Skip to content
Healix

Healix Privacy Notice for HHS Providers

Healix Health Services (Healix) is committed to a high standard of data protection and information security as demonstrated by our ISO27001 Certification and compliance with applicable law including the UK General Data Protection Regulation (GDPR), the UK Data Protection Law and any other applicable data protection law and regulation. The purpose of this Privacy Notice is to describe how Healix collects, uses, retains and discloses your personal information.
Last updated: 25th August 2023

Who is collecting your personal data?

The Data Controller responsible for your personal data is: Healix Health Services (Healix) Healix House, Esher Green, Esher, Surrey, KT10 8AB

We are a company registered in England and Wales with registration number 3945478. For the purposes of the Data Protection laws that apply, such as the GDPR, we are the ‘Controller’. 

If you want to contact us regarding this Privacy Notice and our data protection compliance please find our contact details in the ‘Contacting Healix’ section of this Privacy Notice.

Healix will process your personal data for the purpose of: 

  • Registration of your services; 
  • Associated administration, including but not limited to policy and claims administration; 
  • Fraud prevention; 
  • Payment for your services; 
  • Enquiries into your professional practice in connection with your registration.

How we collect personal information

Healix will collect information directly from you when you complete the registration process to be become a recognised UK provider with Healix Health Services. Healix may also collect publicly available information about you to assess your qualifications and performance. During the registration process you will be asked to provide the following information: 

  • Provider details: Title, name, gender, billing and correspondence address, post code, email address and telephone number.
  • Secretary details: Title, name and phone number.
  • Specialities: Such as specialist area or anaesthetist, sub-specialities, paediatrics, and further details. 
  • Qualifications: The professional or regulatory body, registration number and indemnity cover. 

Healix will also collect the following provider specific information: Fees, Practice privileges, bank details and confirmation of use of HealthCode for billing and communication purposes.

Lawful Basis for Processing

Healix will only use your personal data where we have a legal basis to do so; we determine this based on the purpose for which we have collected your personal data.

Consent: We collect and use your personal data as necessary to fulfil our legal and contractual obligations when using you as a Provider. We will require personal data from you, in particular during the registration process. The data collected is of a minimal amount but necessary to fulfil the purposes listed above. We ask for your consent during the registration process to process the data for these purposes.

You should be aware that you can withdraw your consent at any time.

What Information, Purpose and Disclosure

All the personal data we collect is relevant and limited to what is necessary in relation to the purposes for which it is processed, this is in accordance with the data minimisation principle of the GDPR Article 5(1) (c).

The following table lists the types of personal information collected by Healix, the purposes for which it is used and who it is disclosed to.

Personal InformationWhat is it used for?

(Purpose)

Who is it disclosed to?
Provider details

To positively identify and communicate with you as a registered provider.

Added to the HHS Provider Network.

Members and clients 

Speciality and Practising Privileges

To match the need of members to your speciality and location.

Members and Clients

Secretarial Details

Ongoing communication

Members

Qualifications, Registration and Insurance

To perform due diligence

Not shared

Fees and billing information

To enable billing and payment

Members and clients

Bank details

For BACS payments

Not shared


Transfer of Personal Data

Healix offices and IT infrastructure is located in Esher, UK and the main processing activities will be carried out by our employees in the UK, for which we have a Data Protection regime in place to oversee effective and secure processing. There may be instances where we have to perform cross border transfer of personal data, for example if you are located or have provided treatment outside the UK and we therefore make payments for treatments in other EU countries. This will still be covered by data protection and information security measures we have in place to protect your personal data.

How we store data

Your personal information is held on secure servers in the UK. Healix always aim to minimise the amount of data processed and has strict organisational and technical measures in place to protect your data at all times in compliance with our ISO27001 Certification, best practice information security, the UK General Data Protection Regulation, UK Data Protection Act 2018 and Confidentiality: Good Practice in Handling Patient Information by the UK General Medical Council.

How long we keep the Personal Data

Healix will keep a record of the Provider details including the personal data for the duration of the engagement with you. If you no longer wish to be a Registered Provider with Healix please contact UKProviderNetworkTeam@healix.com. We will then make your information inactive in our database to prohibit further processing. Healix will keep a record of any billing and processing activities in accordance with the Healix Data Retention Policy.

Your rights

Under Data Protection legislation, you have rights in regards to your personal information. You can exercise your rights by contacting Healix Global Data Protection Officer. You have the right to:

  • Request access to your personal information and receive information about how Healix process it (Subject Access Right – please see below).
  • Be informed and provided with clear, transparent and easily understandable information about how Healix uses your personal data. This Privacy Notice is provided for this purpose.
  • Request rectification of the information held by Healix if it is inaccurate.
  • Request that Healix erase the information if it has been collected without adherence to legal requirements or is no longer needed.
  • Request restriction of the data processing activity in situations where you believe Healix no longer need to process your personal data.
  • Complain if you consider Healix has breached its privacy obligations.

Subject access right

You have the right to access Personal Information held about you. To do so please provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.

Contact Healix or make a complaint

Please contact us if you have any questions about anything in this document or think that your personal data has been misused or mishandled:

  • privacy@healix.com, or Healix Global Data Protection Officer, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK.

You can also make a complaint to the Information Commissioner, who is an independent regulator if you do not believe Healix has addressed your concerns: casework@ico.org.uk

A new version of this website is available.