Collection, Privacy and Storage of data
• Currently your data: name, contact details (phone number and email address) along with your health information is collected using a standard Registration Form.
• If this form is e-mailed as an attachment along with a confirmatory letter it very clearly asks you to ‘Complete and bring the Form with you’ to your first appointment, as opposed to returning it completed via a scanned document.
• If the Registration Form is returned as a scanned document it is printed and retained as a hard copy. The electronic one is deleted.
• At an appointment a relevant medical history is taken and treatment notes are completed.
• All notes are stored in a designated drawer within the treatment room.
• None of these notes are stored electronically.
• Access to the internet on a computer is password protected. The password is changed periodically.
• Currently there are no electronic newsletters or regular mailings which necessitate a mailing list being held on the computer. Should such a mailing list be set up, in accordance with the legislation, permission would be sought from the client to add them to such a list and they would be made aware that they could ask to be removed from such a list at any time.
Sharing of data
• None of the data held on a client will be disclosed without their permission, either verbally or in writing to any other third party.
• Should it be appropriate to write to an insurance company or a secondary medical professional, this will always be done with the consent of the client.
• If, in the event of client notes being subpoenaed, there will, within this correspondence, be an appropriate release document signed by the client, allowing notes to be copied and sent to their legal representative.
Access to your data
• Should a client wish, at any time to view their notes they may ask to do so, although their notes may not be removed from the clinic premises without prior permission.
• Should the client wish a copy of their notes or the originals they may ask to have them, but should give reasonable notice of this request and put this request in writing.
• If they believe their notes to be incorrect amendments will be noted and added.
Removing or deleting data
• All client notes, which are not current, are held for up to seven years at which point they are shredded by a professional company and destroyed accordingly.
• Usually and to date, if a new telephone is purchased, the same sim card containing contact details of any clients is transferred across.
• The telephone used for business is password protected before access.
• Should a computer be destroyed appropriate measures will be taken to delete/clean and remove any data which could be construed as personal.
• No payment is taken by credit card machine so no payment details are stored in this manner.