What data do we store?
As you are probably aware, new regulations have come into effect with regards to how customer personal data is handled and stored by companies.
As a physiotherapy practice, all staff, including non-clinical staff, are aware of data protection regulations as it relates to their role in the business.
In terms of the stored data, we retain a mixture of computerised and handwritten records relating to your treatment with us. The new regulations do not require us to amend the way we store your data, as we already meet those standards as imposed by our professional governing body and the current data protection legislation, but we would like to inform you of the type of data we store, how we use it and your rights.
Computerised data (typically your name, date of birth, address and telephone contact details) is stored on our software database which is password protected. Additionally, all computers are themselves, password protected. We also use security software to ameliorate the risk from cyber attack.
Such information is typically given to us by a referring doctor or insurance company, as well as through clients who refer themselves to us.
Handwritten records, which detail the treatment you receive, are stored in either a locked cabinet or a locked storage room. These records may include copies of letters to or from your doctor, hospital specialist or insurance company.
Visitors to our website:
Our website is hosted by Wix.com. Should you visit the site or email us with a query, we can assure all visitors that:
we will never email you with any marketing communications, promotions or updates
we will never pass on your details to any 3rd party for any reason
we will only use your email address to respond directly to any question you have posed
When might we share your personal data?
An example of when we may divulge your personal data is when writing to your doctor, hospital specialist or a trusted 3rd party such as your medical insurance company or your legal representative, in cases where you may be receiving treatment as a result of an injury sustained at work or in a road traffic accident.
We occasionally receive requests from legal representatives or insurers to forward copies of your treatment records but this will only be granted if they enclose a consent formed signed by yourself. Additionally, we will generally contact you to inform you that we have received such a request and ask you to confirm in person that you are happy for us to proceed.
Access to medical records:
As a patient, you have the legal right to request to see or to copy your physiotherapy records that we retain at any time, allowing for our own administrative constraints.
Destruction of medical records:
All medical records need to be retained for at least 8 years by law in case of issues relating to a patient’s health, complaints or legal action. In general, notes which have not been updated within 8 years will be destroyed. In the case of children, records will be destroyed by their 25th year.
Payment by Credit/Debit cards:
All direct payments made on our company card machine adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our clinic and its service providers.
If you would like to access, correct, amend or delete any personal information we have about you, you are invited to contact us at firstname.lastname@example.org or through our website.