You may be aware of a new Data Protection Law being enforced later this month, on Friday, 25th May 2018. This new law is called GDPR (General Data Protection Regulations) and it exists to protect your personal data.
We wanted to assure you that as a Natural Health Practitioner, that we are taking this new law extremely seriously and would like to inform you what, how, why, where, when and in what capacity your confidential data is stored. Details are as follows:
What: When you became our patient, we set up a file for you which contains your personal medical records as well as our own clinic questionnaire and notes containing your medical situation per appointment with us. A basic profile is also stored electronically on the reception computer.
How/Where: We store your file and notes along with our other patients files and notes in a locked cupboard in our clinic at 2a Guildford Park Road, GU2 7ER. If we correspond by email regarding appointments, your email and data regarding appointments is stored on the reception computer backed up by the Google Cloud. Our clinic is protected by an alarm system. Please note that your data has not been and will never be shared online or with any other individual or organisation.
Why: Your data, notes and records are required by us so that we can prescribe the correct treatment each time you visit us for an appointment. Your profile is handled by us and our trusted receptionists who deal with appointment booking and payment taking. We or our receptionists also may need to contact you by phone or email regarding a change of appointment or giving out reminders one day prior to the treatment if you have opted in for text/phone call reminding service. On a yearly basis, at the beginning of January, we will send you an email detailing the changes as per inflation to our treatment prices.
When: We store this information from the time that you become our patient. We retain patients’ files for 8 years since their last visit at our practice in case they may need further treatment in the future. You may also inform us that you are no longer needing treatment from us and would like to have your records returned to you or destroyed, and we will act accordingly. For any customer who has not visited for more than 8 years, the patient file will be shredded and electronic profile be deleted from the computer.
Additionally: If it is necessary to write to your GP/consultant, we will need to get your permission before doing so.
If you require your records to be destroyed at any time, we will be happy to do this. We will need to receive either a letter or an email instructing us to do so. Your records will be shredded within 48 hours of receipt of your instruction.
GDPR requires us to obtain your reconfirmation for agreeing to hold your personal data in the above mentioned way. Current patients are asked to sign a paper agreement or reply the agreement through a newsletter that we have sent out.
Alternatively, if you disagree, then please write to us (firstname.lastname@example.org) or call us at 01483579500 and that you disagree and your data can either be destroyed or given to you (please state in your correspondence about your preference).
Thank you for your understanding and support.
Mark Mathews and Tim Jewers
Reve Pavilion Natural Health Clinic