Privacy Policy – GDPR

Who has access to your medical records?

  • The medical records service Healthpath Pro, which stores and processes our encrypted files;

  • Joanne Lee so that I can provide my services to you.


I am bound by rules of confidentiality. Exceptions to confidentiality rules apply if there is disclosure by you of any risk or intention of self-harm or harm to others.

Your records are kept safely, and their contents may not be disclosed to anyone without your authorisation, or unless the law authorises or compels us to do so.

Fair Processing (Privacy) of Personal Data Notice

Being transparent and providing accessible information about how I will use your personal information is a key element of the Data Protection Act 1998 and the EU General Data Protection Regulations (GDPR).

The following notice reminds you of your rights in respect of the above legislation and how I will use your information for lawful purposes to deliver your care and fulfil my legal obligations.

This notice reflects how I use information for:

  • The management of client records;

  • Communication concerning your clinical care;

  • Ensuring the quality of your care and the best clinical outcomes are achieved through clinical audit and retrospective review.

Data Controller

I am the data controller for any personal data that I hold about you.

What information do I collect and use?

All personal data must be processed fairly and lawfully, whether is it received directly from you or from a third party in relation to your care.

I will collect the following types of information from you or about you from a third party (provider organisation) engaged in the delivery of your care:

‘Personal data’ meaning any information relating to an individual that can be directly or indirectly identified from the data. This includes, but is not limited to your name, date of birth, address, postcode, telephone numbers and next of kin.

‘Sensitive data’ such as medical history including details of appointments and contact with you, medication, emergency appointments and admissions, clinical notes, treatments, results of investigations, supportive care arrangements, social care status, race, ethnic origin.

Your healthcare records contain information about your health and any care you have received previously from me, but may also contain records from any health care provider that I have referred you to or that you have submitted to me to keep on file (e.g. from a hospital, NHS GP surgery, community care provider, mental health care provider, walk-in centre, social services). These records will be in electronic format.

I use a combination of technologies and working practices to ensure that I keep your information secure and confidential.

Why do I collect this information?

As I am running a private Clinic, and not an NHS practice, I am NOT routinely required to provide information to the health service in England in order to review performance, services and research or education.

However, I am required by law to notify the relevant authorities in the case of certain infectious diseases or significant events that are in the interest of the public or vulnerable individuals. Information provided will always be anonymous whenever possible.

How do I use this information?

To ensure that you receive the best possible care, your records will be used to facilitate the care you receive. For example, recording allergies and details of current medications on your record will help to prevent contraindications with supplements that might be suggested. Information may also be used for internal clinical audit to monitor the quality of the service that I provide.

How is the information collected?

Your information will be collected initially via your secure patient portal and a medical record created in your name on my electronic medical record platform Healthpath Pro.

Your data is protected using state-of-the-art security, is fully backed up and highly encrypted.

Who will I share your information with?

I do not share your medical information with your NHS GP surgery without your express consent.

However, to deliver and coordinate your healthcare, I may share information with the following organisations:

  • Any private consultants, hospitals, or clinics that you request me to refer to or consult with

  • Your NHS GP surgery if you request me to send them a copy of my records

  • I use several different pathology and laboratory services for investigations. From time to time, I may need to discuss your clinical presentation with the relevant clinical advisors from these services to better interpret a functional test. You will be asked to consent to this before the test is ordered.

By sending me your details, health records etc you consent and accept that it may be necessary for me to forward these clinical details electronically or in other formats.

I have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask me to delete your records if you wish. Otherwise, I will retain your records indefinitely in order that I can provide you with the best possible care should you need to see me at some future date.

Your records are stored as follows:

  • on paper, in locked filing cabinets, and the room is always locked out of working hours.

  • electronically (“in the cloud”), using a specialist medical records service called Healthpath Pro. This service is fully compliant with GDPR.

  • On my office computer. This is password-protected and backed up regularly.

I will never share your data with anyone who does not need access without your written consent, and I will never share, rent or sell your contact or health details to any other third parties or companies for marketing purposes.

Who do I receive information from?

Whilst I might share your information with the above organisations, I may also receive information from them to ensure that your medical records are kept up to date and so that I can provide the appropriate care.

You can view the contact details I have for you and your health records including your individualised lifestyle recommendations, laboratory test results, medications and supplements usage charts by logging in to your patient portal. You can access the patient portal at home using a password chosen by and known only to you. If you forget your password, you can use the link on the login screen to reset it.

Full details of how to access your patient portal will be supplied when you become a registered client.

You have the right to see what personal data of yours I hold, and you can also ask me to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask me to erase your records.

Requests for personal data or complaints need to be sent in writing to the Data Controller. Here are the details you need for that:

Data Controller

Joanne Lee – Health

Potwell copse

Arundel Road


West Sussex

BN18 0QP

If you are not satisfied with my response, then you have the right to raise the matter with the Information Commissioner’s Office.

Consent and Objections

Do you need to give your consent?

The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps build trust and enhances a reputation. However, consent is only one potential lawful basis for processing information. Therefore, I may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. I will contact you if I am required to share your information for any other purpose which is not mentioned within this notice. Your consent will be documented within your electronic patient record.

What will happen if you withhold your consent or raise an objection?

You have the right to write to withdraw your consent at any time for any particular instance of processing, provided consent is the legal basis for the processing. Please contact Joanne Lee – Health for further information and to raise your objection.

Your Right of Access to Your Records

The Data Protection Act 1998 and General Data Protection Regulations allows you to find out what information is held about you including information held within your medical records, either in electronic or physical format. This is known as the ‘right of subject access’. All your information is held on the portal which you have unlimited access to.


My aim is to be as transparent and open as possible with all of my clients and I will always endeavour to deliver the best service possible. In the event that your feel that I have not complied with the current data protection legislation, either in responding to your request or in my general processing of your personal information, please raise your concerns in the first instance in writing to me, Joanne Lee at Joanne Lee – Health, Potwell Copse, Arundel Road, Walberton, West Sussex, BN18 0QP.

If you remain dissatisfied with my response you can contact the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF – Enquiry Line 0303 123 1113 or online at

Price Changes for Products and Services

There may be occasions where price changes are implemented and these can occur without warning. However, I will uphold the advertised price on the day of your booking.

If you are experiencing difficulty with any content, require assistance with any part of my website, or would like to request any information in an accessible alternative format, please email me at during normal business hours or message me through your client portal and I will be happy to assist.