|Home||Privacy, confidentiality and GDPR|
Under the new General Data Protection Rules 2018 we have a legal obligation to inform you as to why we need to collect information, store that information and assure you that we will keep those records safely and confidentially and not disclose them to unauthorised parties.
When you supply your personal details to this clinic they are stored and processed for 4 reasons .
1. We need to collect personal information about your health in order to provide you with the best possible treatment.
Your requesting treatment and our agreement to provide that care constitutes a contract. You can of course refuse to provide the information,
but if were to do that we would not be able to provide treatment.
2. We have a "legitimate Interest" as per 9.2 under the GDPR 2018 in collecting that information, because without it we could not fulfil our role effectively and safely.
3. We also feel that it is important that we can contact you in order to confirm your appointments with us or to update you on matters related
to your medical care. This constitutes "legitimate interest" but this time it is your legitimate interest.
4. Provided we have your consent we may occasionally send you general health information. You may withdraw that consent at any time and
just let us know by any convenient method that you do not wish to receive them further.
We have a legal obligation to retain your medical records for a minimum of 8 years after your last appointment or your last contact with ourselves,
or in the case of those under the age of 18, 8 years from your 18th birthday.
After this period of time you can ask us to delete or destroy your records if you wish.
We would advise against this as many patients return after some years and it helps us to review your old records to provide better health care. Otherwise we will retain your health records indefinitely in order that we can provide you with the best possible care should you need to see us
at some future date.
Your records are stored on paper and computer under strict supervision and are only accesible by practitioners and appropriate administration staff.
The computer records are password protected and encrypted.
Those held in the "cloud" are stored by a specialist medical service who have given us their assurance that they are fully compliant with the
The storage method meets the requirements of the GDPR 2018.
The paper records are only accessible by practitioners and appropriate administration staff and are kept locked out of working hours.
We never share any of your data with anyone else except under the following circumstances.
There are occasions where we may need to share information with another one of your health advisors to continue medical care.
We may need to liase with authorised legal departments in the case of claims by you or against you or with your permission.
We abide by strict rules of confidentiality and ethical responsibility at all times within this practice.