We have written this guide for you, as a patient of Swindon Chiropractic Clinic, to illustrate how we will be handling your data to comply with the new General Data Protection Regulation (GDPR) 2018, coming in to force in the UK on 25th May 2018. This legislation will affect every business that handles personal data for clients or staff.
Fair Processing Notice for Swindon Chiropractic Clinic
The personal data we collect about you will include data relating to your name, address, date of birth, wider contact details, and data relating to ‘health’ as applicable. We need to acquire information about your health, in order to reach a clinical diagnosis of your complaint, and then to provide you with the best possible treatment. You can refuse to provide the required information, but this may mean that we cannot proceed with treatment.
Your personal data will processed to allow us to provide you with our services and to contact you regarding details concerning your appointments. We will only use your data for the purpose for which it was collected. We will only grant access to or share your data within the Swindon Chiropractic Clinic, with authorised staff where we are required, and entitled to do so by law under lawful data processing. If request is made of us by legal representatives or other health care professionals, we must still obtain your consent before releasing requested information.
Your data will also be used, with your consent, to manage future communications between us (including about our products and services) via email. You can opt in or out from receiving such communications services at any time by emailing: firstname.lastname@example.org
Record Keeping and the GDPR
Storage and Processing
Your health care records are in paper form, which are kept in filing cabinets, within a locked room. We also store personal contact details, and those regarding appointments electronically using a specialist program (Healthy Practice). This provider has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected. We also use Care Response, a patient reported outcome measurement tool that requires some of your personal data in order to record your progress. Once more, the provider has assured us they are also fully compliant with new regulations. Both programs are used on password protected computers. Occasionally we may need outside companies to assist us with administrative tasks, which means they may have access to your personal data. They will be fully aware of our Privacy Notice and they will sign a non-disclosure agreement.
We have received a number of queries from patients regarding record keeping in light of GDPR, and how long we are required to keep their consultation notes. Firstly, as we are insured by a Balens Health Professionals Policy, it is a condition of the Policy to take and retain client records. The policy wording notes:
The records shall be kept for at least 8 years following the last occasion on which treatment was given. In the case of treatment to minors, it is advisable that records should be kept or at least 8 years after they reach the age of majority (18).
Secondly, there is an identical obligation we must uphold as part of the Chiropractors Act of 1994, and maintained by our governing body the General Chiropractic Council (GCC). After such a period of time, it is common to destroy them, unless there is a strict reason to avoid doing so. If this did not take place, we would have an entire building full of records and no room for treatments to take place!
You have the right to see what personal data of yours we hold, and you can ask us to correct any factual errors. You may also ask for a copy of your records. Provided the legal minimum period of time has elapsed, you can also ask us to erase your records. We want you to be absolutely confident that we are treating your personal data responsibly. If you feel that we are or have mishandled your personal data in some way, you have the right to complain.
Complaints need to be directed to our Data Controller who will address any concerns you have. Their details are as follows:
01793 820 599
10 Swindon Road, Stratton St Margaret, Swindon. SN3 4PZ.
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
Swindon Chiropractic Clinic