At Harper Road Osteopaths and Walled Garden I am committed to protecting and respecting the privacy of anyone coming to use my osteopathy services.
This statement explains when and why I collect personal data, how I use it and the conditions under which I disclose it to others.
By using my services you are agreeing to be bound by this policy.
If you have any questions regarding this Policy please send them to Victoria Diamond at victoria@victoriaosteo.co.uk
Date: 03/01/2023
Next Review: 03/01/2024
Author: Victoria Diamond
1. PERSONAL DETAILS AND CONSENT:
1. 1. I need to collect personal information about your health in order to provide you with the best possible treatment.
1.2. You requesting treatment and my agreement to treat you constitutes a contract.
1.3. You are free to refuse to provide the information I request, but without this information I may not have enough data to create a full diagnosis and provide the best treatment.
1.4. Because I work in a medical field I have a ‘Legitimate Interest’ in collecting the data because without it I would not be able to do my job effectively and safely.
1.5. I also have a ‘Legitimate Interest’ in providing you with appointment confirmations, appointment reminders, and aftercare advice.
1.6. Having a ‘Legitimate Interest’ means that I do not need to ask you for specific consent for these types of communications.
1.7. I do, however, need to ask you for specific consent to send you newsletters, information about events, or any other information that could be construed as marketing.
1.8. I do not do any direct marketing at the moment and have no plans to, but I have an ‘Opt in’ box on our case history forms allowing you to give consent to receive this material if I ever decide to do this. You can withdraw this consent at any time.
2. PERSONAL DETAILS; WHAT WE KEEP AND FOR HOW LONG
2.1. I have a legal obligation to retain patient notes under our Code of Practice dictated by the GOsC for a minimum of 8 years and children’s notes need to be kept until their 25th birthday.
2.2 My patient notes must include:
1. Patients personal details (age, date of birth, telephone number, email and home address)
2. Any problems or symptoms reported by the patient
3. Relevant medical and family history
4. Clinical findings
5. Information and advice provided
6. Information given to the patient about risks of treatment
7. Records of Consent (I have forms for consent to Dry Needling and intimate area examination and treatment, Chaperone requests and I seek ongoing verbal consent for all other treatment, which I record in your notes)
8. Treatment provided, reaction to treatment and ongoing evaluation of findings.
9. Any correspondence about the patient (with consent requested and recorded) with other health professionals.
10. Whether anyone else was present in the consultation.
3. PERSONAL DETAILS; WHAT DATA DO WE STORE AND WHERE WE STORE IT
3.1. I store case histories and patient notes either on paper or electronically on the Cliniko system that I use at the practice..
3.2. I keep paper files in a locked filing cabinet in a locked treatment room. The key to the cabinet is kept safe.
3.3. Your name, address, email address, date of birth and telephone numbers are additionally stored on a booking system called Cliniko regardless of whether the notes are also stored there.
3.4. When you first register with Cliniko you are asked whether you consent to our Privacy policy (which is this document). As stated I only need your consent to send you marketing. I otherwise have legitimate interest to process your data and this consent is not necessary.
3.5. Cliniko also provides details on how they store information about you and ask for your consent to this when you make an online booking. Their privacy policy is available here: https://www.cliniko.com/policies/privacy
3.6. When I no longer need to store your data in Cliniko (after my statutory obligation to hold data for 8 years passes, or until you reach the age of 25years old and 8 years have passed), I will delete your records and securely destroy any paper records.
3.7. For patients who have been prescribed a program of exercise, I sometimes use a system called RehabMyPatient, which stores your name, date of birth and email address (for the purposes of being able to send you the exercise program) and no other data. This data is held securely. RehabMyPatient does use GoogleAnalytics to collect anonymised data which they use to improve the site. From this they record: the computer you used to access the site, your general location, how long you stayed on the site. The details are available in their Privacy Statement available here: www.rehabmypatient.com/gdpr. Their data is stored in a Digital Ocean data centre in London, who are GDPR compliant.
4. CONTROLLING YOUR PERSONAL DATA
You have rights concerning the information I hold about you:
4.1. You can request a copy of all the data I hold about you. Upon request I will provide you scanned copies of the personal data I hold.
4.2. If you change your name, address or email address, please contact me so that I can keep the data up to date.
4.3. You have the right to request erasure of your personal data that I am not legally obligated to keep for a minimum of 8 years.
4.4. I do not sell your information to third parties.
4.5. I do not share your data with third parties for marketing or any other purpose, without prior consent by you (for example sharing your data with other healthcare professionals)
4.6. I do not gather sensitive personal data such as political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or criminal convictions.
5. DATA BREACHES AND COMPLAINTS
5.1. If you wish to raise a complaint about how I handle your personal data, you can contact me directly and I will investigate the matter.
5.2. If you are not satisfied with my response or believe I are processing your personal information not in accordance with the law, you can raise your complaint to the Information Commissioner’s Office (ICO). https://ico.org.uk/