When you supply your private details to this clinic they are processed and stored for four reasons:
The underlined words are the relevant terms used in the General Data Protection Regulations (GDPR).
-We need to collect personal information about your health in order to provide you with the best possible treatment; by you having requested treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.
-We have a Legitimate Interest in collecting that information, because without it we couldn’t do our job effectively and safely.
-We also think that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes Legitimate Interest, but this time it is your legitimate interest.
-Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
We have a legal obligation to retain your records for 8 years after your most recent appointment; records concerning minors who have received treatment will be retained until they have reached the age of 25. If you do not return within 8 years from the date of your last appointment your medical records will be destroyed.
Your records are stored electronically using a specialist medical records service. This provider is fully compliant with the GDPR. Access to this data is password protected and the passwords are changed regularly. Some older records are stored on our office computer. This is password-protected, backed up regularly, and stored securely. The backup files are stored on a secure & password-protected system.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
•Your osteopath in order that they can provide you with treatment
•The medical records service who store and process our files and diary system
•Some older appointments are stored on a ‘cloud’ diary service
•Both diary systems include your name with date & time of your appointment
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to confirm that your records have been destroyed.
Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. You should do that initially to the Data Controller.
Here are the details you need for that:
Crispin Birch – Crispin Birch Osteopathy – The Clinic, 12 Newbiggin, Malton – 07510 239325