April 2 2020
Your information and GDPR
Maple Motion Chartered Physiotherapy clinic- collects personal details and information relating to our patients’ health. Medical information is classed as sensitive data and termed as special category data under the General Protection Data Regulations (GDPR), effective 25th May 2018.
Why is information collected
The processing of personal and medical data is necessary so that we can deliver the best quality of physiotherapy care to you, the patient:
- Your date of birth is used as a unique identifier for your records.
- Your postal address allows us to post invoices, receipts and statements, or other requested information to you.
- Your email address allows us to send you confirmation of bookings, appointment reminders, invoices, receipts, statements, personalised exercise programmes or other requested information to you. You may also receive an e-surveys following completion of your treatments, and/or and e-newsletters, but only if you have subscribed to these.
- Your telephone number allows us to send text reminders of appointments and communicate with you outside of appointment times. You may also receive SMS/text news updates should you subscribe to same.
- Having next of kin contact details informs us of who to contact in the event of an emergency.
- We ask you whether you are a student or an OAP, as we offer a concession for same.
- We ask you for information regarding your current and past health so that a detailed and accurate physiotherapy assessment may take place and an appropriate physiotherapy plan put into action.
- We ask you for your occupation, as some occupational factors can contribute to musculoskeletal problems.
- We ask you to outline your hobbies, as some physical factors can contribute to musculoskeletal problems.
Who has access to your information
All staff members at Maple Motion Physiotherapy have access to client records. All staff members at Maple Motion Physiotherapy are bound by GDPR legislation, the Irish Chartered Society of Physiotherapy (ICSP) code of conduct, and the standards of conduct, performance and ethics of CORU (Regulating Health & Social Care Professionals).
Your information will not be shared with any personnel outside Maple Motion Physiotherapy unless you have given consent, except when;
- Requested by law
- In your best interests and you are unable to give consent
- In the public interest to prevent serious harm to others
How is your information stored and protected?
Maple Motion Physiotherapy has implemented appropriate operational and technical measures to safeguard your personal information:
- We use a patient management system called Drop box to record all patients’ personal and medical information. Drop Box is GDPR-compliant and has robust access and security measures to protect against unauthorised access, alteration, interception, disclosure, loss or destruction of any personal information.
- We use GDPR-compliant email and software packages, and our computers are fully up-to-date with password, firewall and antivirus protection so as to protect against unauthorised access, alteration, interception, disclosure, loss or destruction of any personal information.
- We use Drop box a GDPR-compliant accounts system for financial recording purposes.
- We employ the services of a website developer, IT support provider and SEO consultant to help us operate and safeguard our website and IT systems. These providers are bound by the terms of General Data Protection Regulations (GDPR) legislation.
- Old paper records (relating to patients who attended prior to the introduction of our electronic system) are stored in a staff-access-only site which is locked when not attended.
- All staff are trained on how to safeguard our patients’ personal information.
- In the unlikely event of a data breach, you will be notified immediately as will the Data Protection Commissioner.
Managing Your Information
Maple Motion Physiotherapy is committed to maintaining the accuracy and relevance of your personal data. To this effect:
- We will only ask for and keep information that is necessary.
- We will endeavour to keep your information as accurate and up to-date as possible.
- We request that you keep us informed of any changes to your contact details.
- Please inform us of any relevant changes to your health which may impact upon your physiotherapy care (e.g. medical diagnosis, treatments, investigations etc).
Use of information for training, teaching and quality assurance
It is usual for physiotherapists to discuss patient case histories as part of their continuing clinical education or for the purpose of training physiotherapists or physiotherapy students. In these situations, the identity of the patient concerned will not be revealed.
In other situations, however, it may be beneficial for other physiotherapists within the practice to be aware of patients with particular conditions and in such cases this practice would only communicate the information necessary to provide the highest level of care to the patient.
Patient satisfaction is extremely important to us; we welcome feedback either by written correspondence or email. This is an important measure for us to ensure that we are meeting our patients’ expectations.
Your right of access to your health information
You have the right of access to all the personal information held about you by Maple Motion Physiotherapy. If you wish to see your records, in most cases the quickest way is to discuss this with your physiotherapist who will review the information in the record with you. You can make a formal written access request to the practice and receive a copy of your medical records. These will be provided to you within 30 days, without cost.
Your right to amend the information held
Under GDPR legislation, all individuals have the right to have incorrect information that is held about them amended. If this was to arise within the notes held by Maple Motion Physiotherapy, the patient record would be “restricted” i.e. not used until the issue is resolved. However, if Maple Motion Physiotherapy deems the information to be accurate then no amendment will be made.
Your right to restrict the information held
You have the right to have the information we hold restricted;
- If you contest the accuracy,
- You need the information to establish, defend or exercise a legal claim,
- Or you object to the information held.
In this instance all treatment will be stopped until the issue is resolved. You also have the right to object to Mid West Physiotherapy holding your personal information on grounds relating to your particular situation and, as with restriction, all treatments will stop and the notes will become restricted until the issue is resolved.
Data retention period
We hold onto a patient’s personal information and medical records for a period of 10 years after their last treatment, or at the date of death. In the case of minors, we hold personal data until the age of 18, and for 10 years thereafter.
In the event that you do not consent to this policy
We require consent from the patient for us to collect and store their personal and medical data, in accordance with this Data Protection Policy. In the event that you do not wish to consent to this policy, we regret that we will be unable to provide you with physiotherapy services.
We hope that this policy document has explained any data protection queries you may have. If you have any questions please don’t hesitate to ask us for clarification.