PRIVACY POLICY

Personal data 

Personal data may be used for the following reasons:

Staff

Contact details, contracts, DBS applications, pay, tax, social security, minutes of meetings, use of IT, appraisal forms, holiday requests, training applications.

 

Patient’s records

Contact details, health records, referrals, letters, and Insurance details

 

Personal data may be processed for the following data subjects:

Staff current /former/locums/potential employees • Patients current/ previous/carers/relatives/guardians/third party representatives

 

Contractors/suppliers

Equipment servicing /repair • Cleaners • Estate 

 

Sharing and disclosure

Appraisal • References • Incident reports/forms • Insurance and banking • Referrals • Results • Letters to other service providers

 

 

Manual records

Staff files • Patient’s notes • Bills • Insurance forms • Consent forms • Insurance payment forms

 

Electronic records

TM3  • Banking • Nuffield • Vitality health • Bupa • Quick books

 

IT system

Fixed  • Cloud

 

Assessing the risk

 

Information collection

What information is being collected and how? Personal details and health care information

Where is the information being collected from? Data subjects and IT system

How often is the information being collected? During consultations, which are on an as needed basis

 

Information use

What is the purpose for using information? To enable the provision of effected treatment

When and how will the information be proceeded? Recorded during or soon after consultation onto TM3 clinical system or paper format

Is the use of the information linked to the reason for the information being collected? Yes  

 

Information attributes

What is the process for ensuring the accuracy of data? 

Asking the data subject to confirm details and ensuring the correct patient record is used when recording the information

What are the consequences if data is inaccurate?

Incorrect patient record updated; delay in treatment and or referral; potentially adverse impact on patient health

 

Information security

What security processes are in place to protect the data? 

Only authorised users can access the data

What controls are in place to safe guard only authorised access to the data? 

All users have an individual log on and the system is password restricted

 

Data subject access

What processes are in place for data subject access?

Data subjects can access limited information using online services or by requesting to see their clinical notes.

 

How can data subjects verify the lawfulness of the processing of data held about them?

By accessing their records and viewing how information has been processed

 

How do data subjects request that inaccuracies are rectified?

Data subjects can request that information held about them be changed by asking for an appointment with the data controller

 

Information disclosure

Will information be shared outside the practice; are data subjects made aware of this?

Yes the practice privacy policy details this information

 

Why will this information be shared; is this explained to data subjects?

Yes, to facilitate the necessary examination and treatment of data subjects

 

Are there robust procedures in place for third party requests which prevent unauthorised access?

Yes, authority must be provided by the third party who also included either a written statement or consent form, signed by the data subject

 

Retention of data

What are the retention periods associated with the data?

Mental health records are kept indefinitely. Paediatric records and all other data subject records are kept for 30 years

 

What is the disposal process and how is this done in a secure manner?

At the end of the retention period the records will be reviewed and if no longer needed they will be destroyed 

 

Where is data stored? If data is moved off site, what is the process; how can data security be assured?

Patient data is stored electronically on TM3 and some paper records are stored in a lockable cupboard which can only be accessed by authorised personnel

Follow

Contact

01534 280010

Address

Augré Physiotherapy Limited
Suite 2.9, Lido Medical Centre,
St Saviour's Rd, St. Saviour,
Jersey JE2 7LA

©2019 Augré Physiotherapy Limited