Privacy Policy
At Harper Road Osteopaths we are all committed to protecting and respecting the privacy of anyone coming to use our osteopathy, massage and counselling services.
This statement explains when and why we collect personal data and how we use it and the conditions under which we disclose it to others.
By using our services you are agreeing to be bound by this policy.
If you have any questions regarding this Policy please send them to Victoria Diamond at victoria@victoriaosteo.co.uk
Date: 26/04/2018
Next Review: 26/04/2020
Author: Victoria Diamond
Personal Details and Consent
1. We need to collect personal information about your health in order to provide you with the best possible treatment.
2. Your requesting treatment and our agreement to treat you constitutes a contract.
3. You are free to refuse to provide the information we request, but without this information we may not have enough data for us to create a full diagnosis and provide the best treatment.
4. Because we work in the medical field we have a ‘Legitimate Interest’ in collecting the data because without it we would not be able to do our jobs effectively and safely.
5. We also have a ‘Legitimate Interest’ in providing you with appointment confirmations, appointment reminders, and aftercare advice.
6. Having a ‘Legitimate Interest’ means that we do not need to ask you for specific consent for these types of communications.
7. We do, however, need to ask you for specific consent to send you newsletters, information about events, or any other information that could be construed as marketing.
8. We do not do any direct marketing at the moment and have no plans to, but we have an ‘Opt in’ box on our case history forms allowing you to give consent to receive this material if we ever decide to do this. You can withdraw this consent at any time.
Personal Details; what we keep and for how long
We have a legal obligation to retain patient notes under our Code of Practice dictated by the GOsC for a minimum of 8 years and children’s notes should be kept until their 25th birthday.
Our patient notes must include:
1. Patients personal details (age, date of birth, telephone number, email and home address)
2. Any problems or symptoms reported by the patient
3. Relevant medical and family history
4. Clinical findings
5. Information and advice provided
6. Information given to the patient about risks of treatment
7. Records of Consent (we have forms for consent to Dry Needling and intimate area examination and treatment, Chaperone requests and we seek ongoing verbal consent for all other treatment, which we record in your file)
8. Treatment provided, reaction to treatment and ongoing evaluation of findings.
9. Any correspondence about the patient (with consent requested and recorded) with other health professionals.
10. Whether anyone else was present in the consultation.
Personal Details; where and how we store your data:
1. We store our case histories either on paper or electronically on the Cliniko system we use at the practice..
2. We keep paper files in a locked filing cabinet in a locked treatment room. The key to the cabinet is kept safe.
3. Your name, address, email address, date of birth and telephone numbers are additionally stored on a booking system called Cliniko regardless of whether the notes are also stored there.
4. When you first register with Cliniko you are asked whether you consent to our Privacy policy (which is this document). As stated we only need your consent to send you marketing. We otherwise have legitimate interest to process your data and this consent is not necessary.
5. Cliniko also provides details on how they store information about you and ask for your consent to this when you make an online booking. Their privacy policy is also available here: https://www.cliniko.com/policies/privacy
6. When we no longer need to store your data in Cliniko (after our statutory obligation to hold data for 8 years passes, or until you reach the age of 25years old and 8 years have passed), we will delete your records.
7. For patients who have been prescribed a program of exercise, we sometimes use a system called RehabMyPatient, which stores your name, date of birth and email address (for the purposes of being able to send you the exercise program) and no other data. This data is held securely. RehabMyPatient does use GoogleAnalytics to collect anonymised data which they use to improve the site. From this they record: the computer you used to access the site, your general location, how long you stayed on the site. The details are available in their Privacy Statement available here: www.rehabmypatient.com/gdpr. Their data is stored in a Digital Ocean data centre in London, who are GDPR compliant.
Controlling your Personal Details
You have rights concerning the information we hold about you:
1. You can request a copy of all the data we hold about you. Upon request we will provide you scanned copies of the personal data we hold.
2. If you change your name, address or email address, please contact us so that we can keep our data up to date.
3. You have the right to request erasure of your personal data that we are not legally obligated to keep for a minimum of 8 years.
4. We do not sell your information to third parties.
5. We do not share your data with third parties for marketing or any other purpose, without prior consent by you (for example sharing your data with other healthcare professionals)
6. We do not gather sensitive personal data such as political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or criminal convictions)
Data breaches and Complaints
1. If you wish to raise a complaint about how we handle your personal data, you can contact us directly and we will investigate the matter.
2. If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law, you can raise your complaint to the Information Commissioner’s Office (ICO). https://ico.org.uk/