Amanda Cook - Osteopath
Use of Personal Information
When you supply your personal details to this clinic they are stored and processed for 4 reasons (the bits in bold are the relevant terms used in the General Data Protection Regulation – ie the law):
1. I need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and my agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that I would not be able to provide treatment.
2. I have a “Legitimate Interest” in collecting that information, because without it I couldn’t do my job effectively and safely.
3. I also think that it is important that I can contact you in order to confirm your appointments with me or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
4. Provided I have your consent, I may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let me know by any convenient method.
YOUR MEDICAL RECORDS
I have a legal obligation to maintain medical records pertaining to your treatment, including associated correspondence such as referral letters and reports. I require your name, address and date of birth to identify your records correctly.
Your medical records are stored in word documents on my office computer. This is password protected, backed up regularly and the office is locked out of working hours.
Your contact details and copies of some correspondence are stored on paper, in a locked filing cabinet and / or on a secure server (1) accessible only by Amanda Cook. They are not passed on to any 3rd party, except: other healthcare professionals; if ownership of this practice changes; your insurance company or legal representative in the case of a medico-legal investigation. I would not do so without your consent.
I have a legal obligation to retain your records for 8 years after your most recent appointment (or age 25 (in the case of patients who were under 18 when treated) if this is longer), but after this period you can ask me to delete your records if you wish. Otherwise, I will retain your records indefinitely in order that I can provide you with the best possible care should you need to see me at some future date.
You have the right to see what personal data of yours I hold, and you can ask me to correct any factual errors. You may request a copy of your records, free of charge, at any time and I will comply within the statutory maximum of 30 days.
From time to time, I may have to employ an IT consultant to perform tasks, which might give them access to your personal data (but not your medical notes). I will ensure that they are fully aware that they must treat that information as confidential, and I will ensure that they sign a non-disclosure agreement.
I want you to be absolutely confident that I am treating your personal data responsibly and that I am doing everything I can to make sure that the only people who can access that data have a genuine need to do so.
For further information regarding the storage and processing of your personal data, or if you feel there is an error in the data I hold, please contact the GDPR Data Controller: Amanda Cook on 07903 585665, via email Amanda@amandacook-osteopath.uk or write to Amanda Cook – Osteopath, The Loft Clinic at The Craft Renaissance Gallery, Kemeys Commander. NP15 1JU.
Amanda Cook – Osteopath is registered with the Information Commissioner’s Office, registration number Z1070599
If you feel that Amanda Cook – Osteopath has not managed your personal information correctly, please contact me, Amanda Cook and I shall endeavour to address your concern immediately. You also have the right to object to the Information Commissioner’s Office at https://ico.org.uk/concerns/ or by phone on 0303 123 1113.
Last updated 21st May 2018
(1) implemented using Dropbox (https://www.dropbox.com/security/GDPR)