As part of our duty in providing the best and most appropriate treatment for you it is necessary for us hold some personal information about you. Because we hold and store this information we are required under the new General Data Protection Regulations (2018) to advise you of our Data Protection Policy. This is essentially our policy on why we collect your data, how we store it and what we do with it.
When you supply your personal details to us they are stored and processed for a number of different reasons. (the bits in bold below are the relevant terms used in the General Data Protection Regulations 2018)
- We need to collect information about you and your health in order for us to provide you with safe and effective treatment. Having an appointment and us providing care at the clinic constitutes a contract. You are obviously allowed to refuse to give us this information however that would mean we would not be able to provide treatment.
- We have a “legitimate interest” in collecting that information because without it we couldn’t do our job effectively and safely. You also have a legitimate interest in us holding contact information so we are able to confirm appointments for you and contact you if needed on matters relating to your care.
- Provided we have your consent we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time and it will not have any bearing on your ability to receive treatment at the clinic. Just let us know by any method that is convenient for you.
- We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25 if this is longer) but after this time you can ask to delete your records if you wish.
How your records are stored
- Paper records are stored in a locked filling cabinet and the clinic office is always locked and alarmed outside of working hours.
- We also hold records electronically. These are stored “in the cloud” using a specialist medical records service. This provider has shown that they are compliant with the General data protection regulations and your data is heavily encrypted to ensure it is secure (similar to online banking) Access to this data is password protected.
- We also use mailchimp to co-ordinate some of our messages and so your name and e-mail may be stored on their server.
- We use a company called Care response to help co-ordinate and monitor collection outcome data. Your name and e-mail as well as some medical information you supply to them will be stored on their servers. Again this is heavily encrypted, is password protected and only your practitioner will have access to this information. Care response may use some of your anonymised data for academic research purposes but only do so with your consent.
We will never share your data with anyone without your written permission. We may inform your GP or an insurance companies of some of our findings and treatment you have received. However we only do this with your written permission.
Only the following people will have access to your data
- Your practitioner in order that they can provide you with treatment.
- Our reception team company and administration staff, because they organise our practitioners diaries so book in appointments and carry out other administration tasks (they do NOT have access to your medical history or sensitive personal data)