GDPR COMPLIANCE – GENERAL DATA PROTECTION REGULATION
BUSHEY OSTEOPATHIC CLINIC STATEMENT
At Bushey Osteopathic Clinic (BOC) we diagnose and treat health conditions in accordance with the General Osteopathic Council (osteopathy.org.uk)
Michael Morton, Geri O’Rawe, Daniela Pavlidi and Steve Bell (Osteopaths) based at Bushey Osteopathic (BOC) at 17 London Road, Bushey, WD23 2LA, are pleased to provide the following information regarding your personal data:
PERSONAL DATA, CONSENT AND DISCLOSURE
In sharing your personal data with BOC you will be consenting to us obtaining and logging said data (I.e. Your contact information, details of your medical history – but only that which is relevant and necessary for treatment, details of any medication being taken, and information pertinent to your osteopathic treatment), and to BOC maintaining these records.
THIS DATA IS ALWAYS HELD SECURELY and is not shared with anyone not involved in your treatment, although for data storage purposes, it may be handled by pre-vetted staﬀ, who have all signed an integrity and conﬁdentiality agreement.
To be able to process your personal data, it is a condition of any treatment that you give your explicit consent to allow Osteopaths to document and process your personal data.
Contact details provided by you (telephone numbers, email addresses, postal addresses may be used to remind you of appointments, provide reports or other information regarding your treatment, and to respond to your enquiries. OSTEOPATHS WILL NOT DISCLOSE YOUR INFORMATION UNLESS COMPELLED TO, in order to meet legal obligations, regulations or valid government requests. BOC may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions, to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staﬀ.
Osteopaths may occasionally act on behalf of its patients in the capacity of data processor, when we may promote other practitioners based at our premises, who may not be employed by us. Osteopaths will only collect the information needed, so that we can provide you with the services you require. BOC WILL NOT SELL OR BROKER YOUR DATA. Your data will not be shared with outside parties unless it is felt relevant or beneﬁcial to your treatment e.g conferring with another practitioner or forwarding information (not your actual ﬁle) when booking an MRI/x-ray, where basic information (relevant medical history/Osteopathic treatment and contact details) will be required. Your consent will gained prior to any such action.
BOC kindly request that you inform them of any changes in circumstances such as change of address/telephone numbers to enable us to keep your details up to date.
LEGAL BASIS FOR PROCESSING ANY PERSONAL DATA is to meet our contractual obligations obtained from explicit Patient Consent. The legitimate interests pursued by BOC is to promote treatment for patients with varying health problems which may beneﬁt from osteopathic treatment and care.
Osteopaths will process personal data during the duration of any treatment and will continue to store only the personal data needed for 8 YEARS after the contract has expired, to meet any legal obligations. After 8 years, all personal data will be deleted, unless basic information needs to be retained by us to meet future obligations to you. Should you make an appointment for treatment after a period of 8 years, you will attend as a new patient.
Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
We do not store your ﬁles on a computer system – we only have hard ﬁles stored in secure cabinets. Only your name/address/date of birth appears on invoices and receipts, and these, alongside any reports/referral letters which are processed on a computer, are password protected.
At any time you have the right to:
ACCESS -to request a copy of your records
RECTIFICATION – to correct information that is inaccurate or incomplete
PORTABILITY – to have records transferred to another organisation
TO BE FORGOTTEN – in certain circumstances you can ask for information we hold to be erased from our records
To access what personal information is held, identiﬁcation will be required (copy of driving license, passport, birth certiﬁcate and a utility bill not older than 3 months). A minimum of one piece of photographic ID listed above and a supporting document is required. All requests should be made to firstname.lastname@example.org or calling 0208 950 8886 or writing to the clinic on above address.
IF YOUR REQUEST UNDER RIGHTS OF ACCESS IS DENIED, WE WILL GIVE A REASON WHY; YOU DO HAVE THE RIGHT TO LEGALLY CHALLENGE THIS.
Should you wish to complain about how your data is being stored or processed, you have the right to complain to us by above means.
During your ﬁrst visit, the Osteopath will ask you to sign and date your consent on your ﬁle to state that you have read and understood the GDPR Statement, and that you consent to us obtaining and keeping your records and details.