07715 581554

enquiries@hancockosteopathy.co.uk

Hancock Osteopathy Practice PRIVACY POLICY

Appointed Person with responsibility for Data Protection: Michelle Hancock

Registered with the ICO: Yes

Information Held

The following information is collected: Patient name, address, date of birth, email address, phone numbers, GP details, past medical history, family medical history and case history about the presenting complaint for which the person is attending the clinic. Information collected is sufficient for the purpose of making informed clinical decisions and to make appointments.

Data Collection

Data is collected orally on the phone by reception staff or practitioners to book appointments and take contact details. Medical information is collected by osteopaths orally at a face to face appointment. All information is given by the patient or their carer, parent or legal guardian. We only collect data that is necessary in order to carry out treatment in accordance with the Osteopathic Standards as laid down by the General Osteopathic Council.

Data Processing and Consent

Data is collected orally on the phone by reception staff or practitioners to book appointments and take contact details. Medical information is collected by osteopaths orally at a face to face appointment. All information is given by the patient or their carer, parent or legal guardian. We only collect data that is necessary in order to carry out treatment in accordance with the Osteopathic Standards as laid down by the General Osteopathic Council.

Data Processing and Consent

By requesting treatment and our offer to provide that care constitutes a contract. Data will be processed to meet our legal contractual obligations and provide you with the best possible treatment. You can withdraw your consent but we could not then continue to treat you. We have “legitimate” interest when collecting information about you so that we can do our job safely and efficiently.

Making contact with you to respond to enquiries, confirm appointments and update you on matters relating to your medical care constitutes as legitimate interest to you as a patient of our clinic.

For any marketing activities - explicit consent will be obtained by asking you to opt in on the New Patient Information form. We would like to send you the occasional newsletters/health information/update on clinic opening times etc. The program we use for distributing email newsletters is Mailchimp. If you consent your email address will be stored on a Mailchimp Account. To unsubscribe you can contact Hancock Osteopathy at any time to remove your email from this list.

When a patient returns after a break in treatment, of a year or more, we will recheck their preferences for appointment conformation/reminders and for receiving newsletters.

We do not communicate directly with patients under the age of 16, all communication will go through their parent/guardian. There is a separate Patient Information and Consent Form for under 16’s.

Data Storage

Online data for contacting patients and to book appointments is stored on Cliniko. Cliniko uses Amazon Web Services (AWS) and is a member of the Association of Cloud Infrastructure Service Providers in Europe. Cliniko is GDPR compliant.

Clinical records are either hand written and stored in a locked filing cabinet in the treatment room Lymington Centre, Cannon Street, Lymington, SO41 9BQ. Access to the cabinet is only permitted to myself.

Data disposal (minimum 8 years, 25 years of age for children)

Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children. After this period, you can request that your records are deleted. Otherwise we will retain your records indefinitely in order that we can provide you with the best possible care should you need treatment at some future date. If requested by the patient, or we know the patient will no longer be able to attend the clinic due to relocating etc. (after the minimum statutory requirements) records are destroyed by shredding or incineration, electronic records are permanently deleted from the system.

Data Sharing

Only osteopaths who work for Hancock Osteopathy will have access to your treatment records but the admin team at the Christchurch Practice with Hands on Care will have access to your contact details if you book into the Christchurch clinic, so they can make appointments and manage your account. Information is only shared with other persons with patient’s permission. This would usually be with other health professionals. We will ask for your permission at the time of any referral or contact to a health care practitioner for example your GP, which you may refuse. Patient information is never passed on to other practitioners, persons or companies, unless to compelled to in order to meet legal obligations, regulations or valid governmental requests.

Data Checks

If a patient returns after a year or more break from treatment we will ask them to update us with any changes to ensure our records are up to date and to recheck consent to receive email conformation/reminders and newsletters. Changes to general health and medication will be recorded on an ongoing basis as part of the case history taking at the beginning of every treatment session.

Subject Access Requests

Request to access what personal data is held should be directed to Michelle Hancock. Identification will be required. A minimum of one piece of photographic ID listed and a second supporting document is required - copy of your driving licence, passport, birth certificate and a utility bill, not older than three months. If dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to michelle@hancockosteopathy.co.uk or by phoning 077 1558 1554 or writing to us at Michelle Hancock, Hancock Osteopathy, The Lymington Centre, Cannon Street, Lymington, Hampshire, SO41 9BQ.

Data is only released on receipt of a signed request from patients or in exceptional circumstances. Any data sharing is detailed in the patient record.

Hancock Osteopathy Practice Information Security Policy

Information Security Policy

Access to clinical records is restricted to osteopathic practitioners who have signed a confidentiality agreement, at present this is only Michelle Hancock. At times admin staff (if booked at the Christchurch clinic) may also have limited access to some paper records ie printing out letters for patients. Admin staff have also signed a confidentiality agreement.

There is a clear desk policy and computer screens are locked when unattended, the treatment room is locked if Michelle Hancock is not in the room.

All electronic data is password protected and access to information can be restricted. Only Michelle Hancock has access to personal medical history and osteopathic treatment notes, the Christchurch reception staff have limited access to Cliniko which allows them to schedule appointments, maintain basic patient records and take payments only. Systems are kept updated and antivirus security systems are in place and updated. Authorized users are responsible for the security of their passwords and accounts.

Passwords are changed every 6 months and after any person leaves who had access to the online login details.

Data breaches will be detected by observing signs of unauthorized entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorized log on or change to permissions) on the computer system. Data breaches will be investigated and reported to the Information Commissioner’s Office by the appointed person. Patients will be informed if we believe a data breach has occurred.

Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred. Information Commissioner’s Office: 0303 123 1113

Hancock Osteopathy use a ‘Sum up’ device for Card Payments. No card data is stored electronically and no paper receipts come from this device. The use of a protected and pass worded mobile phone is used for the ‘sum up’ application to work- this only keeps a record of the last four digits of your card number in order to track payments or queries. No other information is recorded or can be access by those other than Michelle Hancock.

About our cookies