GDPR: General Data Protection Regulation Policy. May 2018.
What information is being collected? As part of visiting me as a practitioner I will need to have a record of your personal details, date of birth, address, telephone numbers, email and relevant medical information relating to your consultation. Personal data about your presenting symptoms and treatment provided will also be documented in detail. You have access to this information at all times and all data will be held in a locked filing cabinet. No client files are left on surfaces for other clients to read and no client details are kept electronically.
Who is collecting it? I will be collecting data at the start of your first consultation. Some information may be requested by email or text message to ensure the smooth running of your treatment. On occasion data from relevant medical notes/letters and scans may also form part of the data collected and held by me.
How is it collected? Collection of data will happen via a questionnaire, note taking, secure email, text messages, occasionally photographs and letters by mail. No personal data will be collected via social media.
Why is it being collected? Data is collected to record, guide and supervise the your progress and be able to communicate effectively with the you for the best outcomes. It is also used to compare progress and to highlight changes, red flags, action to be taken and a detailed dialogue of treatment provided.
How will it be used? Data will be used to communicate appointments, session information, progress, relevant referrals, and relevant consented media.
Who will it be shared with? Data is rarely used to communicate and be shared outside of the clinical environment. On occasion you may be asked for permission for the information to be shared with another practitioner or medical service for referred treatment but full permission will be requested first.
Client experiences can be shared with the public with full consent from the client themselves. This will be taken in on a consent form signed by the client prior to sharing.
What will be the effect of this on the individuals concerned? There will be no data leakage with regards to clients. No data is shared with 3rd parties without consented permission. No data is sold to third parties for business or marketing reasons.
No data is held on phones unless encrypted with a pin number/finger print recognition. No phones are left unattended. Lost/stolen phones need to be locked remotely to prevent 3rd parties reading any sensitive information.
No sensitive/identifiable data is sent by email together in the same posting. All computers/laptops and tablets are locked with passcodes and not left unattended