top of page



At MSK Doctors, we protect your privacy and take our responsibilities under data protection legislation seriously.


User Provided Information


Personal information provided to MSK Doctors & Associates Ltd by you will only be used for the purposes stated when the information is requested, such as creating a self-referral. Information received by external referrers, such as your GP or another healthcare professional, related to you will be treated similarly.


The personal data we collect includes

  • Personal details such as full name, date of birth, gender, marital status, ethnicity

  • Address and contact details including e-mail address and phone numbers

  • Emergency contact details and next of kin

  • National Health Number

  • Details of other healthcare professionals involved in your care

  • Financial information as part of our billing system

  • Details of your private medical insurance


We also collect details related to your medical care such as

  • Details about your current and past medical and mental health history including treatments by other clinicians

  • Medical records of past treatments and investigations

  • Imaging such as ultrasound, x-ray and MRI reports, images and videos


We also collect information directly from you through our Patient Reported Outcome Measures (PROMS) questionnaires.


Please be assured that personal information will not be sold to third parties, or provided to direct marketing companies or other such organisations without your express permission. Personal information collected and/or processed by MSK Doctors & Associates Ltd is held in accordance with the provisions of the General Data Protection Regulation (GDPR) 2018.


How we store information collected

Information which you provide to us will be stored either on our secure servers or our Medical Management System, whose servers are hosted in London who complies with all EU privacy regulations including GDPR. Personal data is kept as long as necessary to comply with legal and regulatory requirements in line with the Information Governance Alliance Records Management Code of Practice for Health and Social Care 2016.




Information security


We work hard to protect MSK Doctors & Associates Ltd, our systems and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems and data.

  • We restrict access to personal information to MSK Doctors employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.

  • We encrypt any sensitive data that needs to be provided outside of MSK Doctors for both agents and patients.  


Accessing and updating your personal information


The General Data Protection Regulation 2018 gives you the right to access information held about you. We aim to provide you with access to your personal information. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate – unless we have to keep that information for legitimate business or legal purposes.

To do so, please contact our Data Protection Officer using email:



Personal data will be used for the following

  • Arranging appointments, investigations, procedures and surgery

  • Ensuring that you are receiving the appropriate care

  • In response to queries, complaints and concerns

  • Quality assurance by evaluating your treatment and outcomes

  • Processing invoices and payment

  • Disclosure to another healthcare professional for further treatment e.g. physiotherapy or to the referring clinician



Legal Disclosure


Please note: we may be legally obliged to disclose your personal information to third parties if we are under a duty to disclose or share such information as necessary in order to prevent and detect crime, protect public funds and make sure the personal information is accurate. These third parties include government departments, local authorities and some private sector organisations, but this will only be in the exceptional circumstances listed above.


Compliance and cooperation with regulatory authorities


We regularly review our compliance with our Privacy Policy. We also adhere to national data protection regulations. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.



If you are unhappy with the way we have dealt with a request from you with regards to GDPR or if you think we have not complied with our legal obligations, you can make a complaint to the Information Commissioner’s Office (ICO). We would appreciate you informing the Data Protection Officer of the issue and allowing them to address the complaint before contacting the ICO. Making a complaint will not affect any other legal right. More information can be found on the ICO website:

Contact Details for the ICO:

Information Commissioner’s Office

Wycliffe House

Water Lane





Telephone: 0303123113 or 01625457549

bottom of page