Appointed Person with responsibility for Data Protection: Katherine Terry Registered with the ICO: Yes
Who we are
Practitioners at Hands on Care Osteopathic Practice diagnose and treat health conditions. Treatments are carried out in accordance with the Institute of Osteopathy’s patient charter http://www.iosteopathy.org/osteopathy/the-patient-charter/. The practice also offers medical acupuncture.
Information Held
The following information is collected: Patient name, address, date of birth, email address, phone numbers, GP details, past medical history, family medical history and case history about the presenting complaint for which the person is attending the clinic. Information collected is sufficient for the purpose of making informed clinical decisions and to make appointments as well as to provide post treatment advice and exercise plans. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.
Data Collection
Data is collected orally on the phone by reception staff or practitioners to book appointments and take contact details.
Medical information is collected by osteopaths orally at a face to face appointment. All information is given by the patient or their carer, parent or legal guardian. We only collect data that is necessary in order to carry out treatment in accordance with the Osteopathic Standards as laid down by the General Osteopathic Council.
Data Processing and Consent
By requesting treatment and our offer to provide that care constitutes a contract. Data will be processed to meet our legal contractual obligations and provide you with the best possible treatment. You can withdraw your consent but we could not then continue to treat you. We have “legitimate” interest when collecting information about you so that we can do our job safely and efficiently.
Making contact with you to respond to enquiries, confirm appointments and update you on matters relating to your medical care constitutes as legitimate interest to you as a patient of our clinic.
For any marketing activities - explicit consent will be obtained by asking you to opt in on the New Patient Information and Consent sheet. We would like to send you the occasional newsletters/health information/update on clinic opening times etc. The program we use for distributing email newsletters is Peptalkr. If you later change your mind there is a link at the bottom of the newsletter to unsubscribe from this service or you can contact HOC at any time to remove your email from this list.
When patients return after a break in treatment, of 2 years or more, we will recheck their preferences for appointment confirmation/reminders and for receiving newsletters.
We do not communicate directly with patients under the age of 16, all communication will go through their parent/guardian. There is a separate Patient Information and Consent Form for under 16’s.
Data Storage
Online data for contacting patients and to book appointments is stored on Cliniko. Cliniko uses Amazon Web Services (AWS) and is a member of the Association of Cloud Infrastructure Service Providers in Europe. Cliniko is GDPR compliant.
Online data for providing post treatment advice and exercise plans is stored on Rehab My Patient. Rehab My Patient is GDPR compliant.
Online data for sending out patient forms and issuing appointment reminders is stored on Peptalk. Peptalkr is GDPR compliant.
Clinical records were historically hand written and stored in a locked filing cabinet at the home address of Katherine Terry, business owner. Access to the written notes is only permitted to myself and associate osteopaths. Clinical notes are now stored on Cliniko which is GDPR compliant. If written notes are transferred to the online system the written notes are destroyed.
In the event of the death of the data holder, responsibility for patient records will fall to Michelle Hancock. She will be responsible for holding and managing access to the records.
Data disposal (minimum 8 years, 25 years of age for children)
Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children. After this period you can request that your records are deleted. Otherwise we will retain your records indefinitely in order that we can provide you with the best possible care should you need treatment at some future date.
If requested by the patient, or we know the patient will no longer be able to attend the clinic due to relocating etc. (after the minimum statutory requirements) records are destroyed by shredding or incineration, electronic records are permanently deleted from the system.
Data Sharing
Only osteopaths who work for HOC will have access to your treatment records but the admin team, including virtual reception service “Best Reception” will have access to your contact details so they can make appointments and manage your account. Bookkeeper and accountant will have access to the appointment booking information in order to compile yearly accounts. Medical information is only shared with other persons with patient’s permission. This would usually be with other health professionals. There is a tick box to give consent on the New Patient Information and Consent Form. We will also verbally ask for permission before contacting another healthcare practitioner and write this in the patient’s records. Patient information is never passed on to other practitioners, persons or companies unless compelled to, in order to meet legal obligations, regulations or valid governmental requests.
Data Checks
If a patient return after 2 or more years break from treatment we will ask them to fill in a Data Check list to ensure our records are up to date and to recheck consent to receive email conformation/reminders and newsletters.
Changes to general health and medication will be recorded on an ongoing basis as part of the case history taking at the beginning of every treatment session.
Subject Access Requests
Request to access what personal data is held should be directed to Katherine Terry. Identification will be required. A minimum of one piece of photographic ID listed and a second supporting document is required - copy of your driving licence, passport, birth certificate and a utility bill, not older than three months. If dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to [email protected] or by phoning 01425 517017 or writing to us at Hands on Care Osteopathic Practice, Wessex Health Network, 17 Stour Road, Christchurch, BH23 1PL.
Data is only released on receipt of a signed request from patients or in exceptional circumstances. Any data sharing is detailed in the patient record.
Hands On Care Osteopathic Practice Information Security Policy
Information Security Policy
Access to clinical records is restricted to osteopathic practitioners who have signed a confidentiality agreement. At times admin staff may also have limited access to some paper records ie printing out letters for patients. Admin staff have also signed a confidentiality agreement.
There is a clear desk policy and computer screens are locked when unattended.
All electronic data is password protected and access to information can be restricted. Reception staff have limited access to Cliniko other than to schedule appointments, maintain basic patient records and take payments. Systems are kept updated and antivirus security systems are in place and updated. Authorized users are responsible for the security of their passwords and accounts.
Passwords are changed every 6 months and after any person leaves who had access to the online login details.
Data breaches will be detected by observing signs of unauthorized entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorized log on or change to permissions) on the computer system. Data breaches will be investigated and reported to the Information Commissioner’s Office by the appointed person. Patients will be informed if we believe a data breach has occurred.
Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred. Information Commissioner’s Office: 0303 123 1113
Hands on Care practitioners use there own Lopay machines for taking card payments or payments are make at time of booking through Stripe. No card data is stored electronically by Hands on Care. We do not print paper receipts.