Appointed Person with responsibility for Data Protection: Katherine Terry Registered with the ICO: Yes
Who we are
Hands on Care Osteopathic Practice diagnose and treat health conditions. Treatments are carried out in accordance with the Institute of Osteopathy’s patient charter http://www.iosteopathy.org/osteopathy/the-patient-charter/. The practice also offers medical acupuncture.
Hands on Care Osteopathic Practice rents rooms to other therapist at the New Milton Clinic
Information Held
The following information is collected:
Patients: Name, address, date of birth, email address, phone numbers, emergency contact details, GP details, past medical history, family medical history and case history about the presenting complaint for which the person is attending the clinic. Information collected is sufficient for the purpose of making informed clinical decisions and to make appointments as well as to provide post treatment advice and exercise plans. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide treatment.
Room renters: Name, address, date of birth, email address, phone number and emergency contact details. Copies of insurance and qualifications held.
Data Collection
Patients: Data is collected orally on the phone by reception staff or practitioners to book appointments and take contact details. Further details such as address and emergency contact details are captured using and online form which will be sent out on booking the first appointment.
The reception service is provided by Best Reception who are GDPR compliant. They do not store or process your data.
Medical information is collected by osteopaths orally at a face to face appointment. All information is given by the patient or their carer, parent or legal guardian. We only collect data that is necessary in order to carry out treatment in accordance with the Osteopathic Standards as laid down by the General Osteopathic Council.
With your consent AI notes writing software may be used. The software Clinic Notes AI is GDPR compliant. All personal details are encrypted in transit and will not be stored beyond the temporary processing period by Clinic Notes AI after which they are deleted.
Room Renters: Data is collected on a paper or online form.
Data Processing and Consent
Patients: By requesting treatment and our offer to provide that care constitutes a contract. Data will be processed to meet our legal contractual obligations and provide you with the best possible treatment. You can withdraw your consent but we could not then continue to treat you. We have “legitimate” interest when collecting information about you so that we can do our job safely and efficiently.
Making contact with you to respond to enquiries, confirm appointments and update you on matters relating to your medical care constitutes as legitimate interest to you as a patient of our clinic.
For any marketing activities - explicit consent will be obtained by asking you to opt in on the New Patient Information and Consent sheet. We would like to send you the occasional newsletters/health information/update on clinic opening times etc. The program we use for distributing email newsletters is Peptalkr. If you later change your mind there is a link at the bottom of the newsletter to unsubscribe from this service or you can contact HOC at any time to remove your email from this list.
When patients return after a break in treatment, of 2 years or more, we will recheck their preferences for appointment conformation/reminders and for receiving newsletters.
We do not communicate directly with patients under the age of 16, all communication will go through their parent/guardian. There is a separate Patient Information and Consent Form for under 16’s.
Room Renters: By requesting to rent a room and our offer to provide that service it constitutes a contract. Data will be processed to meet contractual obligations. You can withdraw your consent but we would no longer allow you to rent a room. We have “legitimate” interest when collecting information about you.
Making contact with you to respond to enquiries, confirm room bookings and update you on matters relating to the clinic constitutes as legitimate interest.
We will ask for explicit consent regarding inclusion on our email newsletter. The program we use for distributing email newsletters is Peptalkr. If you later change your mind there is a link at the bottom of the newsletter to unsubscribe from this service or you can contact HOC at any time to remove your email from this list.
Data Storage
Patients and Room Renters: Online data for contacting and to book appointments is stored on Cliniko. Cliniko uses Amazon Web Services (AWS) and is a member of the Association of Cloud Infrastructure Service Providers in Europe. Cliniko is GDPR compliant.
Patients: Online data for providing post treatment advice and exercise plans is stored on Rehab My Patient. Rehab My Patient is GDPR compliant.
Patients and Room Renters: Online data for sending out patient forms and issuing appointment reminders is stored on Peptalk. Peptalkr is GDPR compliant.
Patients: Clinical records were historically hand written. Paper notes are stored in a locked filing cabinet in room 1 at the New Milton clinic. Access to the written notes is only permitted to myself and associate osteopaths. Clinical notes are now stored on Cliniko which is GDPR compliant. If written notes are transferred to the online system the written notes are destroyed.
Room Renters: Any paper forms will be stored in a locked filing cabinet in room 1 at the New Milton clinic. Data will also be entered into Cliniko which is GDPR compliant.
In the event of the death of the data holder, responsibility for patient / room renter records will fall to Michelle Hancock. She will be responsible for holding and managing access to the records.
Data disposal
Patients: Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children. After this period you can request that your records are deleted. Otherwise we will retain your records indefinitely in order that we can provide you with the best possible care should you need treatment at some future date.
If requested by the patient, or we know the patient will no longer be able to attend the clinic due to relocating etc. (after the minimum statutory requirements) records are destroyed by shredding or incineration, electronic records are permanently deleted from the system.
Room Renters: contact information and contracts will be kept for 8 years before disposal in case a client should make a claim against the clinic after a therapist has left/ relocated. After this time records are destroyed by shredding or incineration, electronic records are permanently deleted from the system.
Data Sharing
Only osteopaths who work for HOC will have access to patient treatment records but the admin team, including virtual reception service “Best Reception” will have access to your contact details so they can make appointments and manage your account. Bookkeeper and accountant will have access to the appointment booking information in order to compile yearly accounts. Medical information is only shared with other persons with patient’s permission. This would usually be with other health professionals. There is a tick box to give consent on the New Patient Information and Consent Form. We will also verbally ask for permission before contacting another healthcare practitioner and write this in the patient’s records. Patient information is never passed on to other practitioners, persons or companies unless compelled to, in order to meet legal obligations, regulations or valid governmental requests.
Room Renters: Basic contact information will be viable to osteopaths, admin team, book keeper and accountant. Information will not be shared with any other parties.
Data Checks
Patients: If a patient return after 2 or more years break from treatment we will ask them to fill in a Data Check list to ensure our records are up to date and to recheck consent to receive email conformation/reminders and newsletters. This is automated when online booking by selecting the exiting patient – not attended clinic in last 2yrs option.
Changes to general health and medication will be recorded on an ongoing basis as part of the case history taking at the beginning of every treatment session.
Subject Access Requests
Request to access what personal data is held should be directed to Katherine Terry. Identification will be required. A minimum of one piece of photographic ID listed and a second supporting document is required - copy of your driving licence, passport, birth certificate and a utility bill, not older than three months. If dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to info@handsoncare-osteopathy.co.uk or by phoning 01425 517017 or writing to us at Hands on Care Osteopathic Practice, Lush House, 64a Old Milton Road, New Milton, BH25 6DX.
Data is only released on receipt of a signed request from patients/ room renter or in exceptional circumstances. Any data sharing is detailed in the patient record.
Hands On Care Osteopathic Practice Information Security Policy
Access to clinical records is restricted to osteopathic practitioners who have signed a confidentiality agreement. At times admin staff may also have limited access to some paper records ie printing out letters for patients. Admin staff have also signed a confidentiality agreement.
There is a clear desk policy and computer screens are locked when unattended.
All electronic data is password protected and access to information can be restricted. Reception staff have limited access to Cliniko other than to schedule appointments, maintain basic patient records and take payments. Systems are kept updated and antivirus security systems are in place and updated. Authorized users are responsible for the security of their passwords and accounts.
Passwords are changed every 6 months and after any person leaves who had access to the online login details.
Data breaches will be detected by observing signs of unauthorized entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorized log on or change to permissions) on the computer system. Data breaches will be investigated and reported to the Information Commissioner’s Office by the appointed person. Patients will be informed if we believe a data breach has occurred.
Patients/ room renters may contact the Information Commissioner’s Office if they believe a data breach has occurred. Information Commissioner’s Office: 0303 123 1113
Hands on Care practitioners use their own Lopay machines for taking card payments or payments are make at time of booking through Stripe. No card data is stored electronically by Hands on Care. We do not print paper card receipts.