BARNS DENTAL PRACTICE
Maintaining the security of your personal data is our priority and we are committed to respecting your privacy rights. We aim to be transparent about what data we collect about you and how we use it. Also we ensure you that we will process your data fairly and legally at all times in accordance with the new legislation which came into effect on 25th May 2018.
This policy will outline
- What data is being collected.
- What the legal basis for processing this data is.
- Who we share your data with.
- How your data will be used.
- Retention periods.
- What your legal rights are.
- Data breaches.
- Data Protection Officer.
WHAT DATA IS BEING COLLECTED?
Personal details such as Name, Address, DOB, Gender, telephone number, email address, Next of Kin, Occupation, Medical/Social History, GP can all be volunteered by you, the patient or guardian. Other necessary pieces of information including CHI numbers and medical reports can be obtained from your general practitioner or local health board. We also generate clinical notes, radiographs, referral letters and laboratory requests which we store within our database. Equally we can receive referral request, reports and clinical notes from a 3rd party. In order for us to provide a high quality service, it is essential that we are able to inform you of your next examination or appointment. We do this initially by text message, or it can be done by email or post. You can choose the method most convenient to you or opt out of this service should you feel you do not require it. Please inform any member of the reception or clinical staff of your choice.
WHAT IS THE LEGAL BASIS FOR COLLECTING THIS DATA?
We collect and process your personal data as it is necessary for the performance of a task in the public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care to you the patient.
HOW YOUR DATA WILL BE USED.
Your details will be used to help identify you and to allow us to deliver a high quality dental service tailored to your specific needs. We aim to inform you when your next examination or appointment is due and we do this initially by text message, or by email or post. You can choose the method most convenient to you or opt out of this service should you feel you do not require it. Please inform any member of the reception or clinical staff of your choice.
WHO WE SHARE YOUR DATA WITH.
In order to meet all your comprehensive dental needs we require to share your personal data with other outside institutions. These include dental laboratories, Practitioner Services Department – the branch of the NHS who oversee the branch of dentistry, hospital based services including oral surgery or medicine, dental specialties including orthodontics organisations and information technology services including Microminder, Software of Excellence and Kavo who ensure the smooth running of all our computer databases. All of these organisations are GDPR compliant and will only contact you directly in relation to your treatment. They will have their own privacy policies which can be accessed by contacting them directly.
We will hold your data on file for as long as you are a regular patient at the practice. If you fail to return for regular examinations, we will hold your data on file for 11years or in the case of a minor, until the age of 25yrs, where we will then archive it in accordance with the law.
YOUR LEGAL RIGHTS.
You have the right to know that your personal information will be processed lawfully, fairly and transparently and will only be used for specific purposes in relation to your dental needs. We will hold only what is necessary and relevant and in order for it to be accurate, we require you to inform us of any changes. All access to your personal information at the practice is password protected to prevent any unlawful use or loss and we regularly audit our policies to ensure compliance. Any breaches in policy will be recorded and reported to the Information Commissioner’s Office – ico.org.uk
You have the right to
- Ask for a copy of the personal data we hold about you (the right of access).
- Request that we delete personal data held about you; were we no longer have any legal reason to retain it (the right of erasure).
- Ask us to update and correct any out of date or incorrect data (the right of rectification).
- Opt out of any communication from us we may send you or object to us using your data if we have no legitimate reason for doing so (the right to object).
- Request us to supply you with a copy of the personal data we hold on you in a structured machine-readable format (the right to data portability).
If you wish to access any of your rights, please speak to member of our staff.
DATA SECURITY AND BREACHES.
All your personal data is password protected at the practice and will only be accessed and shared in accordance with your individual treatment needs. Outlined below is what constitutes a security breach and what we will do if one occurs to comply with new legislation.
A data breach is defined as ‘a breach of security leading to the accidental or unlawful destruction, loss alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed within the practice’.
This means that a breach is more than just losing data. Main causes of braches are loss or theft of paperwork; data sent to the wrong person by email; and data posted or faced to the incorrect person. Breaches also include deliberate attacks on computer systems; unauthorised access of data by staff; and insecure disposal of paperwork.
We are responsible for what happens to your data within the practice and also for the personal data that we pass on to any relevant third parties on your behalf. We have GDPR compliant contracts with these companies to ensure they too meet the standards outlined in the new legislation.
We will audit or activity within the practice to ensure we only access your data when necessary. However if a breach occurs and if it presents a risk to the rights and freedoms of the individual concerned, we are obligated to report this to the Information Commissioner’s Office – ICO.
All data breaches will be recorded within the practice and audited on a regular basis.
DATA PROTECTION OFFICER