This notice is to explain why I collect your personal data, what I do with it, and to ensure I am working in accordance with the new EU General Data Protection Regulation (GDPR).
All information provided will be treated as confidential and will not be given to any other person/organisation without the patient's written consent.
As part of the Patient Record, I am required to retain information for the purpose of consultation for treatment and recording subsequent treatments.
When you supply your personal details to me, when we communicate by email or text, and when I take notes in the clinic, this information is stored and processed for three reasons in line with the GDPR requirements:
I need to collect personal information about your health in order to provide you with the best possible treatment—your request for treatment and our agreement to provide that care constitutes law an (unwritten) contract.
I have a legitimate interest in collecting that information. Because without it, I could not practice acupuncture effectively and safely.
I keep records of your contact information because I think it is essential to contact you to confirm your appointments with me.
After you complete the Patient Details Form, Data Protection and Consent Forms online, all the information will be electronically stored with a secure practice management software on a password-protected computer. Your clinical records are scanned or stored on a computer file or retained as paper records in a secure cabinet in my home, for as long as you remain a patient of the clinic, and after that for a period of 7 years. After this period I will delete your records.
Information held both manually and electronically in files will be accessible only by myself directly involved in the data entry and processing of patient records.
Texts are stored on a password-protected phone. I will never share your information with anyone who does not have a legal right to access without your written consent.
In line with the Data Protection (1998) Act, details of consultations and treatment can only be released to third-party medical practitioners with the patient's specific written permission.
You have the right to see what personal data of yours I hold, and you can also ask me to correct any factual errors. I am legally required to respond to a patient's request to see their personal data within a timescale of 30 days.
You can raise any concerns directly with the Information Commissioner’s Office on https://ico.org.uk/concerns/
Please wear loose, comfortable clothes.
Do not have a large meal or any alcohol.
Read consultation form carefully and sign after making sure you understood everything.