GDPR
GDPR Policy
The General Data Protection Regulations (GDPR) came into force May 2018. This gives individuals the right of access/correct their personal data and to prevent it being used for marketing purposes.
The Civil Aviation Authority [CAA] has declared that it is the data controller, and Aviation medical Examiners (AME) are data processors for the data subject being pilot and cabin crew. AME have signed an agreement with CAA to this effect.
AME are also regulated by the General Medical Council and therefore to be compliant with published “Good medical Practice” doctors must maintain accurate contemporaneous client / citizen notes.
Pilot/cabin crew records are kept securely until retirement of the AME [unless limited by ICO data retention periods], then notes forwarded to CAA.
Personal medical data collected by the AME is passed to the CAA and stored on its electronic record.
In addition to personal medical data required by the CAA, I also store the following information usually digitally (digital by default paper by exception):
Where the record is digital, it is encrypted
Pilot / cabin crew consent form, test results, reports from other Health Care Professionals (including not limited to consultants GP counsellor physiotherapist).
Those paper records that can be pragmatically digitised are disposed of securely after being digitised.
Your data protection rights
Under data protection law, you have rights including:
Right Of Access: right to ask for copies of personal information
Right to rectification: right to ask to rectify information you think is inaccurate.
Right of erasure: right to ask to erase personal information
Right to restriction of processing: right to ask us to restrict of information in certain circumstances.
(If however the AME has concerns that a pilot /cabin crew is providing misleading information or falsely not disclosing information [NON DISCLOSURE] in effort to falsely acquire/retain/renew/revalidate a pilot /cabin crew medical certificate, this right will not apply, and the AME’s will flag that concern to the CAA.)
Right to data portability: right to ask for transfer of information you have provided us, to be transferred to another organisation (such as airline employer or its regulatory authority for pilot /cabin crew licensing)
How to complain:
Concerns about possible or actual data breach, complain to the Information Commission Office.
Complain raise a concern about Dr Nicol's "behaviour, health or performance" then contact the GMC
https://www.gmc-uk.org/concerns/raise-a-concern
Complaint: you are unhappy with the outcome of CAA certification?contact CAA seeking secondary review
The request for a secondary review and any accompanying supporting documents may be submitted by e-mail to medicalweb@caa.co.uk
Rest assured I will never retain or share your data for marketing purposes. I will notify you (& CAA/ICO) if your data is compromised.
To help me quickly source accurate comprehensive information from you and reduce delays associated with sourcing the information I may need to ask GP other health care professionals provide; I encourage patients to register with their GP** to hold their OWN full medical record such as app called “Patient access”
https://www.patientaccess.com/
(if their GP uses a system called EMIS, as EMIS provides that app).
**You will usually need to sign consent form at GPractice asking to be enabled to FULL access to the record (as opposed to more common LIMITED access for repeat prescriptions and appointments)
Additional valuable information for assessing your medical state is evolving and use of apple Watch series 5
https://www.apple.com/watch/
has been invaluable in alerting a pilot to an important condition of Atrial Fibrillation.