Privacy and Data Protection Policy
Andrea Douthwaite-Hodges, Trading as ADH Clinic
Name: Andrea Douthwaite-Hodges AAI, MAR, ITEC, HSE
Tel: Clinic: 01823 491 690 Mobile: 07748183280
Email: andrea@adh-clinic.com
ICO Reference Number: ZA776963
The GDPR (General Data Protection Regulation) May 2018 is the legal regulation that has been put in place to safeguard an individual’s personal information. The following privacy policy details the lawful basis for ADH Clinic to hold information, the type of information that ADH Clinic holds about clients, why that information is required, who it is shared with, how that information is used and protected and details the rights an individual has in terms of access to that information or requests for information held to be amended or deleted.
WHY THE INFORMATION IS REQUIRED
The lawful basis by which I hold this information is held under Special Category Data: Health
In order to provide effective and safe Stroke Rehabilitation, Massage, and Reflexology treatments, I require information about your current health and medical history, together with any medication you are taking. This information is used only to provide you with the best possible course of treatment as well as to enable me to offer you appropriate advice regarding your care.
I require your contact details to arrange appointment times with you, as well as your email address, so that exercise programmes and advice can be sent electronically. Paper copies can be given where necessary.
As a registered and fully insured Therapist with ARNI, (Action for Rehabilitation from Neurological injury). the AOR (Association of Reflexologists) and with NRPT (National Register of Personal Trainers and Massage Therapists), I abide by the codes of conduct and confidentiality requirements to comply with the aforementioned associations.
WHERE THE INFORMATION IS GATHERED FROM
ADH Clinic may collect personal information by:
- Email or text messages sent from individuals to ADH-Clinic
- Discussions with clients by phone during the consultation process and during subsequent treatments in person where paper notes may be taken. These will either be stored in a locked cabinet, or shredded after scanning onto a secure patient data base which is password protected.
WHAT INFORMATION IS HELD
ADH-Clinic may collect the following personal information:
- Name, title and date of birth.
- Contact information including email address, telephone numbers and home address.
- Emergency contact or next of kin details.
- Medical history and other health related information provided on the consultation form and discussed during the first and subsequent treatments.
- Treatment detail and assessment notes which will be recorded after each treatment.
- Follow up information which may be discussed with you by phone, email or text after your treatment.
- Diarised and electronic records of appointment times.
WHAT IS DONE WITH THE INFORMATION GATHERED
ADH Clinic requires this information to assess your current physical and medical needs prior to beginning your treatments in order to provide you with not only the appropriate treatment programme, but also to ensure your safety. Additionally the information is used at subsequent treatments in order to assess levels of improvement.
The information may be shared with another Massage Therapist or with another health practitioner should you be referred to one of these by ADH Clinic. This will only be done with your consent. Your information will not be shared with anyone else (other than required for legal process) without explaining the reason why this is necessary and obtaining your explicit consent.
The contact information you provide may be used by ADH Clinic to contact you in relation to appointment times or conversations regarding your treatment plan or matters regarding your current or past medical condition/s.
HOW LONG THE INFORMATION IS HELD FOR
For insurance purposes ADH Clinic is required to keep your information for a period of 7 years after your last treatment. Your data will not be transferred anywhere without your consent.
Disposal of Data: Once per year, ADH Clinic will review records and destroy any records that are no longer bound by the regulated legal timescale for such records to be held.
SECURITY POLICY
ADH CIinic is committed to ensuring that your information is secure in order to prevent unauthorised access or disclosure, Suitable physical, electronic and managerial procedures have been put in place to safeguard and secure the information that is collected both online and on paper.
The health information gathered is held on paper Consultation Forms and then shredded and transferred onto our secure data base, which is passcode protected. The data is also protected by the Microsoft software ADH Clinic uses. Any paper notes that are not loaded onto the electronic database are stored in a locked filing cabinet. Any information stored on my mobile phone is password protected, and all messages on the business phone are removed at the end of the working day.
DATA BREACH
In the event of a data breach which consists of a breach of security leading to destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, ADH Clinic understands ICO have to be notified where it is likely to result in a risk to the rights and freedoms of individuals. In the event of such a breach, ADH Clinic will notify those concerned directly and without delay.
AN INDIVIDUAL’S RIGHTS
The GDPR May 18 gives an individual:
- The right to be informed as to how personal information will be both used and held. This is contained within this document.
- The right to access your personal information so individuals know what is held about them and they can confirm it.
- The right to rectification if there is something incorrect or incomplete.
- The right to have information deleted.
- The right to limit how the information is used or shared.
- The right to portability. Under certain circumstances a copy of electronically held information can be requested so it can be reused in other systems.
- The right to object if there are certain parts of an individual’s information that they do not want used or to be used only for certain purposes.
- Rights in relation to automated decision-making and profiling.
- The right to lodge a complaint with the Information Commissioner’s Office. An individual can complain to the ICO if the individual feels the information held is incorrect, or not being used in the manor intended, when the permission was granted, or if information is being held unnecessarily. Full details of individual’s rights can be seen in the link below:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ - Should an individual wish to exercise these rights, the contact details at the start of the document should be used. In the event that an individual is dissatisfied with the response, then a complaint can be made to the Information Commissioner’s Office at www.ico.org.uk.
NOTES
If an individual does not agree to ADH Clinic keeping records of information about an individual and treatment records then it may not be possible to provide the therapy.
Additionally, Stroke Rehabilitation and Massage Therapists have to keep records of treatment for a specific period of time as described above which may mean that even if you ask for information to be erased, I might be bound to keep these details until the period has elapsed.