The practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR], the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.
The data controller and information governance lead is Rakhi Kakad. You will be asked to provide personal information when joining the practice. The purpose of us processing this data is to provide optimum health care to you. The categories of data we process are:
Personal data for the purposes of staff and self-employed team member management
Personal data for the purposes of [direct mail/email/text/other] marketing
Special category data including health records for the purposes of the delivery of health care
Special category data including health records and details of criminal record checks for managing employees and contracted team members
We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual’s permission before the referral is made and the personal data is shared. The lawful basis for processing special category data such as patients’ and employees’ health data is:
Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional. The lawful basis of processing personal data such as name, address, email or phone number is:
Consent of the data subject
Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Record Retention (M 215) procedure available from the practice. You have the following personal data rights:
The right to be informed
The right of access
The right to rectification
The right to erasure (clinical records must be retained for a certain time period)
The right to restrict processing
The right to data portability
The right to object
If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.
We welcome comments, suggestions and complaints so that we can continually improve our service to you. Please contact the Practice Manager, Rakhi Kakad, in person or by phone, letter or email if you have a comment, suggestion or complaint.
We take complaints very seriously and have an effective procedure to resolve any problems in the shortest possible time. You can read more about our procedures in our complaints policy, which is available from reception. We always want to have satisfied patients.
Should you wish to write to us, find the address below:
9a Hill Avenue, Amersham, Bucks, HP6 5BD
The practice is committed to complying with the requirements of the legislation governing patient confidentiality including: Access to Health Records 1990, Caldicott Guidelines 1997 - see the Data Quality Policy (M233-DPQ), Confidentiality Code of Practice 1998, Data Protection Act 2018, GDPR and the current GDC Standards.
All staff members are aware of their responsibilities for safeguarding patient confidentiality and keeping information secure and must have received appropriate training on the legislation requirements and the current GDC Standards to ensure that:
· No personal information given or received in confidence is passed on to anyone else without the patient's prior consent. To obtain consent a patient is advised what information will be released and why and the likely consequences of the information release.
· If a patient consents to sharing information about them the team member will ensure that all recipients of the information understand that it is confidential.
· If it is not necessary for a patient to be identified, they will remain anonymous in any information released.
· The duty to keep information confidential also covers originals and copies of a patient's photographs, videos or audio recordings, including those made on a mobile phone. No images or recordings will be made without the patient's permission.
· Patient information is kept confidential even after death.
Before releasing information without the patient’s permission, an effort is always made to either convince the patient to release the information himself or herself or give the practice permission to do so, with the details of the discussion fully documented in the patient record. If obtaining consent from a patient is not practical or appropriate or if the patient will not give their permission, the team member will obtain advice from their professional indemnity organisation before releasing it.
A patient’s information will only be released without their prior permission in the following exceptional circumstances:
· It is in the best interests of the public or the patient and the information released could be important in preventing or detecting a serious crime
· If a team member has information that a patient could be at risk of significant harm or may be a victim of abuse, in which case the appropriate care agencies or the police will be informed
· If a team member is required to disclose information by a court or a court order, in which case only the minimum amount of information necessary to comply will be released
The practice treats breaches of confidentiality very seriously. No team member shall knowingly misuse any confidential information or allow others to do so. Failure to comply with this policy may result in disciplinary action. For more information on the confidentiality policy, search for ‘principles of patient confidentiality' on www.gdc-uk.org.
The practice complies with the Data Protection Act 1998.
ICO Number: ZA241512
Due to a new change in the Data Protection Policy, the practice is now unable to send out text/email reminders or recalls without written permission. Should you wish to continue receiving this service, please sign below.
Your personal information is never passed to third parties for their own marketing, sales or promotions. We have strict arrangements with companies who process your data on our behalf. You can withdraw your consent anytime. If you wish to receive reminders, please email the practice at firstname.lastname@example.org, or sign a form at reception on your next visit.
CHARTER ON PATIENT SAFETY
Our practice has a safety culture which means that patient safety is at the forefront of everyone’s minds not only when delivering healthcare but also when setting objectives, developing procedures, purchasing new products and equipment. It is also a culture that is open and fair, where team members can discuss the challenges they face at work for the best interests of our patients.
All our team members are trained in safeguarding of children and vulnerable adults and follow the practice safeguarding procedures, which are regularly monitored and reviewed.
As a member of CODE, we are kept up to date with the latest changes to regulations and patient safety guidelines and regularly train the team at the practice.
We always welcome patients’ questions, comments and suggestions. Please contact us if we can help you in any way or if you have any questions about patient safety at our practice.
- Follow the latest infection prevention guidelines including those from NHS England.
- Use dental instruments that are single use, single patient use (where applicable) or are sterilised after each patient use
- Decontaminate work areas including the dental chair, hand held equipment and cupboard handles, in between patients
- Maintain a high standard of personal hygiene including clinical clothing and the restricted wearing of jewellery
- Monitor practice water for quality. Dental unit waterlines are disinfected and kept clear
- Handle waste according to current regulations and dispose of it with appropriate carriers
Take expert advice if a team member may have a blood borne infection.