GDPR Regulations 2018
This privacy notice explains how we as a clinic handle your personal and medical (osteopathic) data in compliance with the General Data Protection Regulations (GDPR) 2018.
What data is collected?
Our secretarial staff will collect basic contact details from you including your name, address, telephone numbers and email address. This is so that we can in turn provide you with information about the time and date of your appointment and information about the clinic. In pursuance of our role as primary care practitioners the osteopath will collect details of your presenting complaint, past medical history, family medical history, your GP name & address as well as other relevant medical information such as it might be required to make informed medical decisions about your treatment and further care.
Who is collecting the data?
The Data is collected both by administrative staff and the Osteopath all of whom are familiar GDPR and have signed formal declarations to adhere to all relevant guidelines.
How is the data collected?
Data can be collected by telephone, in person, in writing or electronically, for example through our online contact form. All electronic data is stored electronically on a secure server using encrypted and password protected access. Paper documents and records are stored securely on site at the practice address.
Why is data being collected?
Data is principally being collected in pursuance of our role of primary care practitioners as set out in The Osteopaths Act 1993 and in accordance with the prevailing professional code of practice, Osteopathic Practice Standards. Secondly, data is collected in order to keep you informed about your appointments and to send you other correspondence such as it relates to your case.
Who will the data be shared with?
GDPR and Osteopathic Practice Standards robustly encode your right to confidentially and your personal information will not be shared with anyone without your consent. From time to time we may require your written consent in order to liaise with other healthcare providers regarding your further assessment and treatment, or to provide details to non medical agencies such as legal or insurance companies when making a claim.
Who at City Osteopaths Ltd has responsibility for data protection?
Geoff Hale is appointed the Data Controller for City Osteopaths Ltd
Can I assess my data?
As an osteopathic patient, under GDPR, you have a right to rectify any inaccuracies, access copies of your records or request for items to be erased (we cannot erase parts of your health records due to our legal obligations, parts of which must be retained for a minimum of 8 years). Copies of your notes will be provided by within one month free of charge.
How long is my data kept for?
It is a legal requirement that your health records and personal information will be keep for a minimum of 8 years after the date of your last consultation at the clinic. For patients who attend under the age of 18 their records must be kept until they are aged 25. After this time your records can be erased or destroyed.
What should I do if I have any concerns about the way my data has been handled?
You should initially raise any concerns with the data controller, Geoff Hale who can be contacted by using the clinic's telephone number or email. If for any reason you are not happy with the response you receive you may contact the Information Commissioner's Office on 0303 123 1113.