Information for Claimants about their medical examination

The Expert is an accredited expert, who is able to examine your injuries and write a medical report, as part of the Litigant in Person system that you are enrolled in. Once you have been examined and approved the report, the compensator (insurance company of the party at fault for the accident) will use this as the basis for your compensation.

As a litigant in person dealing with your own claim, The Expert pledges to deal with your claim with integrity, fairness and diligence. Although they are acting for you, their over-riding duty is to the Court, so it is important to understand that although they are sympathetic to all of your symptoms and allegations, their report must say whether on the balance of probability i.e 50% of more whether the symptoms you have in each area are or are not related to the accident for which you are claiming for. The Expert will always explain to you the basis of their opinions in their final report.

If at any stage during the process you have any questions or comments, please do not hesitate to contact the administration team who can be reached via telephone, text message, livechat or email.

Booking Your Medical

On receiving your case, we will add this to our secure case management system and you will be sent a link our simple portal, which allows you to book your own appointment if you so wish. If you want to speak us at time of booking your appointment, please contact us. If we do not hear from you we will attempt to call you in order to book the appointment.

Once the appointment is booked you will receive a text message and an email with the details of your appointment. Should you wish for a letter to be sent please let us know.

When the appointment is booked, you will be sent a link in order to find the venue.

It is important that the appointment is convenient to you. If you have any issues attending the appointment, please contact us as soon as possible so that we can address this.

We will remind you of the appointment before it takes place.

Attending the Medical

Please remember to bring some photo ID with you to the medical examination. Ideally this would be your passport or driving licence. If you do not have one of these please considering bringing work ID, education ID or a travel pass.

Please try and attend your appointment on time and we ask that you do not arrive too early, but please allow time for traffic, finding the clinic and parking. If you are late we will always do our best to accommodate you.

The appointment will result in you having to undertake a medical assessment of the affected area(s). It is advisable that you wear loose fitting clothes. If you wish to take a family member, friend or carer to act as a chaperone or interpreter, you are most welcome to do so.

The Expert will need to know lots of details about the accident, your injuries and treatment. It is important to be prepared for the questioning nature of the examination. It maybe helpful for you to take a note of any relevant dates of treatment if you need to.

Once the medical has taken place, the report will then be produced and uploaded to the Official Injury Claim site. From here you can review the report. Should you wish to correct any factual inaccuracies within the report, there is the function available to send such a request to The Expert.

The most important thing to remember about your examination is that it will be relaxed and friendly. It is not an inquisition or a cross examination! Simply be open and honest about your injuries and symptoms and how they have affected you since the accident. If your symptoms have improved or gone away, don’t think you have to report or display ongoing problems if they are better. Simply tell it “how it is” and the Expert will report  on these even if there is nothing to actually see on examination or bothering on the day of the appointment.

Our Service Pledge

In addition to our commitment to treat each claimant with courtesy, respect and dignity, we also aim to offer firm timelines to deliver your report. These include:

• Offer you a choice of appointments within 4 weeks of your choosing me.
• See you within 10 minutes of your designated appointment time.
• Complete your report as you see me.
• Explain my findings to you at the time of the appointment.
• Upload your report to the LiP Portal within 24 hours of your appointment.
• Deal with any questions or amendment requests within 3 working days. (Respecting the fact that DME has to remain independent).

Data Security & Use of Data

In order to arrange and complete your medical, we will have to process and store the information which you have already provided to us from the Litigant in Person Portal.

This data will be kept confidential and only shared with our contracted secretaries, administrators and IT providers (notably D2Expert) in keeping with the rules on the use and storage of data based on our legitimate interest, which is that you have asked us to conduct a medical on your behalf.

In relation to any special category personal data, such as health records, we rely on the legal claims basis for processing this data, in addition to our legitimate interest.

All of our policies regarding privacy, data and GDPR can be found on our website. If you have any concerns regarding the use of your data, please raise them at your earliest convenience.

Complaints

We acknowledge that we can never get everything right. If at any time you feel we have let you down or there is something that we could improve, then please tell us. You will be given a customer feedback form at the end of your examination, which will be anonymous, so please feel free to help us improve anything that we haven’t got quite right. If you don’t want to fill this in, then just call us or drop us an email.

However, if there is anything that you feel you wish to take further with a more formal investigation then do not hesitate to ask us for our complaints procedure.

Charges

As your case has been accepted onto the LiP Portal, the cost of the medical report will be paid by the compensator, so we will never come to you to ask for money. We understand that occasionally appointments need to be changed last minute or that you forget to come and don’t attend. Please make every effort to do so. We will remind you by text message the day before. However, it is our policy not to charge for such events, as we understand life sometimes gets in the way.

About D2Expert

D2Expert are specialists in medico-legal administration and work on behalf of the expert to provide them with administration services including:

• Booking and Rescheduling of Appointments
• Telephone Call Handling
• Live Chat Handling
• SMS Handling
• Managing Email
• Managing Post
• Other administration tasks

By being your first port of call for any queries, this allows the expert to concentrate on providing examinations and independent medico legal reports. An expert is often unable to answer their telephone if they are already with another Claimant.

D2Expert are available first hand to deal with the query during the office hours of 8:30am to 8pm Monday to Friday. Outside of these hours we have agents who are able to assist in a more limited capacity. 

If D2Expert are unable to assist with your query, they will log the details and ask the expert to contact you.

In summary, D2Expert work for the expert and provide services to them. At all times when you instruct the expert, they are overseeing the whole process and they are responsible for delivering the medico legal report. 

Privacy Notice

1. The Expert provides expert witness services based at the locations listed on their webpage. This privacy notice provides information about the personal information we process about you as a data controller, in compliance with the General Data Protection Regulation (GDPR).

2. Our ICO registration number is listed within Notice.

3. Please contact us with any questions or requests about the personal information we process.

Your rights

4. We are committed to protecting your rights to privacy. They include:

• Right to be informed about what we do with your personal data;

• Right to have a copy of all the personal information we process about you;

• Right to rectification of any inaccurate data we process, and to add to the information we hold about you if it is incomplete;

• Right to be forgotten and your personal data destroyed;

• Right to restrict the processing of your personal data;

• Right to object to the processing we carry out based on our legitimate interest;

The personal data we process, why we process it, where it comes from and the legal basis for doing so

Legal cases

5. We process the personal data of individuals who are obtaining legal advice or are engaged in a legal dispute, and also the personal data of witnesses and others with links to the issues in the case.

6. The personal data may include:

• Names, contact details and dates of birth;

• Health information

7. The personal data are generally provided by the person instructing us in relation to the legal issues, who is usually the Claimant, a solicitor, or other representative.

8. We process the data because it is in our legitimate interests as an expert witness to do so. We need to see and analyse documents containing this information in order to provide our expert advice.

9. In relation to any special category personal data, such as health records or information concerning, race, ethnic origin, or sex is, we rely on the legal claims basis for processing this data, in addition to our legitimate interest.

10. In many cases, an individual has consented to the transfer of their personal data to us. Where an individual has consented, he or she may easily withdraw it by notifying us.

Other personal data

11. We also process personal data pursuant to our legitimate interests in running our business such as:

• Invoices and receipts;

• Accounts, VAT and tax returns;

• Insurance policies and related documents;

12. As an employer, we process personal data further to contracts of employment with our employees. The information includes:

• Names, addresses and contact details;

• Pay and bank details, pay slips;

• Curricula vitae, contracts of employment, references and appraisals;

• Health information ( in reliance on the occupational health exemption contained in the Data Protection Act 2018)

13. Finally, we run report writing and case management systems. Any personal data on the system is held in accordance with the consent of the data subject which can be withdrawn at any time by contacting us.

Retention period

14. Personal data in legal cases is retained, where necessary, for six years in compliance with our professional indemnity obligations. Where this is not necessary, it is destroyed on the conclusion of the case.

15. Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC and the VAT commissioner. Where it is not necessary to retain the data for six years, it is destroyed as soon as possible.

16. Personal data relating to employees who have left our employment is also retained for up to six years as necessary. This is the time limit for bringing a breach of contract claim. In some case we destroy it as soon as the employee leaves.

Whom do we share personal data with?

17. We share personal data internally strictly on a need to know basis.

18. Special category data and personnel files held electronically are encrypted with restricted access. Hard copy special category and other personal data is stored securely with restricted access.

19. We do not share personal data with anyone external to the organisation, other than with:

• Those who have instructed us as an expert witness

• Outsourced service providers such as photocopying companies and digital dictation services, pursuant to GDPR compliant written contracts

• HMRC and the VAT Commissioner as they require

• With others pursuant to a court order

Information Commissioner’ s Office

20. If you have any concerns about the way your personal information has been processed, please contact us. Alternatively, you may contact the Information Commissioner’s Office on 0303 123 1113.

Data Security Policy

1. This security policy is designed to ensure that The Expert complies with the security requirements of the General Data Protection Regulation, and the rights to privacy of data subjects are protected.

2. In compliance with Article 32 The Expert has implemented appropriate physical, organisational and technical measures to ensure a level of security appropriate to the risk.

3. The Expert is based at various locations for medico legal examination purposes.

Security measures

4. The following security measures have been taken: 

Physical

• Office building is alarmed/protected by CCTV cameras;

• Visitors to premises are supervised at all times;

• Areas of the premises where personal data are kept are secured by locks/complex security codes;

• Computer screens are arranged so they cannot be viewed by casual passersby, particularly visitors;

• Hard copy material containing personal data is stored securely and locked away in fire proof;

• Filing cabinets at night;

• A clear desk policy is enforced;

• Hard copy special category data, such as medical records, are kept separately from other;

• Personal data in locked and fire proof cabinets with restricted access;

• Electronic special category data is encrypted with restricted access;

• Passports, driving licenses and any other documents used to check identity are also kept separately, stored securely with restricted access. When stored electronically, the information is encrypted with restricted access;

• Electronic data is backed up off site;

• Any server on the premises is kept in a locked room;

• Shredding of confidential information is carried out securely on site or outsourced pursuant to a GDPR compliant contract;

• Mobile equipment such as laptops are encrypted and locked away when not in use. There is a system in place for issuing them to staff working off site;

• Staff working off site must follow guidelines on the printing and disposal of hard copy material;

• Computers and other electronic equipment are disposed of in a safe manner by an outsourced and certificated provider.

5. Managerial

• This policy is regularly reviewed and The Expert is committed to ensuring it is implemented.

• The Expert is responsible for data protection and has powers to discipline for breaches of this and other data protection policies;

• The Expert has sufficient resources to carry out its role effectively as data protection lead;

• Staff compliance with this policy is monitored by file handling audits and spot checks;

• Staff are trained in data protection;

• Only designated staff may delete data and they receive specific training in this regard;

• Breach of this security policy is a disciplinary offence;

• There is in place a procedure for authenticating the identity of telephone callers, clients and contractors;

6. Technical measures

• Anti-virus and anti-spyware tools are installed on all computers;

• All computers are encrypted and password protected;

• It is a disciplinary offence to share a password;

• Computers are programmed to download patches automatically;

• Computers have automatic locking mechanisms when not in use;

• Staff are prevented from downloading software from the internet onto work computers and laptops;

• They cannot transfer data onto removable devices such as USB sticks and CDs without the authority of The Expert;

• Staff are encouraged to save personal data on their computers in a consistent manner;

• They have access rights to personal data on a strict need to know basis;

• Access rights are monitored and reviewed. They are deleted when a member of staff leaves;

• Staff are forbidden to use their personal email addresses for work;

• Computers, laptops, mobile phones, USB sticks and CDs are encrypted and password protected;

• Personal data is encrypted before it is uploaded onto the cloud;

• Personal data shared by email are encrypted and password protected as appropriate.

7. Security measures are tested and evaluated once a year.

8. Whenever a new project, process or procedure is introduced which carries a high risk to data subjects, a Data Protection Impact Assessment is carried out, at the instigation of The Expert.

Data Protection Policy

1. This data protection policy is designed to ensure that the rights to privacy of individuals are protected. The Expert is committed to the principles set out in the General Data Protection Regulation and has reviewed its personal data processing activities so as to carry on its business as an Expert Witness in compliance with the provisions of the Regulation.

2. Data protection lead: this person is responsible for ensuring compliance with policies and procedures on data protection, for providing any staff training, for conducting audits, risk assessments and data protection impact assessments, for responding to requests from data subjects and dealing with data breaches. He or she also handles queries and complaints from data subjects about the processing of their data, including from any members of staff. The name of the data protection lead is The Expert

3. Data subject: an individual whose personal data is processed.

The expert processes personal data belonging to those who wish to obtain expert advice in relation to legal issues or disputes, and also individuals linked in any way to the circumstances giving rise to those issues. The personal data of any members of staff is also processed.

4. Personal data: any information from which a living individual can be identified, either directly or indirectly. It is not limited to names and identification numbers, or to photographs or addresses.

The categories of personal data The Expert processes include: 

Legal cases

• Names, addresses, dates of birth and other personal data contained in witness statements and other evidence relevant to the legal issues;

• Health information contained in medical records, together with information on sex, race and ethnic origin;

• Personal data in invoices and copy receipts, accounting records, tax and VAT returns and related information;

• Copy passports, driving licenses, utility bills and other documents used to check identity;

Members of staff

• Names, addresses, dates of birth, personal email addresses and telephone numbers;

• CVs, contracts of employment, references, appraisals and salaries;

• Bank details and pay slips;

• Health information;

5. Special category data: information revealing an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic and biometric data, health information and data in relation to a person’ s sex or sexual orientation.

The special category personal data The Expert holds includes:

• Medical and other health records

• Information on sex, race and ethnic origin

6. Processing: covers any activity involving personal data, including holding, storage and destruction. The Information Commissioner says it is difficult to image an activity involving personal data that does not fall within the definition.

7. The Expert processes personal data in order to carry out its work as an expert witness and when carrying out other functions necessary to its business.

8. The data processing activities include: compiling expert reports, taking copies of identity documents and storing them in files or online, sending and receiving emails internally and externally, submitting invoices and filing them with receipts, uploading documents onto the cloud, using a customer relationship management system, holding staff details on hard copy/electronic personnel files, archiving and destroying information.

9. Sharing of personal data: The Expert shares personal internally, and also externally only when necessary to achieve its business purposes. In particular, it shares data with the following: 

• Confidential waste disposal companies

• Digital typing services

• Website providers

• Cloud storage providers

• IT support providers

• Accountants and other professional advisers

• HMRC

• VAT Commissioner

• Companies House

Special category data is encrypted before it is shared. There is no transfer of data abroad.

10. Data controller: decides the why and the how of personal data processing. A controller can be a sole trader, a partnership, a private or public limited company or a large multi-national organisation. It decides why it needs to collect personal data and how to process it. The Expert is a data controller for the purposes of this policy.

11. Data processor: processes personal data in accordance with the written instructions of the data controller. Most of the organisations that The Expert shares personal data with are processors.

12. Legitimising conditions: The processing of personal data is unlawful unless a legitimising condition, or lawful basis, applies. The Expert generally relies on the following legitimising conditions:

• Legitimate interest as a business

• Contract (with employees)

• Consent

When processing special category data, The Expert generally relies on one of the following additional legitimising conditions

• Legal claims

• Explicit consent

The Expert avoids relying on the consent basis where possible. In order to be valid, consent must be freely given and as easily withdrawn as it was to give it.

13. Data protection principles: Where there is a lawful basis for processing personal data, The Expert takes proportionate steps to ensure it carries out its personal data processing activities in accordance with the various conditions or principles contained in the GDPR.

14. Accountability: This principle is designed to ensure that data protection is embedded in an organisation at all levels of decision making and becomes fundamental to its culture. Not only must The Expert comply with the General Data Protection Regulation but it must be able to show it complies. It is for this reason that this policy, and the appended policies have been written. All staff receive training in these policies and The Expert ensures that they are implemented.

15. Data protection by design: This is an aspect of the accountability principle. It means that data protection risks are evaluated and eradicated and reduced at the very earliest stage, whenever there is a significant change in processes or procedures which entail a risk to data subjects. Examples: a substantial upgrade to an IT system, the introduction of CCTV cameras, outsourcing such as engaging a new cloud provider. Data Protection Impact Assessments are carried out by the data protection lead in these and other circumstances where there is likely to be a high risk to data subjects.

16. Data protection by default: minimisation: Another important principle is data minimisation. In other words, no more data should be collected, shared and stored than is strictly necessary. The retention periods for the personal data The Expert stores are up to six years, as necessary. A schedule of retention periods is appended to this policy.

17. Security: This is one of the most important principles. The Expert has taken physical, organisational and technical measures to ensure that its personal data is secure. Hard copy as well as electronic data is processed in accordance with The Expert’s security policy, attached to this policy.

18. It is important that all members of staff comply with the security policy. Failure to do so is a disciplinary offence that may result in dismissal.

19. Personal data breach: The data protection lead is responsible for responding to personal data breaches. He or she notifies the Information Commissioner as necessary, and also data subjects where the risk to them is high.

20. Breaches which carry any risk to data subjects must be reported to the Information Commissioner’s Office (ICO) within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. The Expert’s data breach policy is attached.

21    Rights of data subjects: Data subjects have eight rights which include:

• Right to be informed about what The Expert does with personal data;

• Right of access to personal data by means of a subject access request;

• Right to rectification of inaccurate data, and to add to the information The Expert holds about the data subject if it is incomplete;

• Right to erasure, otherwise known as the right to be forgotten;

• Right to restrict the processing of personal data;

• Right to object to the processing The Expert carries out based on its legitimate interest.

The Expert must respond to requests from data subjects within one month. The procedure for responding to requests is appended to this policy.

22. Human Resources: is responsible for processing the personal data of members of staff. It is stored in hard copy files that are stored securely/electronic files stored securely in the cloud. Access to these files is restricted. Special category data, such as medical records, is further restricted as appropriate. Special category data stored electronically are encrypted. No personal data is shared outside Human Resources, other than with the member of staff’s manager.

23. All members of staff receive training in data protection.

24. Data Protection Risk Register: All personal data processing activities are recorded in the data protection risk register.

25. Personal data breaches are recorded in the risk register, whether they are reportable or not.

26. The risk register contains a copy of all audits, risk assessments and Data Protection Impact Assessments.

27. The data protection lead holds the risk register.

28. Enforcement and disciplinary action: Failure to comply with the General Data Protection Regulation is a criminal offence in many cases and can result in large fines. It is important that all staff are aware of this policy, receive training in data protection, and that this policy is properly implemented.

29. Any staff failure to comply with this and its associated policies is a disciplinary offence which may lead to disciplinary action and dismissal.

Data Breach Policy

Data Subject Request Policy

1. The rights of data subjects include the following:

• Right of access to personal data by means of a subject access request;

• Right to rectification of inaccurate data;

• Right to erasure, otherwise known as the right to be forgotten;

• Right to object to processing;

• Right to restriction on processing;

2. In order to respond to requests in a timely manner The Expert recognises the importance of centralised efficient information management systems. It is reviewing how it organises and stores emails and texts so as to enable easy and efficient retrieval.

3. The Expert stores data in relation to each client, whether it be an organisation or individual, on a hardcopy and/or electronic files dedicated to the client. The files contain the evidence The Expert has been provided with, together with identity check documents, and invoices and receipts. Relevant emails, letters and faxes are also stored on these files.

4. Identification records and special category personal data, such as medical records, are kept in a separate sub folder, distinct from the main file, whether the data is in hard copy or kept electronically. Hard copy files are stored in locked cabinets with access restricted to a need to know basis. Identification records and special category data are encrypted on electronic files, with similarly restricted access.

5. Records relating to employees are kept in individual files, with any medical or health related information separated into a sub folder. Hard copy files are kept in locked cabinets with restricted access. Electronic files also have restricted access and any medical or health data is encrypted.

6. The data protection lead/The Expert is responsible for responding to requests from data subjects and must do so within one month. The period may be extended by a further two months where that is necessary. In these circumstances the data subject must be informed within one month that more time is needed and given the reason why.

7. Requests from data subjects need not be in writing. There is no standard wording and they may be made casually over the telephone. On receipt of a request, the data protection lead/The Expert logs it in the data protection risk register.

8. The data protection lead/The Expert may seek to obtain the data subject’s agreement to limiting the request to what is being sought. Otherwise, all the data subject’s personal data is covered and, in response to a subject access request for example, must be provided.

9. On receipt of a request, the data protection lead/The Expert conducts a search of the relevant files, email folders and inboxes as necessary. It is important to remember how broad the definitions of personal data and processing are, and reference should be made to the data protection policy.

10. Where a request for a copy of personal data is made electronically, it should be provided electronically.

11. Any request for personal data relating to a legal case should be referred to The Expert’s instructing solicitors to deal with, if they exist in the matter.

12. If the data protection lead and/or The Expert does not wish to accede to a request, he or she should seek legal advice.

Complaints Policy

This document describes the Complaint Handling Policy, which has been implemented to ensure that all complaints are dealt with and handled in a professional manner.

The aim of the policy is to ensure that:

1. We deal with all complaints openly and thoroughly
2. We aim to resolve complaints promptly
3. We update the complainant throughout the process
4. We aim to arrive at a satisfactory outcome
5. We review complaints on a regular basis and where applicable use them to improve our processes and service levels.

Although we will do everything we can to meet or exceed your expectations, in the event that you should find you have an issue or complaint with our service, we urge you to contact us. In the first instance, you should contact our administration team at D2Expert via telephone or email. 

1. If you have telephoned, we hope that we will be able to deal with the issue or complaint to your satisfaction immediately.

2. You will receive a letter or an email, acknowledging your complaint within 2 working days upon receipt of complaint.

3. Your complaint will be recorded on our register and will be used to improve our service to our clients. 

4. The Expert will then start to investigate your complaint and provide a written reply to your complaint within 5 working days.

5. At this stage, if you are still not satisfied with our response, we will review this again and reply within 3 working days to your further complaint.

6. If we are unable to meet the timescales above whilst dealing with the complaint, we will let you know and explain why.

We are always seeking to continuously improve our service and will keep a record of your complaint and the outcome will be held centrally for analysis. Whatever the outcome, we assure you that we will be examining our Customer Care processes and procedures to try to ensure that the issue does not arise again.

For the avoidance of any doubt, complaints regarding the content of the independent medical report written for the Court should be managed by the Clinical Escalation Policy.

Should the complaint not be resolved to the complainant’s satisfaction, our escalation procedure means that we will self-refer ourselves to a higher authority:

• Unresolved clinical complaints – MedCo EAPR Committee.
• Unresolved administration complaints – MedCo Audit Committee.

Clinical Escalation Policy

This document describes the Medical Escalation Policy, which has been implemented to ensure that all issues regarding the content of the independent medical report written for the Court are dealt with and handled in a professional manner.

The aim of the policy is to ensure that:

1. We deal with all medical escalations openly and thoroughly
2. We aim to resolve medical escalations promptly
3. We update the Claimant/Instructing Party throughout the process
4. We aim to arrive at a satisfactory outcome
5. We review medical escalations on a regular basis and where applicable use them to improve our processes and service levels.

For the avoidance of any doubt this policy is to manage complaints regarding the content of the independent medical report written for the Court. Any complaints of other natures should be dealt with under the Complaint Handling Policy.

In the first instance, you should contact our administration team at D2Expert via telephone or email. 

1. The Medical Escalation will be passed immediately to The Expert and within 4 hours of receipt of the request.

2. In the first instance The Expert will provide a written response to Claimant in response to the Medical Escalation within 2 working days.

3. If the Claimant/Instructing Party is still not satisfied with the response from The Expert the Claimant will be entitled to have their case reviewed by an alternative expert. The cost of this will be met by DME.

4. The Expert will ask D2Expert to provide him with the next 3 medico-legal experts on a “taxi cab” basis who have made themselves available to review such matters, those with the lowest tally will be provided.

5. The Claimant/Instructing Party will be asked to choose the medico-legal expert to carry out the review and the case will be referred to them. D2Expert must be notified of the chosen expert for their records, as the chosen expert will then receive an increase of 1 on their tally.

6. Within 5 working days the reviewing medico-legal expert will provide their response to The Expert along with recommendations.

7. Within 2 working days of receiving The Expert will provide their final response to the Claimant/Instructing Party with a copy back to the reviewing medico-legal expert.

The information on this webpage all relates to the medico-legal services from Dr Tariq Ayyoub and in particular is relevant to Litigants in Person who are pursuing a Claim through the Official Claims Injury Portal.

Throughout this webpage and the policies any reference to “The Expert” refers to Dr Tariq Ayyoub

The Expert’s ICO Registration Number is ZA107627