombudsman. They are independent of both the NHS and Private organisations. They can be contacted via their website www.ombudsman.org.uk. They will need to have received a written complaint response from us before they could review your complaint further.

ISCAS: THE CODE STRUCTURE

Please read the attached overleaf for more information on ISCAS’ code of practice for complaints management: ISCAS – Complaints Management.

Share Your Feedback

We’d love to hear about your experience. Your feedback helps us get better.

Raise Your Complaint

Facing a problem? Let us know, and we’ll work to make things right.