How we use your personal information
General Data Protection Regulations changed from 25th May 2018. We have always been fully compliant with the legal requirements of the Data Protection laws in the UK and we are fully compliant with the new regulations. We will continue to process your information in a lawful and transparent manner.
The health care professional, who provides your care, maintains records about your health and any treatment or care you have received here or previously. These records help provide you with the best possible health care. Our records are electronic and on paper and we use a combination of working practices and technology to ensure your information is kept confidential and secure. Records which this clinic holds about you may include the following information:
- Details about you, such as your address, contact details, previous medical history and previous investigations
- Any contact with the clinic has had with you, such as appointments, clinic visits, advice given over the phone or email, emergency appointments etc.
- Notes about your and/or your child’s health
- Details about your and/or your child’s treatment and care
- Relevant information from other health care professionals
Information may be used within the clinic for clinical audit purposes to monitor the quality of the services we provide. All of your information is held securely on our premises and may be used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested for research purposes – in such instances we will always ask your consent before releasing such information.
How do we maintain the confidentiality of your records
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- General Data Protection Rules 2018
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- General Chiropractic Council Code of Conduct
Every member of staff who works at Andy Davies Chiropractic Clinic has a legal obligation to keep information about you confidential. We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. We have implemented processes to guard against such. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
How do we store your information?
Your records are stored on paper, in filing cabinets in a locked room, and some details are stored electronically (“in the cloud”), using a specialist medical records service 'PracticePal'. This provider has assured us that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly on our office computers. These are password-protected, backed up regularly, and the office(s) are locked and alarmed out of working hours.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
- Your practitioner(s) in order that they can provide you with treatment
- Our reception staff, because they organise our practitioners’ diaries, and coordinate appointments and reminders (but they do not have access to your medical history or sensitive personal information)
Who do we share your information with?
We may use your data or give third parties permission to use your data to provide you with information about products and services which may be of interest to you. We or they may also use your data to contact you by post, email or telephone. If you would prefer that we did not use your information in this way then you may contact us to ensure this request.
Access to your personal information
You have a right under the General Data Protection Rules 2018 to request access to view or obtain copies of what information Andy Davies Chiropractic Clinic holds about you and to have it amended should it be inaccurate. In order to request this you need to do the following:
- Your request must be made in writing to the clinic.
- We are required to respond to you within 30 days.
- You will need to give us proof of name (Photo ID) so that your identity can be verified.
How long do we keep your data for?
In line with data protection principles, we only keep your data for as long as we need it. We have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date. Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner than maintains data security.