Data Protection and Information Governance
At Dr Arshad Health Associates, we have a clear direction on Policy for security of information within our practices. The policy will provide direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information.
To establish a framework for the management of personal data in compliance with international data protection laws, ensuring the confidentiality, integrity, and availability of patient information.
This policy applies to all staff, processes, and information systems at Dr Arshad Health Associates, encompassing all personal data collected, processed, and stored.
Dr Arshad Health Associates is committed to protecting the privacy and security of personal data. We adhere to the principles outlined in the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, relevant international standards and according to the Government of Pakistan regulations. Our goal is to manage information responsibly, ensuring that patients’ rights are respected and upheld.
We ensure compliance with all applicable data protection laws and regulations.
We collect and process only the personal data necessary for the purposes of patient care and operational efficiency.
We provide clear and accessible information to patients regarding how their data is collected, used, and shared.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or damage.
We ensure all staff are trained in data protection principles and understand their responsibilities regarding information governance.
We uphold the rights of patients under data protection law, including the right to access their data, rectify inaccuracies, and request erasure when applicable.
Data Protection Officer (DPO)
Staff Responsibilities
Personal data will be collected only for specified, legitimate purposes and will not be processed in a manner incompatible with those purposes.
Personal data may be shared with third parties only when necessary for patient care or as required by law, with appropriate safeguards in place.
Personal data will be retained only for as long as necessary to fulfil its purpose and in accordance with our retention rule.
Any data breaches or security incidents must be reported immediately to the DPO, who will take appropriate action and notify the relevant authorities as required.
This policy is usually reviewed annually and updated as necessary to reflect changes in legislation, best practices, and organizational needs.
