Why we collect your personal data and what we do with it.
You may be aware that changes have been made to the UK data protection law and a new regulation known as the General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. This is to ensure that you have more control over how your data is used and protected. Here are the reasons why it is important that we collect this information:
1)For the purposes of providing the best possible treatment osteopaths require detailed medical information. When you ask for a treatment and we agree to provide it this constitutes a contract. You can of course refuse to provide the information but if you were to do so we would be unable provide the treatment.
2) We have a legitimate interest to collect this information because without it we cannot provide safe and effective treatment.
3) Contact details provided by you such as telephone numbers, email addresses or postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment. This constitutes a legitimate interest but this time it is your legitimate interest.
4) As part of our obligations as primary healthcare practitioners there may be circumstances related to your treatment, on-going care or medical diagnosis that will require the sharing of your medical records with other healthcare practitioners e.g. osteopaths, GPs, consultants, surgeons and/or medical insurance companies. Where this is required we will always inform you first unless we are under a legal obligation to comply. We will ensure that they are fully aware that they must treat that information as confidential and we will ensure that they sign a non-disclosure agreement.
5) We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date. We will only collect data that is relevant and necessary for your treatment.
6) We will make notes that include details concerning your medication, treatment and other issues affecting your health. This data is always held securely, is not shared with anyone not involved in your treatment, although for data storage purposes it may be handled by practice staff. To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow osteopaths to document and process your personal medical data.
7) We will never share your data with anyone who does not need access without your written consent. Only the following people will have routine access to your data:
Your practitioner(s) in order that they can provide you with treatment, our reception staff, because they organise our practitioners’ diaries, and coordinate appointments and reminders.
8) From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data (but not your medical notes).
9) You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
10) Your case history is stored in paper format and kept securely locked at the Practice. Case notes are never digitised and never stored on a computer either locally or remotely. Your information is handled with the strictest confidentiality and we do not share it with anyone else. On occasion you may ask for a letter, report or invoice, in this case it will be held on our private computers which are password secured and not networked, we do not upload patient letters onto remote storage.
11) From time to time we will contact you by phone, text message or email using the information that you initially gave us. This would usually be in regard to your appointment. However occasionally we might contact you with relevant news or information about the practice. We hope that you are happy to receive these occasional messages.
12) If you do not wish to receive such emails or messages you may withdraw this consent at any time – just let us know by any convenient method.
13) We want you to be absolutely confident that we are treating your personal data responsibly and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
14) If you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to the ‘Data Controller’. Here are the details you need for that:
Data Controller: Charles Berger
Address: Wallington Green Osteopaths
13 Manor Road, Wallington SM6 0BW
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.