General Data Protection Regulation
Any information you share with me is handwritten on paper, stored in your patient file and locked in a filing cabinet. It is never photocopied or transferred to digital format. The only electronic data I hold, is information you send me on a mobile phone or via email, which is noted in your patient file, but will also leave a digital footprint. In electronic format I store your name, telephone number and/or email address to make, re-arrange and remind you of appointments, but only with your explicit consent. My mobile phone and laptop are password protected.
Who does it apply to?
What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be established by the information alone, or in conjunction with any other information in my (the data controller's) possession or likely to come into such possession, i.e. contact and appointment details.
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and the processing of genetic or biometric data for the purpose of uniquely identifying a person and data concerning health or data concerning a person's sex life or sexual orientation. Examples of special category data I hold about you will include your patient notes.
For my current, prospective and former patients
I use your name, telephone number and email address to make and re-arrange appointments. I am unable to send or receive encrypted emails so you should be aware that any emails I send or receive may not be protected in transit. Any emails sent to me, including file attachments, may be monitored for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send me is within the bounds of the law.
I keep a paper diary in which I records all appointments in my clinic, for book-keeping purposes, and to secure potential evidence in the event of a criminal prosecution, civil litigation, insurance claim or complaint to the British Acupuncture Council.
I may use your date of birth and address to help identify patients. This is to avoid mistakes being made as to safe and appropriate treatments, for identification purposes if referring a patient to another health practitioner, and for identification purposes if writing to a registered medical practitioner (with your permission). For the purposes of making a full traditional diagnosis, formulating a treatment strategy and treatment planning I collect details of your health complaints, symptoms, medical and family history as you report. I review these records to see how you are progressing and I record any advice or information I have given you.
I record your GP's name and address in the event that I may need to contact your GP in an emergency, because it is a mandatory requirement in the British Acupuncture Council Code of Professional Conduct.
I keep accident records of any patient and visitors who are involved in accidents at my clinic in accordance with UK Health and Safety legislation. This includes the Reporting of Injuries, Disease and Dangerous Occurrences Regulations (RIDDOR) to comply with the law and secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
Any potential claims in the event of an adverse incident are reported to the British Acupuncture Council and my insurance company. When my patient begins treatment, they or their next of kin sign an informed consent. This is stored to present as evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
If I receive a complaint from a person, details are kept in paper format in the patient file. Information relating to a complaint will be retained for two years from closure. Some personal information may be shared with the British Acupuncture Council and my insurance company if deemed necessary. The paper file is only accessed by me (the practitioner) and is locked away in a cabinet.
When someone visits my website, I do not collect personally identifiable information and no user specific data is collected by me. I use a third party service to host my website that includes a contact form linked directly to my email.
Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with:
For further details about the situations when information about you might be shared please see the Information Commissioners website.
How long do I keep your personal data?
I keep patient records for a period of seven years in accordance with the British Acupuncture Code of Professional Conduct. Paper notes will then be shredded if you have ceased visiting the Clinic.
I can give you a copy of your patient notes if you put your request in writing. This request will be stored in your paper notes for a period of 7 years.
If there are any changes to your personal data, your patient questionnaire form will be updated.
If I am ill and you wish to visit another practitioner, I can give them a treatment summary with your permission. If I die, all files will be destroyed by confidential means.
Please contact me in the first instance if you have a query about your personal data. My contact details are available on the contact page of this website.
You can contact the Information Commissioners Office on 0303 123 1113 or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.