General Data Protection Regulation (GDPR)
GDPR PRIVACY NOTICE
From May 25th 2018, the way we handle your data is changing. Please find below the completed notice for Bishop’s Waltham Osteopathic Clinic.
When you supply your personal details to this clinic they are stored and processed for the following reasons:
We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. Should you refuse to provide the necessary information, might result in the osteopath not being able to provide the treatment.
We have a legal obligation to collect and keep information on any medical history you give us as well as recording what happens during the treatment. This will help to ensure that the treatment is appropriate and safe for you.
We also think that it is important that we can contact you in order to confirm your appointments with us as well as sending you receipts for any payments made.
Provided we have your consent, we may occasionally send you specific advice on exercise and posture related to any treatment you are getting at our clinic. You may withdraw this consent at any time – which you may want to do verbally or in writing.
We have a legal obligation to retain your records for 8 years after your most recent appointment, after which you can request that we delete your records. Otherwise, we will retain your records indefinitely in order to provide you with the best possible care should you need to see us in the future.
Patient data is stored electronically in the Cliniko Software “in the cloud”– the patient management software company is fully compliant with the General Data Protection Regulations.
Ultra Secure Facilities
Cliniko is hosted in state of the art datacenter facilities. Physical access is controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems, and other electronic means.
Encryption
Cliniko runs completely under HTTPS. This means your data is encrypted during transfer using a 2048-bit SSL certificate.
Our database and file attachments are encrypted at rest, using the industry standard AES-256 encryption algorithm.
Patient data on our office computers is password protected, and the passwords are changed regularly. Older paper patient records are stored in locked facilities.
We will never share your data with anyone who does not need access without your written consent. Reception staff only have access to your contact details and date of births and only the practitioner has access to your medical history and treatment notes. So to summarise your data can be seen by:
• Your osteopath in order that they can provide you with treatment appropriate to you.
• Our practice manager/reception staff, because they organise the clinic diary and coordinate appointments and reminders (but they do not have access to your medical history or sensitive personal information)
You have the right to view your patient record and the personal data we hold anytime, and instruct us to correct any factual errors.
Provided the legal minimum period has elapsed, you can also request for your records to be deleted and/or destroyed.
We want you to be absolutely confident that we are treating your personal data responsibly and safely, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in any way, you have the right to complain. Complaints need to be sent to the “Data Controller”. The details are as follows:
Sabine Bruland (Practice Manager & Data Controller)
Bishop’s Waltham Osteopathic Clinic
White Hart Stables, Bank Street
Bishop’s Waltham SO32 1AN
piersspencer@hotmail.com
01489 891 880
In case you are not satisfied with our response you have the right to raise the matter with the Information Commissioner’s Office.