Rosedale Clinic Data Protection Procedure
Data Protection Controller & Processor: Christopher J Boardman
ICO Registration No: Z6358345
The following information is collected: Patient name, address, DOB, email address, phone numbers, GP details, previous & current medical history, case history for treatment carried out at clinic, Occupation, Registered GP & details of communication. All information is given by the patient or their carer, parent or legal guardian.
Data Collection & Storage
Clinical information collected is sufficient for the purpose of making informed clinical decisions. Patient’s personal data is used to ensure we can contact patients in relation to their treatment at the clinic. Patient contact details and clinical records are stored on paper in a locked filing cabinet, contained in a locked office in accordance with statutory regulations, with access only by our authorised practitioners and trained staff.
Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children, depending on their date of birth at the start of treatment.
Clinical notes are archived after 8 years. This process involves shredding the paper clinical notes & thoroughly deleting all email records. They are only accessible by The Rosedale Clinic if the patient returns to continue treatment thereby acting as a historical record, or if requested by the patient or for historical legal reasons.
Electronic records are deleted from the system after 8 years or 25 years of age for children.
Patient data is also used for appointment reminder text messages or phone calls at the patient’s request, a newsletter and marketing which patients can opt in to with a tick box on their first visit. We check patients still want to receive communications on a regular basis.
Parents must give consent for communication with children under 16 years.
Information is only shared with other persons with the patient’s permission. This would usually be with other health professionals, but occasionally it may need to be shared due to legal reasons or in cases of serious safety risks. Patient information is never passed on to other external practitioners, persons or companies.
We regularly check with our patients that their records are up to date and accurate.
Access to paper records is restricted to practitioners and admin staff who have signed a confidentiality agreement.
All electronic data is password protected and access to information can be restricted. Systems are kept updated and antivirus security systems are in place and updated.
Passwords are changed every year.
Data breaches will be detected by observing signs of unauthorized entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorized log on or change to permissions) on the computer system. Data breaches will be investigated and reported to the Information Commissioner’s Office by Christopher J Boardman. Patient’s will be informed if we believe a data breach has occurred.
Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred. Information Commissioner’s Office: 0303 123 1113
Subject Access Requests
All staff know that subject access requests must be responded to within a month and no charge can be made.
Data is only released on receipt of a signed request from patients or in exceptional circumstances. Any data sharing is detailed in the patient record.
Name: Christopher J Boardman
Position: Data Officer Practice: The Rosedale Clinic
Date: 24/05/2018 Review Due: 20/05/2019