Dr Naveed Younis (Consultant Endocrinologist & Diabetologist)

Privacy Policy

Introduction

At Dr Naveed Younis (Consultant Endocrinologist & Diabetologist), we take the privacy and security of your personal information seriously. Our privacy policy describes the principles and practices that govern how we handle your data as a patient, as well as with respect to our staff in medical, law, research, and education. It details how we collect, use, disclose, and protect data, and is compliant with applicable guidance and legislation governing data protection. Your trust is of paramount importance to us, and everything that we do is underpinned by openness and accountability in terms of how we manage information. If you have any concerns or would like further clarification about our approach to privacy, please email [email protected] or phone 206-304-3209.

Our Identity

Dr Naveed Younis is an award-winning NHS Consultant in Endocrinology, Diabetes and General Internal Medicine. Dr Naveed Younis’s professional role is based at Wythenshawe Hospital, Manchester University NHS Foundation Trust. Dr. Younis is also a private Medical Doctor with offices in the United States. Our registered address is 1000 2nd Ave Ste 850, Seattle WA 98104. Dr Younis is a sole practitioner and acts as a Data Controller, with primary responsibility for all data processing and protection procedures in place throughout the organisation. We deliver specialist clinical consultations, medico-legal services, training, education and research leadership to clients and partners throughout Greater Manchester, North West England and the United States of America.

Scope of This Privacy Policy

This privacy statement governs the personal information collected, processed, or stored by Dr Naveed Younis (Consultant Endocrinologist & Diabetologist) pursuant to the services provided. This encompasses all personal information collected via the website (https://diabetes-dr.com/), through correspondence by email, telephone, in-person at clinics, and through participation in research projects or medical education activities. The statement applies to patients, legal representatives, medical students and trainees, researchers, and website visitors. The use of services and/or submission of information implies acceptance of the terms and conditions set forth in this privacy statement.

Information We Collect

We collect a variety of personal information in order to provide our services properly and safely. The list of personal information that we may use includes the following:

  • Contact information: name, address, telephone number, e-mail address
  • Identification information: date of birth, age, gender and, where applicable, details of identity (such as your GMC number for professionals)
  • Medical information: health condition, details of current and/or past prescribed or over-the-counter medications taken by you, laboratory data, radiology results, reports relating to examinations carried out in connection with your attendance at a consultation or participation in a clinical trial
  • Details of legal cases and legal sessions undertaken: name, type and details of legal case including all associated documents for medico-legal clients data
  • Professional qualifications: for trainees and other collaborative individuals, qualifications, details of training received and work experience with respect to practice
  • Correspondence and communication records: e-mail correspondence, telephone conversations and written correspondence
  • Finance and fees: payment details for private consultations or medico-legal appointments
  • Website usage data: IP address, browser type and version, pages visited and other details obtained through cookies or similar website analytics technologies (see section below ‘Cookies and Website Analytics’)

We will collect information from you, from referring professionals, from legal representatives, or publicly available sources if appropriate.

Use of Information

We use your personal information for the following purposes:

  • To perform clinical consultation, diagnosis, and treatment in endocrinology (diabetes and general internal medicine).
  • To prepare medico-legal reports and provide expert witness testimony in courts.
  • To manage and run clinical research trials including recruitment, data collection, and statistics.
  • To provide educational services and training to medical trainees and experts.
  • To communicate with you about appointments, results, bills, educational products, and research studies.
  • To fulfil our legal and regulatory obligations such as maintaining medical records and reporting requirements.
  • To develop and enhance our services, website, functionality, and user experience via analytics and feedback.
  • To perform business functions including administration, accounting, quality assurance, and audit.

We will never use your information for any other purpose that is incompatible with those described in this policy without your explicit consent.

Lawful Bases for Processing

We process Personal Information on the basis of appropriate legal grounds for processing Personal Information under applicable data protection laws (including but not limited to Article 6 of the EU General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA), where applicable), including the following:

  • Consent: Where you have given us clear consent to process your information for a specific purpose.
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (for example, because you have requested the provision of medical consultations or medico-legal services).
  • Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
  • Vital interests: Where processing is necessary to protect your vital interests or those of another natural person (for example, in relation to emergency medical situations).
  • Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and there is no overriding prejudice to your rights and interests (for example, quality assurance and research).

Collection of Information

We obtain information in a range of ways depending on your engagement with us:

  • Directly from you: When you contact us by phone, email, website forms, or in person, we may collect personal and medical information.
  • From referrers: We may obtain personal information, with your permission, from your GP or other consultants or lawyers you refer to us, such as to enable the provision of your care or expert opinions.
  • From consultations: Information is gathered and recorded in the course of clinical or medicolegal appointments or consultations, including verbal histories, clinical notes, and test results.
  • As part of research activity: Information is gathered in the course of clinical trials or research activities which are undertaken according to relevant study protocol and ethics approval.
  • From website usage: We may use cookies and website analytics tools to obtain information about usage of this website, which we use to help improve our online services (see ‘Cookies and website analytics’ below).

We take all reasonable steps to ensure that all information we collect is relevant, accurate, and current.

Confidentiality and Protection of Your Information

Protecting the confidentiality and integrity of your personal information is a top priority. We use various technical, administrative, and physical measures to protect the confidentiality and integrity of your personal information. For example:

  • Secure electronic health record systems with access controls and encryption
  • Password-protected network and/or computer drives for personal health files
  • Locked filing cabinets for physical and paper files and records
  • Training of staff on information protection measures and the importance of maintaining confidentiality
  • Limiting access to sensitive or confidential information to those who need access in order to provide services to you or otherwise have authority to access such information
  • Periodic review and auditing of our security processes to evaluate the effectiveness and adequacy of measures in place to manage and reduce risks

We comply with any applicable professional codes of conduct (including the General Medical Council) and legal obligations governing the use and handling of confidential health and medical information.

Disclosure and Sharing of Information

Your personal information is only shared when necessary, appropriate, and lawful. Some circumstances where we might need to share your personal information include:

  • With other health professionals directly involved in your care (e.g., with your general practitioner, other specialists, or hospital staff) – always with your knowledge and consent where practicable
  • With other lawyers and the courts/tribunals, when we are supplying medico-legal reports, expert witness reports, or giving evidence – always in compliance with court orders or other lawful requirements
  • With research scientists/collaborators, ethics committees, regulators, or professional indemnity insurers, when you are a participant in a clinical trial or research project – strictly in accordance with applicable consent protocols (and anonymised if required)
  • With our service providers (e.g., information technology, billing, administrative support services) who help us deliver our services to you – strictly in accordance with our confidentiality obligations
  • As required by law, including in response to valid requests from public authorities, regulators, or law enforcement agencies

When we do share information, we don’t sell or rent it to third parties. Sharing occurs in strict accordance with applicable laws and with the protection of confidentiality of the information when doing so.

Transfer of Information Outside of the United States

Because of the global nature of our business, i.e., we have clients in the UK and the US, some of your data might be processed or stored in certain countries outside the country where you currently live or work. For your protection, we will take reasonable steps to ensure that any cross-border data transfers are consistent with applicable data protection law and that your personal data is given an adequate level of protection, such as contractual clauses, data transfer agreements, or certification schemes required or applied by law.

Retention of Data and Information

We only retain your personal information for as long as we are required to do so for the purposes we collected it and for legal and regulatory compliance and clinical requirements. Typical timescales are as follows:

Medical recordsA minimum of 8 years post-cessation of treatment or discharge from hospital. Longer periods apply to records of certain specific conditions such as diabetes or to paediatric patients.
Medico-legal/Expert witness filesA minimum of 6 years post-cessation of treatment or discharge from hospital or as otherwise required by statute.
Research dataIn line with study protocols/ethics approvals/regulatory requirements, commonly 5-15 years.
Account and finance/billing recordsA minimum of 7 years for accounting/tax/statutory obligations.

We use secure appliances to destroy or anonymise information once it is no longer required.

Your Rights Regarding Your Information

Depending on where you are located and the law that applies to you, you may be entitled to the following rights with respect to your personal information:

  • Access: You have the right to obtain a copy of personal data we hold about you.
  • Rectification: You have the right to request and receive correction of inaccurate personal information.
  • Erasure: You have the right to request deletion of your personal data – note that we do maintain records to comply with legal obligations and for clinical recordkeeping purposes.
  • Restriction of processing: You have the right to request that we cease any use of your personal information.
  • Portability: You have the right to request provision of your personal data in a structured, commonly used, and machine-readable format.
  • Objection: You have the right to object, on grounds relating to your particular situation, to certain processing activities (e.g., marketing permissions – we currently do not market our services).
  • Withdrawal of consent: Where we rely upon your consent in order to process your information, you can withdraw such consent at any time (subject always to any contractual or legal restrictions which might apply).

You may exercise your rights by contacting us at [email protected] or (206) 304-3209.

Cookies and Analytical Information

Our site (https://diabetes-dr.com/) uses cookies and similar technologies to help us to improve your experience when you browse the site, for purposes of website analytics and to improve our services. Cookies are small text files that a web browser places on your computer. The following types of cookies are used on our site:

  • Essential cookies: Required for the functioning of the website/website features.
  • Performance and analytics cookies: Help us analyze how visitors use our website, where they have come from, which pages they visit/what the visitor watches online and keeps track of what users access.
  • Functionality cookies: Allow the website to provide enhanced functionality and personalization.

You can manage your cookies preferences in your browser. If you require additional information or wish to opt out of analytics, please contact [email protected]. We would like to point out that we do not use cookies for advertising or commercial profiling purposes. For more details, see our Cookie Policy.

Privacy for Children

We safeguard the privacy of children and other susceptible individuals. Our services may include processing information about youth, for example in the context of clinical or research settings. Where information is processed about individuals who are minors at the time of collection, we will obtain parental or guardian consent for the collection and general processing of such data, excluding emergency contexts. Records relating to minors are treated with a higher degree of confidentiality and stored in accordance with the law.

Links to Third Party Websites

Our site may contain links to other sites. These sites may be affiliated with us or with other medical institutions, professional, or research organizations. However, we are not responsible for the privacy policies or the content of these other sites. We encourage you to review the privacy policies of any third-party sites before submitting any personal information. This privacy policy only covers information collected by us, Dr Naveed Younis (Consultant Endocrinologist & Diabetologist).

Our site’s lawful basis for processing: Legitimate Interests

Clinical Research and Data Protection

For those taking part in clinical research trials under the responsibility or coordination of Dr Naveed Younis, particular emphasis is given to compliance with Good Clinical Practice (GCP) principles, approvals for conducting research received from ethics committees, and the relevant regulatory requirements relating to the use and protection of health data. The research data are collected, retained, and analysed in a manner compliant with these standards and with strict attention to participant confidentiality, for example by restricting use of preparatory or interim unclean datasets, and the primary dataset may be de-identified or coded. Access to research data is proactively limited to authorised personnel only, and shared with research partners or regulators as per study protocols or law. Participants are given comprehensive information sheets and informed consent forms explaining how study data may be used, retained, and processed. For more information, please visit our Clinical Research page.

Processing of Medico-Legal Data

Barristers and solicitors using medico-legal expert witness services can be assured that information in relation to individual cases is stored and transmitted confidentially, securely, and with the very highest professional integrity. Medico-legal case files, reports, court bundles, and correspondence are stored and transmitted encrypted wherever possible. Access to medico-legal records is limited to Dr Naveed Younis and selected administrative staff. Disclosure of medico-legal information to courts, solicitors, or other third parties will be strictly on the basis of legal and court requirements or as determined under Bond Solon code of conduct for expert witnesses.

Private Patient Consultations and Data Protection

Patients seeking private care have the right to expect their medical and personal details will be respected in the most confidential way. Patient records are held in secure, encrypted electronic health record systems, or locked hard-copy files. Information is only shared with your specific permission, apart from where it is necessary to protect your safety or fulfil statutory obligations. At any time, you have the right to request access to your record or request that your information is updated or corrected, or raise concerns about how your personal information is stored.

Educational and Professional Data and Privacy

Trainees, health professionals, and collaborators engaged in educational activities or the supervision of trainees may have their professional data, including name, title, and training records, processed for administrative services such as certification, accreditation, and educational services. This data is utilized solely for the provision of services and potential certification and compliance programs. It shall not be disclosed to third parties except with your knowledge and consent, or to an accrediting body where applicable.

Breach Notification Process

We take measures to safeguard our physical and technical environment, but a data breach can still happen due to an event outside of our control. If a data breach occurs which may lead to a risk of adversely affecting your rights or freedoms, we will inform you without undue delay. In that case, we will provide you with information on the nature of the breach, what data was involved, steps we have implemented to mitigate the breach, and actions you may wish to take or may be required to take. We also notify supervisory authority of serious breaches pursuant to legal obligations. Staff is trained so they can respond to incidents quickly, and we carry out regular reviews of processes to manage security risk.

Your Obligations and Keeping Information Current

  • Provide accurate and complete information when engaged in comparison research, consultation, or legal work.
  • Notify us of any changes to your contact information, medical history, or business information.
  • Use secure methods when communicating sensitive information (i.e., encrypted email or personal phone calls).

Keeping your information up-to-date and accurate will help to maintain the highest quality of services rendered and privacy of your personal information.

Complaints and How to Contact Us

If you have any concern or complaint about how your individual information (or that of another person) is used or processed, we would invite you to bring this directly to our attention at [email protected] or (206) 304-3209. We take all concerns seriously and will investigate and respond to your query as expeditiously as possible. You may also have a right to complain to the relevant data protection authority in your country of residence (such as the Information Commissioner’s Office in the United Kingdom, or the U.S. Department of Health and Human Services, Office for Civil Rights).

Changes to This Policy and your Consent

We may update our privacy policy from time to time to account for changes in our practices, applicable legal requirements, or the services we provide. We will make any updates available on our website (http://diabetes-dr.com/) with an effective date clearly stated. It is your responsibility to review this policy periodically and remain informed about how we protect your information. Your continued use of our services or website following any changes will be considered acceptance of the revised policy.

How to Reach us

For inquiries, requests, or additional privacy information, our privacy and compliance officer is:

Dr Naveed Younis (Consultant Endocrinologist & Diabetologist)
1000 2nd Ave Ste 850, Seattle WA 98104
Phone: (206) 304-3209
Email: [email protected]
Website: https://diabetes-dr.com/

Business hours: Monday through Friday, 08:00-17:00
Patients, attorneys, research associates, and trainees are all welcome to direct any questions or concerns to us.

Summary and Promise

Respect for your privacy is an essential part of the trust and confidence of our clinical, medico-legal, research, and educational practice. At Dr Naveed Younis (Consultant Endocrinologist & Diabetologist), we are committed to managing your personal data in the most confidential, professional, and secure way possible. We believe that transparency, respect, and accountability are the foundations of our work with each one of our patients, clients, and collaborators. Thank you for engaging with our services and for trusting us with your privacy.