Wiltshire Osteopaths Ltd Privacy and Data Protection Policy
(updated May 2018)
This policy sets out how Wiltshire Osteopaths Ltd a company registered in England and Wales with number 04885910, whose registered office is at Longacre House, Wilcott, Shrewsbury, Shropshire, England, SY4 1BJ, (“Wiltshire Osteopaths Ltd”. “we”, “us” and “our”) uses and protects any information that you provide when you use our services, website, mobile website or apps. Here you can read further information about how we use your data.
We are registered with the Information Commissioners Office, registration number ZA303825, and Sharon Watson also known as Sharon Dempster (a fully qualified osteopath) is responsible for our Information Governance.
As Registered Osteopaths, we adhere to the GOsC Osteopathic practice standards – which can be viewed at https://standards.osteopathy.org.uk/professionalism/d5/
Here is a summary of what is explained:
Our duty of confidentiality relates to all information we hold about our patients, including demographic data, and the dates and times of any appointments made. While maintaining confidentiality is a legal matter, it is also important in building a relationship of trust between osteopaths and patients.
In osteopathic practice, many patients come to us via ‘word of mouth’ recommendation. It is common to treat individually members from one family or from a common interest group, e.g. a choir, sports team. We will never disclose to a third party that we are treating an individual or a member within a group, or discuss details of their treatment plan, unless we have written and or legal authorization.
As our patient, you can expect your personal data to be:
- Processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and where necessary kept up to date
- kept in a form which permits identification of ‘data subjects’ (‘data subject’ refers to any living individual and allows that individual to be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, etc., In other words, a data subject is an end user whose personal data can be collected) for no longer than is necessary for the purposes to which those data are processed
- processed in a manner that ensures appropriate security of personal data.
You have rights under the General Data Protection Rules:
(‘subject access’) – enables you to find out what personal data we hold about you, why we hold it and who we disclose it to. The Data Protection Act gives you the right to request this data from us by making a written ‘subject access request’, SAR
- The right to be informed – the need for transparency over how we use your personal data
- the right of access – allows you to be aware of and verify the lawfulness of the processing
- the right to rectification- you are entitled to have personal data rectified if it is inaccurate or incomplete
- the right to erase – enable you to request the deletion or removal of personal data where there is no compelling or legal reason for its continued processing
- the right to restrict processing
- the right to data portability
- the right to object to
- rights in relation to automated decision making and profiling.
Your rights under General Data Protection can be viewed here https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Wiltshire Osteopaths Ltd will process your personal data that is consistent with:
In providing you with our services, we may handle your personal data. Personal data is information about you from which you can be identified, such as your name and contact details. Depending on what services you receive from us, this may include sensitive personal information such as medical information.
By providing your data and/or information, or by using our website or other online or digital platforms, you consent to the use of your data and information as described or referred to in this privacy notice. If we make a change to any of the ways in which we process personal information, we will update this web page with an updated date displayed at the top of this page, so please check back regularly for updates.
Confidential and Medical Information Held by Us
The confidentiality of your personal information is of paramount concern to Wiltshire Osteopaths Ltd, and we comply with UK data protection law and were applicable medical confidentiality guidelines issued by professional bodies such as the GOsC, General Medical Council and any relevant associations.
We request that you read this policy carefully to understand how we treat your personal data.
We do not collect personal information when you access our https://www.wiltshireosteopathy.co.uk/ website homepage and browse through the website without disclosing your personal data. However, you may give us information about you by filling in forms that may be available at our website or by corresponding with us by telephone, e-mail or otherwise. We will never ask you for your medical information/history or health details except during a face to face consultation with an osteopath, unless there is a very good reason to discuss your medical information/history by other means, and has been prior agreed by both parties. Your medical information, history, and treatment plan, if any, will remain confidential, and will only be disclosed to those involved with your treatment, treatment plan, or care, or in accordance with UK law and guidelines from any relevant professional bodies, or for the purposes of clinical audit (unless you object).
We have put in place physical, electronic and operational procedures intended to safeguard and secure the information that we hold about you. Our osteopaths, and other staff, have a legal duty to respect the confidentiality of your personal data and medical information, and access to this information is restricted only to those who have a reasonable need to access it. Currently, we do not store your medical information, history, or treatment plans on any digital medium, other than information required to operate our appointment management and billing application (JaneApp Clinical Management System (CMS). Medical information, history, and treatment plan data is securely stored locally in our clinics under lock and key, and access to these paper records is restricted to our osteopaths and administration staff that have signed a confidentiality agreement.
All data transferred between us, and our CMS is done through HTTPS secured (encrypted) point to point communication, if you have been given direct access to our CMS via JaneApp, then your access will be secure and managed through a name/password secured account; however, you should always check that you have a locked/green padlock symbol displayed in your browser (or whatever symbol your browser/app indicates when your Internet connection is secure), if in doubt contact us. Personal data (information to enable appointments, schedules and billing) is electronically stored on CMS on secure servers located in a secured SOC2; Type2-certified data centre.
Information submitted to Wiltshire Osteopaths Ltd through our website is normally unprotected until it reaches us when the URL starts with HTTP, if the URL starts with HTTPS, it is secure. Patients are requested not to send medical information, for example, by email or by other unsecured electronic platforms. All transmission of personal data, and or medical information via an unsecured platform is done at your own risk.
Data breaches will be detected by observing signs of unauthorized entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorized log on or change to permissions) on the computer system. Data breaches will be investigated and reported to the Information Commissioner’s Office by the appointed person. Patients will be informed if we believe a data breach has occurred. Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred. Their telephone number is 0303 123 1113
Information we may hold about you:
This includes information you provide when you:
- Visit and fill in a form on our website site
- visit one of our Clinics
- are booking an appointment with an Osteopath or other authorised Clinic administrators
- have a face to face meeting with our osteopaths
- are making an appointment with us via our online CMS (if available to you)
- subscribe to our email notifications and/or newsletter service
- participate in discussion boards or other social media functions on our website.
The following information may be collected – patient name, address, date of birth, email address, telephone numbers, GP details, past medical history, family medical history and case history for treatment carried out at our clinics. All information is given by the patient or their carer, parent or legal guardian; non-medical data (personal data) may also be collected via our websites.
- Details of services you have received
- patient experience feedback and treatment outcome information, you provide
- information about complaints and incident’s
- notes and reports about your health and any treatment and care you have received or need
- information from patient surveys, competitions and marketing activity’s
- recordings of calls we receive or make
- information we receive from other sources, including from your use of our websites and other digital platforms we operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information about you.
Information about you is collected when:
- You use our services
- you submit a query to us, for example, by email, telephone or social media, including where you reference Wiltshire Osteopaths Ltd in a public social media post
- you participate in any marketing activity.
We may also collect personal information about you from other people when:
- We liaise with your family, employer, health professional or other treatment or benefit provider. We may only share information in this way where you have provided your consent or in circumstances where you are incapable of giving consent, or we are unable, or it is not reasonable to seek your permission, or we are required to by law or in accordance with guidance from professional bodies,
- you use a third-party application to provide information to one of our mobile applications or websites.
Information about you may be shared by Wiltshire Osteopaths Ltd for all the purposes identified under “Using your information” to enable us to manage our relationship with you as a Wiltshire Osteopaths Ltd patient and update and improve our records.
Wiltshire Osteopaths Ltd works with other individuals and organisations to provide additional services to you, and this may involve them handling your personal data. This handling of your personal data may be done outside of the European Economic Area in countries with different data protection laws. In that case, we ensure that the confidentiality and security of your personal data is protected by contractual restrictions and service monitoring.
Using your information:
We use your personal data to provide you with our services, and to improve and extend our services. This may include:
- Responding to your queries
- supporting your medical treatment, care plan, or care and other benefits
- internal record-keeping and administration
- responding to requests where we have a legal or regulatory obligation to do so
- checking the accuracy of information about you, and the quality of your treatment or care, including auditing medical and billing information
- supporting your nurse, carer or other healthcare professional
- assessing the type and quality of care you have received and any concerns or complaints you raise, so that these can be properly investigated
- using your contact information to send you provider-related information
- using your contact information to send promotional material about new services, special offers or other information, we think you may find interesting (see ‘Keeping you informed’ below for more information)
- using your contact information to give you an opportunity to complete a patient satisfaction survey
- using your contact information to conduct and analyse market research.
We do not share your personal information with anyone outside of Wiltshire Osteopaths Ltd to use for their own purposes, except:
- When we have your permission
- when we are permitted or obliged to do so by law
- to protect the rights, property, or safety of Wiltshire Osteopaths Ltd, our patients, or others
- to detect, prevent and help with the prosecution of financial crime. For example, we may share information with fraud prevention or law enforcement agencies, and other organisations when required by law. If we suspect fraudulent activity, we may inform the person or organisation that administers or funds your Wiltshire Osteopaths Ltd services
- if there are other exceptional circumstances, and we are unable, or it is not appropriate to seek your permission
- if you receive services from Wiltshire Osteopaths Ltd and that service transfers to a new provider, in which case, we may disclose your personal data to the prospective seller or buyer of such business or assets; and/or, if all, or substantially all our assets are acquired by a third-party provider, in which case, personal data held about you will be one of the transferred assets, however, we will always first seek your approval.
We will only keep your personal information for as long as is necessary and in accordance with UK law, for example, for a minimum of eight years after your last consultation, or if the patient is a child, until their 25th birthday. Paper clinical records will be destroyed by shredding after 8 years or 25 years for children.
Keeping you informed:
Wiltshire Osteopaths Ltd would like to keep you informed about our services that we consider may be of interest to you (via mail, email, telephone or SMS). When we collect your information, we will ask you if you would like us to keep you updated in this way. We may use your personal data to:
- Decide which services we think are relevant to you
- decide which media, including social media platforms, would best be utilised to reach the patients who wish to receive marketing information
- contact you with details of our products and services, including displaying interest-based adverts via social media
- if you do not wish to receive marketing information about our products and services, or at any time, you change your mind about receiving these messages, please contact Sharon at Wiltshire Osteopaths Ltd Information Governance Team; contact details are given shown below.
If you have any data protection queries, please contact Sharon at Wiltshire Osteopaths Ltd Information Governance Team:
- Email: firstname.lastname@example.org (subject “Information Governance Team”)
- Write: Wiltshire Osteopaths Ltd, 15 Bridewell Street, Devizes. Wiltshire SN10 1NQ
- Telephone: +44 (0) 7737 416906
You should also contact the Wiltshire Osteopaths Ltd Information Governance team to request a copy of the personal data we hold about you and to ask us to correct or remove (where justified) any inaccurate information. There is no charge for providing you with a copy of your personal information. We may also ask you to provide additional documentation to confirm your identity, or if you are seeking to access personal information about another individual, proof of their consent or your legal right to receive their personal information.
We review and update this notice regularly.
Next review date – April 2018