Privacy Policy
Privacy Policy
Our privacy policy under the Data Protection Act 1998 has been reviewed and updated to underline the new rights for individuals within the new laws of the General Data Protection Regulation (GDRP) from the 25 th of May 2018. This major change has occurred to help protect and unify the way that an individual’s data is managed throughout the European Union (EU). We at KM Physio collect information relating to patients’ health and personal details. This information is classed as sensitive data and termed as special category data. Under the new GDPR, patients have a right to know why their information is collected, for what purpose it is used and how it is kept safe.
Why we collect information
Under the GDPR KM Physio has a legitimate interest in the patients’ information and is part of the contract between a health professional and their patient. For a detailed and accurate assessment and treatment to take place, we need to collect and keep information about patients and their health on our records.
How is your information used?
Your personal details are used for the following reasons.
- Address- allows us to post receipts and invoices.
- Telephone number- allow us to send text reminders of appointments and communicate with you outside of appointment times.
- E-mail addresses are used for sending you receipts, and your individual online exercise programme when required through Cliniko. Emails are also used to update you on clinic services or information.
- Date of birth is used as a unique identification for your records.
We will only ask for and keep information that is necessary. We will attempt to keep it as accurate and up to date as possible. We will explain the need for any information we ask for if you are unsure why it is needed. We ask you to inform us about any relevant changes that we should know about including personal contact information.
Who has access to your information?
All staff at KM Physio are bound by patient confidentiality laws, the standards of conduct, performance and ethics of CORU (Regulating Health & social care professionals) and the Irish Society of Chartered Physiotherapists (ISCP) code of conduct. Your information will not be shared outside KM Physio unless you have given consent, except when;
- Requested by law
- In your best interests and you are unable to give consent
- In the public interest to prevent serious harm to others
Access to your records is regulated to ensure that they are used only to the extent necessary to enable the employee in question, whether secretary, manager, or healthcare professional perform their tasks for the proper functioning of the practice. In this regard, patients should understand that practice staff may have access to their records for:
- Typing referral letters to GP’s, hospital consultants or other allied health professional.
- Scanning clinical letters, radiology reports and any other documents not available in electronic format.
- Handling, printing, photocopying and postage of medico legal and life assurance reports, and of associated documents.
- Following up with other allied health professionals, GP’s or consultants on regarding pending appointment of referral or radiology updates.
How is your information stored?
We commit to retaining your information securely. There are robust security measures on the computer to prevent and minimise the risk of information theft. All our software is password protected and is updated every 30 days.
- If booking online you will be asked to read and review our data policy and tick box if you accept. This will be uploaded to cliniko our online booking and medical notes software who acts or our data processor and complies with GDPR. You will be asked to fill out patient information sheet when you first attend.
- If attending clinic following a phone booking you will be asked to complete a paper document personal information form which will be scanned and uploaded electronically to cliniko and shredded with in 30 days.
- Your medical notes are completed under Cliniko and each practioner has their own login and password for this.
- Any patient letters or documents with personal information outside medical notes are stored on a password protected computer, stored in an encrypted folder within business dropbox.
- When information is shared with others, GPs for example it will either be sent via encrypted email, recorded delivery or hand delivered.
- All notes will be kept for a period of 7 years after the last treatment or date of death at which point they will be permanently deleted
Recording
If recording were made, we are committed to ensuring that any audio, visual or photographic recordings of you, in which you are identifiable, should only be made with express consent. The recordings will be kept confidential as a part of your record. We will do all we reasonably can to protect confidentiality of the recording. We will get consent before sharing such videos, photos or other images.
We will only take images of you on your practitioner personal mobile device when necessary for the care been received and with your permission.
Such images will not identify a patient and shall only be kept for the minimum time necessary.
Your right to amend, restrict and object to the information held.
Under the GDPR all individuals have the right to have incorrect information that is held about them amended. If this was to arise within the notes held by KM Physio the notes would become restricted, i.e not used until the issue was resolved
You have the right to have the information we hold restricted;
- If you contest the accuracy,
- You need the information to establish, defend or exercise a legal claim
- You object to the information held.
- In this instance all treatment will be stopped until the issue is resolved. You also have the right to object to KM Physio holding your personal information on grounds relating to your particular situation and as with restriction, all treatments will stop and the notes will become restricted until the issue is resolved.
Your right of access to your health information
You have the right of access to all the personal information held about you by this practice. You can make a formal written access request to the practice secretary and the matter can be dealt with formally. All requests will be answered in the time frame of one month unless you are notified of a difference to this time scale. There will be no fee for information provided.
We hope this policy has explained any issues that might arise. In the unlikely event that this safety was compromised you will be notified immediately as will the Data Protection Commissioner.