General Data Protection Regulation 2016/679 (GDPR).
All of the information you share is stored in a paper format in your patient file, locked in a storage cabinet. The only electronic data is that which you send to me via a mobile phone or email. This is printed out or noted in your patient file and then deleted from my mobile phone or laptop. My mobile phones and laptops are password protected.
Whose information does this privacy notice apply to?
- prospective patients;
- former patients;
- visitors to our website;
What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data we may hold about you include your contact and appointment details.
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Examples of special category data we may hold about you include your patient notes.
For my patients, prospective patients & former patients
I use your name, telephone number and email address to make and rearrange appointments. I am unable to send or receive encrypted emails so you should be aware that any emails I send or receive might not be protected in transit. I will also monitor any emails sent to me, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send me is within the bounds of the law.
I keep a paper diary, which records all appointments in my clinic, for tax purposes and to secure potential evidence in the event of a criminal prosecution, civil litigation, insurance claim or complaint to The British Acupuncture Council.
I may use your date of birth and address to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment, for identification purposes if referring a patient to another health practitioner, and for identification purposes if writing to a registered medical practitioner (with your permission) so that they correctly identify the patient.
For the purposes of making a full traditional diagnosis, formulating a treatment strategy and treatment planning I collect your presenting complaint, symptoms, medical and family history as you report. I review these records to see how you are progressing. I record any advice or information I have given you
I record your GP’s name and address in the event that I may need to contact your GP in an emergency and because it is a mandatory requirement in the British Acupuncture Code of Professional Conduct
I keep accident records for any patients and any visitors who are involved in accidents at my clinic in accordance with UK Health and Safety legislation including the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with the law and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
Any potential claims in the event of an adverse incident are reported to the British Acupuncture Council and my insurance company.
When my patient begins treatment they or their next of kin sign an informed consent. This is stored to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
When I receive a complaint from a person details are kept in paper format in the patient file. Information relating to a complaint will be retained for two years from closure. Some personal information maybe shared with the British Acupuncture Council and my insurance company if deemed necessary. The paper file is only accessed by the practitioner and is locked away in a cabinet.
When someone visits my website I do not collect personally identifiable information. No user-specific data is collected. I use a third party service to help maintain the security and performance of my website.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared:
- with named third parties with your explicit consent;
- with the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which we are subject e.g. a court order;
- with your doctor or the police if necessary to protect yours or another person’s life;
- with the police or a local authority for the purpose of safeguarding a children or vulnerable adults; or
- with my regulatory body, the British Acupuncture Council, or my insurance company in the event of a complaint or insurance claim being brought against me; or
- my solicitor in the event of any investigation or legal proceedings being brought against me.
I can give you a copy of your patient questionnaire, consent to treat & treatment notes if you put your request in writing. This request will be stored in your paper notes for a period of 7 years.
How long do I keep your personal data?
I keep patient records for a period of 7 years in accordance with the British Acupuncture Code of Professional Conduct. Paper notes will then be shredded if you have ceased visiting the clinic
If there are any changes to your personal data your patient questionnaire form will be up dated.
If I am ill I can give you a colleagues contact number to commence treatment with them if you so wish and can give them a treatment summary with your permission. If I die my colleague will safely store your file.
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
I keep my privacy notice under regular review, and I will make new versions available on my privacy notice page on Sharon Hansford Acupuncture This privacy notice was last updated on 26th October 2022
Please contact me in the first instance if you have a query about your personal data. Sharon Hansford 0798 8798 295
You can contact the Information Commissioners Office on 0303 123 1113 or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF. www.ico.org.uk.