We are a data controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation, and this notice describes our procedures for ensuring that personal information about you is processed lawfully and fairly. We take your privacy seriously and will only ever use the information you provide as detailed in this notice. We do not do direct marketing for our products or services and will never contact you via social media, phone call or e-mail regarding promotions etc.
WHAT PERSONAL DATA DO WE HOLD?
For identification purposes and in order to provide you with a high standard of dental care and attention, we need to hold the following personal information.
- Your past and present medical and dental conditions.
- Personal details such as your date of birth, Health & Care number, address, phone number, email address and details of your medical practitioner.
- Your bank details, if you are a member of our payment plan or use our finance options.
- Radiographs, clinical photographs and study models.
- Information about the treatment that we have provided, treatment options and outcomes and costs.
- Notes of conversations or incidents that may occur for which a record may need to be kept.
- Records of consent to treatment.
- Any correspondence relating to you with other healthcare professionals, i.e. hospital, community, orthodontics, oral surgery and oral cancers.
WHAT ARE THE RISKS ASSOCIATED WITH HOLDING YOUR DATA?
There is a security risk with any company who hold personal data about an individual as it can be unlawfully obtained if it is not properly protected. As a practice we are committed to ensuring the security of your personal data through confidentiality, physical security measures and appropriate software controls therefore limiting potential theft of such information.
WHY DO WE HOLD INFORMATION ABOUT YOU?
We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care. We also need to process personal data about patients in order to provide care under NHS arrangements and to ensure the proper management and administration of the NHS.
HOW DO WE OBTAIN THIS INFORMATION?
Registering with the practice as a new patient, requires you to fill in a confidential personal information form which includes some of the aforementioned personal details. These details are entered into our computer software system and are routinely updated every 6 months.
HOW LONG ARE YOUR DETAILS KEPT?
We will retain your records whilst you are a practice patient, and after you cease to be a patient, for at least 11 years or, for children, until age 25, whichever is the longer.
HOW SECURE ARE THEY?
Personal data about you is held on the practice computer system and/or in our manual filing system. The information is not accessible to the public and only authorised members of staff have access to it.
DO WE SHARE YOUR INFORMATION?
In order to provide safe and proper dental care, we may need to disclose personal information about you to:
- Your medical practitioner.
- The hospital or community services
- Other health professionals caring for you.
- NHS payment authorities.
- Inland Revenue.
- The Benefits agency, if you are claiming exemption or remission from NHS charges.
- Private dental schemes of which you are a member
Disclosure will take place on a ‘need to know’ basis so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of government will be given the information. Only the information that the recipient needs to know will be disclosed. In very limited circumstances, or when required by law or a court order, personal data may have to be disclosed to a third party not connected to your health care. We do not currently transfer any information outside the EU. In all other situations, disclosure will only occur when we have your specific consent. Where possible, you will be informed of these requests for disclosure.
DO YOU HAVE A RIGHT TO YOUR OWN RECORDS?
You have the right of access to the data that we hold about you and to receive a copy. Access may be obtained by making a request in writing. We will require photographic evidence of your identity before being able to comply with the request. We will provide a copy of the record, and an explanation of the record if required, within 30 days of the request.
DO YOU REQUIRE TO GIVE CONSENT FOR DISCLOSURE OF YOUR INFORMATION?
Yes, our confidential personal information forms provide a section about consenting for us to pass on your details to a consultant/specialist/laboratory if needed. This is a yes or no answer and is routinely updated every 6 months so you will be continually reminded to freely give consent. If you do not wish personal data that we hold about you to be disclosed or used in the way described in this policy, please discuss the matter with your dentist, however this may affect our ability to provide you with necessary dental care.
OUR PROMISE TO YOU
The team at Moira Dental Care is committed to ensuring the security of your personal data and will do our very best to protect it. We shall achieve this by ensuring our staff members comply with the following security measures;
- All staff employment contracts contain a confidentiality clause.
- Access to personal data is on a ‘need to know’ basis only.
- We have procedures in place to ensure personal data is regularly reviewed, updated and deleted in a confidential manner when no longer required.
Personal data is only taken away from the practice premises when absolutely necessary. If personal data must be removed from the practice it will never be left unattended e.g. in a car or public place.
Old written records (prior to computerising records) are kept in a fire proof locked cabinet in a locked room, which is not accessible by patients or visitors to the practice.
Efforts have been made to secure the practice against theft by, for example, intruder alarms which are connected to the police line and we also have lockable windows. The alarm code is changed regularly and only key holders have access to the code. Metal bars have been erected outside the basement rear window.
The practice has in place a business continuity plan in the case of a disaster. This includes procedures set out for protecting and restoring personal data.
Information Held on Computer
- Appropriate software controls are used to protect computerised records, e.g. the use of passwords and encryption. Every staff member has an access password to our software system. They are changed on a regular basis and are not written down or kept near or on the computer for others to see. Each staff member know only their own password and our software system can provide a full audit trail of amendments made to data, who made them and when.
- Daily backups of computerised data are taken and stored in a fire proof container. Back-ups are tested daily to ensure that the information being stored is usable should it be needed.
- Staff using practice computers will undertake training to avoid unintentional deletion or corruption of information.
- Precaution are taken both with our software and hardware to avoid loss or hacking of data from an unknown source through anti-malware and anti-virus installations.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Practice Manager, Marilyn Todd at Moira Dental Care, 77 Main Street, Moira, and we will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 03031231113