The data controller for True Physio Ltd is Andrew Byrne who can be contacted on e-mail at email@example.com, phone on 0161 972 0512 or at 20 Eastway, Sale, Cheshire, M33 4DX.
True Physio handles data for the purposes of providing professional services, having emergency contact details for our patients and keeping in touch with patients with information we feel would be interesting and useful.
Patients registered with us prior to 25th May 2018 will automatically continue to receive information from us via e-mail that we feel will be useful and interesting to them, but may opt out of this at any time. Those patients registered for the first time with us after 25th May 2018 will be asked on registration to opt in to receiving this information. We promise to only send information to our patients that we think they will find useful or that they might be genuinely interested in.
On occasion and with the express consent of the individual, we will share the minimum necessary information with third parties such as General Practitioners, Consultants or Referring Insurance companies for purposes of ensuring safe treatment and following the necessary procedures put in place by referrers of patients to us.
True Physio also holds staff data which is covered in the Employee Data Privacy Notice.
Our staff will have access to patient data for the purposes of providing professional services. All staff are required to attend regular Data Protection training to ensure compliance with the guidelines relating to that and specifically confidentiality.
We use Practice Management software which holds all patient data. The company (Nookal) is bound by strict security and privacy rules to keep data safe and confidential, and all information is kept securely within the EU. No data is shared with any companies outside the EU with the exception of the above mentioned Practice Management software which is an Australian company, although information is kept on UK servers.
Patient demographic data is kept electronically indefinitely for the purposes of improving customer services for repeat bookings, and to provide on-going useful information. Written information, such as clinical notes, is securely stored for a period of 7 years before being destroyed. This data is securely stored by a designated secure storage company who are bound by strict security and confidentiality rules. It is then destroyed in line with guidelines to ensure full destruction.
Patients can request that all their electronic information be removed at any time and we will carry out this request within 48 hours. Written clinical data has to be held by us to meet legal requirements for a minimum of 7 years and cannot be destroyed prior to this. Patients may also request access to the information we hold about them. This should be submitted in writing, and we will provide the information within 48 hours.
Patients may object to direct marketing and may opt out of this at any time without affecting other services such as appointment reminders.
If you are concerned or would like to complain regarding use of data, you can contact Andrew Byrne in the first instance, or you may register a complaint directly with the Information Commissioner’s Office.
Provision of information is done voluntarily, but some contact information is required for the logistics of providing services. Some medical information is also required to ensure that treatment is appropriate and safe. Failing to provide data regarding medical conditions when requested, can result in serious medical consequences.
On occasions, we are provided with patient information from referring Insurance companies. Where this occurs, information will be limited to the minimum required, and will be transferred securely in keeping with both our and their privacy policies.
If you have any queries regarding this policy, or how data will be handled, then please contact Andrew Byrne on the contact details at the start of this policy.