Acuculture data protection procedure
Cookies may be used within our site. In general, this will be by web browsers as part of the automated record keeping process. These are stored on your hard drive. You may choose to turn cookies off or to be alerted if they are in use. This could cause the site to function incorrectly.
We are committed to safeguarding the privacy of all patients who attend our centre; this policy sets out how we will treat your personal information. This document has been devised to reflect the new GDPR regulations which come into force from 25th May 2018. It may be updated from time to time in accordance with any new regulations.
The following information is collected: Patient name, address, DOB, email address, phone numbers, GP details, previous & current medical history, case history for treatment carried out at clinic, Occupation, Registered GP & details of communication. All information is given by the patient or their carer, parent or legal guardian.
Data Collection & Storage
Clinical information collected is sufficient for the purpose of making informed clinical decisions. Patient’s personal data is used to ensure we can contact patients in relation to their treatment at the clinic. Patient contact details and clinical records are stored on a secure cloudbase practice management software in accordance with statutory regulations. We use your GP’s name and address in the event that we need to contact your GP including in an emergency and because it is a mandatory requirement in the British Acupuncture Code of Professional Conduct. Informations are accessed only by our authorised practitioners and trained staff.
Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children, depending on their date of birth at the start of treatment.
Clinical notes are archived after 8 years. This process involves shredding the paper clinical notes, deleting all electronic data & thoroughly deleting all email records. They are only accessible by The Acuculture Clinic if the patient returns to continue treatment thereby acting as a historical record, or if requested by the patient or for historical legal reasons.
Electronic records are deleted from the system after 8 years or 25 years of age for children.
Patient data is also used for appointment reminder text messages or phone calls at the patient’s request, a newsletter and marketing which patients can opt in to with a tick box on their first visit. We check patients still want to receive communications on a regular basis.
Information is only shared with other persons with the patient’s permission. This would usually be with other health professionals, but occasionally it may need to be shared due to legal reasons or in cases of serious safety risks. Patient information is never passed on to other external practitioners, persons or companies.
Access to patient records is restricted to practitioners who have signed a confidentiality agreement.
All electronic data is password protected and access to information can be restricted. Systems are kept updated and antivirus security systems are in place and updated.