DUDLEY PHYSIOTHERAPY CLINIC
Dudley Physiotherapy Clinic wants you to be confident that the personal data we hold for you is safe and secure.
We collect your data in a number of ways and it is kept confidential at all times.
What data will be collected and by whom?
As a clinic, the data will be collected initially by the Reception staff and will be name, address, telephone number, date of birth and GP practice you are registered with. (This is your basic data)
The physiotherapist will then collect your recent medical history and a description of your current symptoms and concerns. (This is your sensitive data)
Where is my data stored?
Your basic data is stored on our desktop computer which can only be accessed by staff using 2 different passwords. No sensitive data is stored this way. Data may be used for analysis.
Your sensitive data is stored on our paper-based files only which is kept in locked cabinets when the clinic is closed. Once discharged the data is kept locked away for 8 years until is it shredded.
Will my Data be Shared?
The data will only be shared with the following and for the reasons given:-
GP – We may write to your GP if symptoms do not ease or get worse. This may be to ask for further investigations or to give them a report on your condition.
Insurance company – If you have been referred to us by an insurance company we may have to provide them with initial assessments and discharge reports.
Staff – in the course of completing their jobs staff may see sensitive information on your treatment notes. All staff have signed a confidentiality clause as part of their job contract.
Imaging Services – If we have to refer you on to an imaging service for MRI or ultrasound we have to give them your basic data such as address, DOB etc and then a brief history of the issue and why we are asking for you to be scanned.
Who has access to your data?
Physiotherapists have access to both basic and sensitive data to enable them to treat you.
Receptionists have access to your basic data. In carrying out their job they may see sensitive data but have signed confidentiality agreements.
GP – we may need to contact your GP or send them a report of your treatment/symptoms.
How your data will be used?
To enable the clinic to provide you with the best treatment possible.
To provide you with an invoice by post for payments due or a receipt for payments made.
To send you a text message reminder of appointments.
What legitimate interest does the clinic have for using your data?
As a healthcare provider Dudley Physiotherapy Clinic needs your data to complete your treatment and to allow us to comply with our legal requirements. Our lawful basis for processing your data is Consent and Legal Obligation.
What is considered as Special or sensitive data?
Health data (Including Genetic) is sensitive data. This is needed as a requirement to treat you. Other sensitive data Eg. Racial, political, religious, Biometric and sexual is not collected by us or recorded in any way unless you specifically ask for it to be recorded.
Right to be forgotten
You have the right under the law to ask companies to remove your data from their systems. We are able to do this but not until after 8 years have passed after you have been discharged. This is the legal minimum we have to keep your notes by law and this law over rules GDPR.
By consenting to this privacy notice you are giving us permission to process your personal data for the purposes identified above.
You may withdraw consent at any time either verbally or in writing to Stuart Elwell, Dudley Physiotherapy Clinic, 1a Parsons Street, Dudley, DY1 1JJ. Telephone 01384233306
Dudley Physiotherapy Clinic will not pass your data to third parties without first obtaining your specific consent. You will have to sign an agreement to this before any data is shared.