Information we hold about you
In accordance with The Osteopathic Standards, Code of Practice Standard C8:
Dates of the consultations, personal details, your problems and symptoms, relevant medical, family and social history, clinical findings, information and advice you provide, whether this is provided in person or via the telephone, diagnoses and treatment plans, records of consent, investigation or treatment and the results, any communication with, about or from you, copies of any correspondence, reports, test results (X-Ray, MRI, Blood etc.), clinical response to treatment and treatment outcomes, whether a chaperone was present or not required, whether a student or observer was present.
Security
We are committed to protecting your privacy and will only use the information collected lawfully in accordance with the Common Law Duty of Confidentiality, the General Osteopathic Practice Standards and the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018.
Records are held on paper and we use a combination of best working practices and technology to ensure that your information is kept confidential and secure. (More detail can be found in our Data privacy policy)
Reception and management staff have access to your contact telephone numbers only, for administrative purposes, but do not have access to your medical records. The Legal Basis under which we hold your data. The lawful basis for processing special category health data for direct care is that processing is: the processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c).
The special category condition for processing for direct care is that processing is: ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…’ (Article 9(2)(h)).
Further use of data
Information may be used within this practice for clinical audits to monitor the quality of the service provided. Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – this practise will always gain your explicit consent before releasing the information for this purpose.
We may also use external companies to process personal information, such as for archiving and backup purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.
Record retention policy
We retain these records for 8 years after your last visit or if the patient is a child, until their 25th Birthday. (In accordance with The Osteopathic Standards, Code of Practice Standard D6 3.1, 3.2). This affects your right to erasure under the GDPR guidelines, as we have a lawful basis for retaining your records. Certain “personal data”, however, can be erased, such as your email address and your mobile telephone number. This practice will always gain your explicit consent before erasing or amending this information.
Subject Access Request
Right to access (Subject Access Request) or amend your records your request must be made in writing and signed will respond to your request within 1 month you will need to give adequate information and proof of identity. There will be NO CHARGE It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as your date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.