This privacy notice applies to Moira Physiotherapy’s website at firstname.lastname@example.org (the ‘website’). We at Moira Physiotherapy take your privacy seriously. This notice covers the collection, processing and other use of personal data under the Data Protection Act 1998 (‘DPA’) and the General Data Protection Regulations (‘GDPR’).
For the purpose of the DPA and GDPR , the data controller officer is Duncan Stoddart and any enquiry regarding the collection or processing of your data should be addressed to this person.
By using the website you consent to this privacy notice. We are registered with the Information Commissioner’s Office for this purpose.
General Data Protection Regulations (GDPR):
Moira Physiotherapy collects information relating to every patient’s health and personal details. This information is classed as sensitive data and is regarded as special category data. Under the new General Data Protection Regulations (GDPR), patients of Moira Physiotherapy have a right to know why their information is collected, for what purpose it is used and how it is kept safe.
Our Data Protection Promise:
As ‘Data Controllers’ of your personal data, we take our role in the protection of your personal and sensitive data very seriously. As such, we promise to:
- Only collect data from you that is relevant to your physiotherapy treatment
- Not pass on your personal data to any third-parties for marketing purposes
- Contact you and get your consent if we need to communicate with other health professionals (such as your doctor) about your care.
- Protect your personal data in a manner consistent with the requirements of the GDPR. We will use a variety of security measures such as a lockable filing cabinet for patient records, computer and mobile device password protection and security software. This means your information is well protected from theft or unauthorised access.
- We maintain annual registration with the Information Commissioner’s Office, the UK’s independent body set up to uphold information rights.ico.org.uk
Your Data Protection Rights under the GDPR:
- Access any of the information that we collect plus any other content that forms part of your patient record, including notes
- Know if your personal information has been forwarded to a third-party (such as a consultant or GP)
- Prevent further use (or processing) of your information
- Expect your physiotherapist to take appropriate measures to protect your data
- Know how your personal information is being used by your physiotherapist
We will collect personal data only if it has been provided to us directly by you, the user. This information has therefore been provided to us with your signed consent. You will normally provide us with personal data if you are a patient.
At the clinic we will record your full name, date of birth, address and the name of your registered doctor. This may be for example, to refer you for an x-ray or MRI scan. We will also ask you for your telephone number so that we can contact you should we need to change a booked appointment.
We will record details of your presenting condition together with your past and current medical history and health status. These details enable us to perform a detailed and accurate physiotherapy assessment and treatment which is safe and appropriate for you.
If you contact us via the telephone, by email or through our website, we will save any details you provide such as your name, telephone number and email address. We save these details so that we can contact you to make an appointment and in case we need to change any booked appointments. We also require your email address in case we need to email you any requested information such as a receipt for treatment or any prescribed exercises. We may also use your details to contact you regarding general information about us and our services, feedback, reviews or testimonials. We retain copies of all website enquiries together with any emails sent to us and from us as a record of communication. The basis for holding this information is as being for legitimate legal purposes or to fulfil a contractual obligation with existing patients.
We have a Moira Physiotherapy Facebook page. If you send us a direct message via Facebook, any information you provide such as your name, telephone number and email address may be collected by us in order to contact you regarding an appointment where relevant and to contact you should we need to change any booked appointments. If you send us a direct message via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes.
Why store information?
Information such as telephone numbers allow us to contact you if a booked appointment needs to be changed. Your date of birth and address provide us with details of your identity and residence. This helps to specifically identify you in case we need to contact your GP, consultant or other health professional. We will ask you for the name of your GP surgery so that we know which surgery to contact should we need to communicate with your doctor. If we need to contact a GP, consultant or other health professional, this will be carried out only with your consent.
Medical details and past and current medical history allow for a detailed assessment to take place in order to help us make an accurate and clinical diagnosis. It also helps to ensure that all treatment is as safe and effective as possible for you.
Patient email addresses enable us to email you regarding appointment bookings together with any requested information such as a receipt for treatment.
How Is Your Information Stored And Kept Safe?
All appointments including the initial assessment and any follow up appointments are written and recorded on paper. All paper records are kept in a filing cabinet under lock and key on the clinic premises and the doors to these premises remain locked at all times when staff are not on site. Only clinic staff have access to the filing cabinet containing patient records. All notes for each patient are kept for a period of 8 years after the last treatment or date of death at which point they will be permanently and securely deleted.
In some instances, we are required to produce written documentation such as, but not exclusive to, letters to doctors, consultant and other health professionals, receipts for patients and documents such as exercise plans when patients request a written copy. Any written electronic information such as this will include a patient’s name, date of birth and address for identity purposes. All written electronic information is written in a Word document which is saved on one computer belonging to Moira Physiotherapy. All documents are stored in an encrypted folder within a password protected Word document. The computer is password protected and has robust security measures to prevent and minimise loss of information and the risk of information theft.
We also hold electronic and online data including your name, email address, contact telephone number, online enquiry forms and photos. Electronic data is held on a password protected computer. The computer belongs to Moira Physiotherapy and has robust security measures in place. On this computer, electronic data is also stored within a password protected Gmail account. Only clinic staff have password access to both the computer and the email account. Electronic data is also held on one mobile device. When information is required to be shared with others, for example a letter to a GP, it will be in paper form and will require collection and delivery by patient or by secure email permission.
Who Has Access To Your Information?
Only the staff at Moira Physiotherapy have access to your information. All staff at Moira Physiotherapy are bound by patient confidentiality laws, the standards of conduct, performance and ethics of the Health Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP) code of conduct. Your information will not be shared outside Moira Physiotherapy unless you have given consent, except when;
- requested by law;
- in your best interests and you are unable to give consent;
- in the public interest to prevent serious harm to others.
How Can You Access Your Records?
You have the right to request to see the information that Moira Physiotherapy holds about you. All requests will be answered in the time frame of one month unless you are notified of a difference to this time scale.
Requests can be made in writing to:
Moira Physiotherapy 3, Meeting St, Moira, BT670NR
Alternatively, you can email us at Moiraphysiotherapy63@gmail.com
or you can call us on: 07740402323
In the instance where requests are for legal purposes, Moira Physiotherapy has the right to charge for time spent. Where a fee is deemed appropriate Moira Physiotherapy will not comply with any requests until the fee is received.
We reserve the right to amend our Privacy Notice at any time to meet the requirements of the GDPR and our role as a data controller and process