We take data protection very seriously and will vigorously defend all of our clients information to the best of our ability and with the backing of the full data protection legislation. At no time will any information be sold or shared with third parties for marketing, soliciting, profiling, or profiteering. With this in-mind, there are a few things that we do need to collect in order to maintain our professional standards and to aid in the efficient running and safety of our service.
What information do we need to collect from you?
Full Name, Gender, Date of Birth, Address, Email, Phone Number
GP details (Family Doctor), Consultant, relevant health professionals involved in your care
Insurance provider details including policy number and authorisation details
A full and comprehensive medical history including details of relevant scans, investigations, medications will be taken during your first appointment. Follow-up notes about your condition and ongoing clinical input will be made during each session.
Why to we collect this data?
As registered health professionals we have professional and ethical conduct standards set by the HCPC (Heath Professionals Council) and by our Chartered Physiotherapy Society that require us to record this information as a matter of maintaining our professional standards (including clinical audit).
We also have a practical need to be able to communicate in an effective and efficient manner with any health providers relevant to your needs. We will always take time to ask for your specific consent when sharing information with fellow health professionals, and will ensure you receive copies of this correspondence.
We have a practical requirement to contact our clients with appointment confirmations, discussing phone enquires, cancellations, staff illness, emergency closures, and managing invoicing and billing matters.
Will this data be shared with any third parties?
We will only share your data with you expressed consent with agencies and health professionals specifically relevant to your immediate care and well-being. This will always be discussed with you on an individual basis, and copies of this correspondence will be sent to you.
Any dealings with solicitors and legal firms requiring access to your data will have to supply us with signed consent from you directly. We will contact you in this instance to verify that is a correct procedure.
All patients have right to access their medical records in line with the DATA PROTECTION ACT. Requests must be made by the patient in writing and processed within 40 days.
Relatives of patients have no right to see a living patient’s medical records without the patients written consent, unless the relative holds a Power of Attorney or other legal authority for the patient.
Medical records remain confidential after a patient is deceased. Requests to access a deceased patients records should be made under the Access to medical records ACT to the Data Processor. Permission may be considered by either the legal authority and/or Executors of the deceased estate.
I want my data deleted from your system.
In line with GDPR all clients retain the right to have their personal data removed from the clinics database. This request must be received by the Data Controlling Officer in writing and will be actioned within 30 days.
We are legally obligated to retain a copy of all clients medical records for a minimum of 8 years as part of the health professionals standard. This timeframe increases to 25 years for clients under the age of 18 at the time of their first treatment and those seen while under active treatment for cancer.