Privacy Notice (PN1)
Data Controller: Daniela Chiara Witten, ICO Registration Reference: ZA372529
Address: Lily House, 11 The Shrubberies, George Lane, South Woodford, London E18 1BD
Telephone: 07377 990809 Email: email@example.com
Data Protection Officer: as above
Information we hold about you
In accordance with The Osteopathic Standards, Code of Practice Standard C8:
Dates of the consultations, personal details, your problems and symptoms, relevant medical, family and social history, clinical findings, information and advice you provide, whether this is provided in person or via the telephone, diagnoses and treatment plans, records of consent, investigation or treatment and the results, any communication with, about or from you, copies of any correspondence, reports, test results (X-Ray, MRI, Blood etc.), clinical response to treatment and treatment outcomes, whether a chaperone was present or not required, whether a student or observer was present.
We are committed to protecting your privacy and will only use the information collected lawfully in accordance with the Common Law Duty of Confidentiality, the General Osteopathic Practice Standards and the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018.
Records are held on computer on a secure server, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.
Reception and management staff have access to your contact telephone numbers only, for administrative purposes, but do not have access to your medical records.
The Legal Basis under which we hold your data
The lawful basis for processing special category health data for direct care is that processing is:
‘processing is necessary for compliance with a legal obligation to which the controller is subject’ (Article 6(1)(c).
The special category condition for processing for direct care is that processing is:
‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…’ (Article 9(2)(h)).
Further use of data
Information may be used within this practice for clinical audit to monitor the quality of the service provided. Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – this practice will always gain your explicit consent before releasing the information for this purpose.
We may also use external companies to process personal information, such as for archiving and backup purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.
We not share any of your information with any third party without your explicit permission in the form of a written consent. This may take the form of a referral to another specialist or the transfer of your records to another practitioner. This practice will always gain your explicit consent before releasing the information for such a purpose.
Record Retention Policy
We retain these records for 8 years after your last visit or if the patient is a child, until their 25th Birthday. (In accordance with The Osteopathic Standards, Code of Practice Standard D6 3.1, 3.2).
This effects your right to erasure under the GDPR guidelines, as we have a lawful basis for retaining your records. Certain “personal data”, however, can be erased, such as your email address and your mobile telephone number. This practice will always gain your explicit consent before erasing or amending this information.
Right to access (Subject Access Request) or amend your records
- Your request must be made in writing and signed
- We will respond to your request within 1 month
- You will need to give adequate information and proof of identity.
- There will be NO CHARGE
It is important that you tell us if any of your details, such as your contact details, have changed or are incorrect so that we can be amend our records. You have a responsibility to inform us of any changes so that communication of personal information is sent to the correct person and not mislaid.
The practice is registered with the Information Commissioners Office (ICO).
If you are still unhappy, following a review by the Practice, you can then make a complaint to the Information Commissioners Office (ICO).
Telephone: 0303 123 1113 (local rate) or 01625 545 745