The purpose of this document is to inform you of what information we may hold about you, explain why we keep it, how we protect it, how we use it and how long we keep it.
Nicola Betts T/A The Physiotherapy Practice is the data controller of your personal data.
We collect and use the information required to enable us to provide the best possible treatment or clinically related advice for you. We currently do not use any of our database for marketing purposes and if we wished to this would only be with your consent.
The Physiotherapy Practice takes the confidentiality of your personal information very seriously. We are aware that any information regarding your health is sensitive personal data.
Without certain sensitive personal details (e.g. current and past medical history, medication) we would be unable to offer safe physiotherapy treatment to you.
What information do we collect?
Alongside your name we collect:
Contact details – address, email & telephone numbers
Date of birth
Marital status (please notify us if your name changes)
Name & contact details of GP
Consultants name & details (if appropriate)
Medical insurance details, if insured
Details & contacts of intermediary companies involved in the funding of your clinical care, if this is the case
Work/occupational health contacts where referred by these; or as appropriate with your consent
Your current & past medical history, medication taken and results of investigations (e.g. scans, blood tests, X-rays)
Letters from doctors & other healthcare professionals in relation to your care
Information about your work, social situation & hobbies
Our clinical notes relating to assessment & treatment
How do we obtain this personal information?
We collect this directly from you or at times from healthcare professionals involved in your care or referring party.
What do we use your personal information for?
We use your personal contact details to communicate with you regarding appointments and send you information about your care (e.g. copies of our letters to healthcare professionals or exercise programmes by email).
We use your medical and other personal information to make informed decisions about your care and treatment. Knowledge about your lifestyle, occupation and social situation allows us to work realistically with you on goal planning and ensure aims of treatment reflect your needs.
Healthcare professionals’ details are used to make contact with those involved in your care – always with your consent.
Insurance & intermediary companies are contacted, where appropriate, and clinical information given so as to allow funding for your treatment with your knowledge and consent.
Outcome measures and data audits are used internally by us to look at activity within the Practice and Staff performance. If shared (e.g. with insurance companies or occupational health departments) all audits are anonymised so that you cannot be identified personally.
Sharing information with you by email
Our Patient Information & Consent Form supplied at initial assessment for each episode of care asks you only to supply your email address if you are happy for us to communicate with you this way. By supplying your email details we consider that you have opted for contact via your email. We will only use your email for communications relating to care and will never pass on your email to anyone else.
If at any time you wish to cease receiving emails from us please let us know immediately by emailing email@example.com and your email address shall be removed from our database. Please always inform us if your email address changes.
We shall only email information with medical details to you (e.g. copies of letters to GP or Consultants) with your explicit written consent via your email address prior to each and every release. We shall reply directly to this email request (to avoid mistyping of email addresses) and sensitive medical information will only be sent as encrypted password protected attachments.
Sharing information with others
It is good clinical practice to share appropriate medical information with other healthcare professionals (e.g. GPs, Consultants and other Therapists) involved in your care, with your consent. We will always ask for your consent prior to each communication with other healthcare professionals and explain why this is advisable and beneficial to your care. We actively encourage patients to have copies of any letters we write regarding their care.
Should you at any time not wish us to contact another healthcare professional you have the right to withdraw consent. Usually we are able to respect your request for non-communication, however, if this withdrawal of consent might lead to a less effective treatment or a risk to you, we may have to, in rare cases, refrain from treatment.
Occupational Health Departments are informed of your attendance/s, clinical presentation & diagnosis and kept up to date regarding progress where referral is from and treatment funded by your employer – again with your consent.
We shall be happy to liaise with any patient’s employer, but will only do this on your specific request.
Insurance companies may ask for reports prior to authorising additional treatment. Intermediary companies referring to us ask for reports at initial and last assessment as a minimum. You will always be made aware of these requests and reports are only completed with your consent. We are happy to share copies of reports with you.
We will never release information to any third party not directly involved in your care unless you give explicit consent. Any request for your information by third parties must have your written consent before we release any details about you.
In summary we shall not release any information about you to anyone outside The Physiotherapy Practice without your consent unless under a legal obligation to do so under the law of England & Wales.
We have a detailed Subject Access Request (SAR) Policy which details our protocols for release (or reasons for non-release to a third party); a copy of which is available upon request.
You have a right to personally request your information under a SAR and can make this request either verbally or in writing to anyone at the Practice. We must supply your data/records within 1 month. We do not charge a fee to persons requesting their own information unless the amount is excessive when we shall charge a reasonable fee to cover administrative costs.
How do we store your information?
We hold personal data, including sensitive medical information, in a combination of electronic data on our secure server based on our site and in paper format as clinical notes.
The Physiotherapy Practice does not store any data outside of the EU or EEA.
Our electronic systems hold personal information including medical diagnosis, dates of attendance and all typed reports and letters relating to patient (your) care.
We take the safety, reliability and accuracy of our electronic data very seriously and have strict security measures and protocols in place regarding the storage of your information. Our Data Protection Policy, Information & Data Security Procedures and the Network & Systems Level Security Policies provide more details and can be supplied upon request.
We have both structured and informal needs response training programmes to ensure all Staff understand the requirement for confidentiality, data security and accuracy and reliable access of information.
All paper records are kept securely on our site, with exception of notes required temporarily for satellite clinics.
The Practice has a detailed Records Management Policy which covers strategies and the protocols in place to help ensure the confidentiality, integrity and availability of all information we hold.
Data Breaches – we have policies and procedures in place to help detect these and ensure reporting and investigation.
How long will we keep your information?
Clinical Notes –
We have a legal requirement to safely retain clinical records (paper and electronic) for 8 years or until 25 years of age (whichever is longer) from the date of last attendance or discharge.
The new GDPR requires data controllers not to keep information for longer than is necessary or relevant. We consider that retaining records for longer than the legal minimum requirement allows retrospective reference to clinical presentations and previous management and that this enhances patient care for returning patients.
We currently only hold older paper clinical records relating to previous earlier episodes of care for those patients who have returned to the practice since March 2014 .
Eletronic Data –
Any data relating to your care will be kept securely on our server. We shall keep all data relating to clinical management (for reasons as above) from 1st September 2004 when we started to utilise our electronic practice management system.
If you would like to know what details and records (paper and electronic) we hold for you please contact Nicola Betts via firstname.lastname@example.org. She will be happy to assist with all enquiries. You have a right to access the information we keep and you can also ask us to amend or destroy/delete any information we are not legally required to keep.
Further guidance and complaints
If you have any questions about your personal information we hold please discuss this with your physiotherapist or alternatively contact Nicola Betts of The Physiotherapy Practice at Shrubland House, 47 Colchester Road, West Bergholt CO6 3JQ . Telephone: 07774 930261 or Email: email@example.com
In the event of you wishing to make a complaint about how your personal data is used, held or processed by The Physiotherapy Practice you have the right to complain to us. We shall respond to you within 30 days, if we do not you can complain to the ICO (Wycliffe House, Water Lane, Wilmslow, SK9 5AF. Tel: 0303 123 1133 or Email: http://ico.org.uk/for-the-public)