GDPR – General Data Protection Regulation – Privacy Notice
What Data do you keep about me?
As a clinic we are legally required to keep a clinical record of your case and attendance as a medical record. As well as personal details such as your name, address, date of birth we will keep a record of your care at the clinic including diagnosis and treatment. Email communication between you and the clinic also form part of this record as do results of tests such as MRI scans or letters we receive from your doctor or consultant.
Who do you share this data with?
We will only share this data for legitimate purposes such as when communicating with medical professionals such as your GP, a referring consultant or other medical professionals such as in requesting an MRI scan or referral to another clinician. If you are using private medical insurance for your treatment we will share this data with them in accordance with your insurance policy. We will NOT share your data with any other third party and will need further written consent to share information about your case with solicitors or case managers in the event you need us to.
How long will the data be kept for?
In accordance with the rules and regulations of The Chartered Society of Physiotherapy and the Healthcare Professions Council, who we are regulated by, we will keep a copy of your record for 8 years after your last visit to the clinic or for 8 years after your 18th birthday in the event you last saw us before turning 18 years of age.
Can I see what information you have about me?
Yes. You can make a written request to have a copy of the information we hold about you and have any mistakes corrected. You will need to provide 2 forms of identification, one of which needs to be a photo I.D. such as a driving licence or passport which we will take a copy of. We have one month to respond to such a request.
Can I delete the information you store about me?
It is a statutory obligation for us to keep a record of your treatment at the clinic and as such cannot be deleted while you are still considered a patient of the clinic. See “How long will the data be kept for?” above.
Where is this data stored?
We are moving towards a paperless clinic. Any paper records held do not leave the premises. We use practice management software approved by Physiofirst (The organization of Chartered Physiotherapists in Private Practice) and any computerised record of your care is stored securely by the data processor in accordance with GDPR regulation.
Online consultations consent
As per guidelines from the Chartered Society of Physiotherapy it is agreed that your consent is implied by accepting the invitation and entering an online consultation. It is your responsibility as the patient to ensure that you have adequate anti-spyware and anti-virus protection on your equipment/devices. If you are using a mobile phone, you must be made aware that it can only be as secure as any other phone call on that mobile network.
Online consultations will not be digitally recorded by either party but clinical outcomes from the consultation will be recorded and stored on your patient record.