Data protection privacy notice
In providing your dental care and treatment, we will ask for information about you and your health. We may also receive information from other persons and organisations who have been involved in providing your care. Hygeia Dental Care complies with the 1998 Data Protection Act and the General Data Protection Regulation (EU 2016/679) and this Notice describes our procedures for ensuring that personal information about patients is processed fairly and lawfully. It sets out the type of personal information we hold, why we hold it and what we do with it.
We are Hygeia Dental Care and we operate at Malt Mill Lane, Totnes, Devon, TQ9 5NH. We may be reached via email – firstname.lastname@example.org – and by telephone – 01803 866166.
The practice owner, Joanne Giddy, is responsible for keeping secure the information about you that we hold. Those at the practice who have access to your information include dentists, hygienists and other dental professionals involved with your care and treatment, the reception staff and managers responsible for the administration and management of the practice, plus the virtual reception service that answers calls for us when we are closed or helping other patients.
We are fully computerised and are registered as a Data Controller with the Information Commissioner for this purpose – registration number Z7617588.
What information do we hold?
In order to provide you with a high standard of dental care and attention, we need to hold personal information about you.
We can only keep and use information for specific reasons set out in the law. If we want to keep and use information about your health, we can only do so in particular circumstances. Below, we describe the information we hold, why and the lawful basis for collecting and using it:
- Contact details such as your name, age, date of birth, address, telephone numbers and email address. This information allows us to fulfil our contract with you by providing appointments and information about your care. We will also use this information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care and to make you aware of our services.
- Dental records comprising information about your dental and general health, including: clinical records made by dentists and other healthcare professionals involved with your care and treatment; x-rays, clinical photographs, digital scans of your mouth and teeth, study models; medical and dental histories (including details of your general medical practitioner); treatment plans/estimates; records of consent; details of your appointments; details of any complaints you have made and how these complaints were dealt with; correspondence with you and other health professionals or institutions. We collect and use this information to allow us to fulfil our contract with you – to discuss your treatment options and provide dental care that meets your needs. We also use this information for the legitimate interest of ensuring the quality of treatment we provide.
- Financial information includes the fees we have charged, the amounts you have paid and some payment details. This information forms part of our contractual obligation to you to provide dental care and allows us to meet our legal financial requirements.
How we use your information
To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you.
Where an email address has been provided, we may contact you to confirm that appointments have been made for you.
We will contact you by email, SMS text message or telephone to remind you in advance of any appointments you have booked. These contacts are normally made in the 48 hours prior to the appointment – sometimes further in advance if necessary (EG where the appointment falls on a Wednesday, we will usually attempt to remind you on the previous Saturday since we are not usually open on Mondays and Tuesdays).
We may share your information with your dental insurance company, where relevant, in connection with claims that you make (your written authority will be sought by the insurer on each occasion).
We may contact you to conduct patient surveys or to find out if you are happy with the treatment you received for quality control purposes.
We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, email or letter.
Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:
- Your doctor
- A hospital, community dental service or other health professionals caring for you
- Specialist dental and medical services to which we may refer you
- Dental laboratories
- Debt collection agencies
- Your dental insurance provider
- Our virtual reception service (that answers incoming calls when reception is closed or engaged helping other patients)
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. We will let you know in advance if we send your medical information to another medical provider and we will give you the details of that provider at that time.
In certain circumstances required by law or by a court order we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies. In all other situations, disclosure that is not covered by this Policy will occur only when we have your specific consent. Where possible you will be informed of these requests for disclosure.
In the event of a claim or complaint being made against us (or the threat of a claim or complaint) we may also need to share your information with the General Dental Council, the Dental Complaints Service, our defence organisation, insurers and legal advisers.
We are also required to allow the Care Quality Commission access to your information when they carry out an inspection or investigation.
In order to ensure proper practice administration and that all communication between team members and third parties (including patients) is appropriate and accords with GDC principles of professional conduct, all incoming text communications, whether physical (eg letters in the post) or electronic (eg emails, SMS messages) are opened and read by the Practice Director, Neil Phillips, regardless of who they are addressed to or whose attention they are marked for. This does not apply to items of post that have clearly been delivered in error – eg where they are addressed to a neighbour and have been left by the postman by mistake.
PLEASE NOTE: we do not record or monitor verbal communications.
Keeping your information safe
Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not accessible to those who do not work for the practice and only authorised members of staff have access to it. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
Our computer system has secure audit trails and we back up information in an encrypted form to a remote server on every working day. We take precautions to ensure the security of the premises, the practice filing systems and computers: see also the practice’s Data Security Policy.
We will retain your dental records indefinitely while you remain a patient of the practice. If you cease to be a patient, we will continue to hold them for at least another eleven years, or in the case of children until they reach the age of 25, whichever is the longer. We will retain them for no longer than 30 years, in accordance with current Department of Health guidance on records management – Code of Practice Part 2, Annex D1 2009 (policy updated 16.9.2016).
Access to your information and other rights
You have the right to access the information that we hold about you and to receive a copy. We do not usually charge you for copies of your information. If a charge is to be made, we will explain the reasons for this.
We will provide a copy of your information within 28 days of receipt of a request and an explanation of your dental records should you require it.
You can also request us to:
- Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change.
- Erase some of the information that we hold. For legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). However, we can delete some contact details and other non-clinical information if you ask us to.
- Stop using your information. For example, sending you reminders for appointments or information about our service. Even if you have given us consent to send you marketing information, you may withdraw that consent at any time. You can also ask us to stop using your information if you believe that it is inaccurate or you believe we are using your information illegally.
- Supply your information electronically to another dentist.
If we are relying on your consent to use your personal information for a particular purpose, you may withdraw your consent at any time and we will stop using your information for that purpose.
All requests should be made to the Practice Director, Neil Phillips, either by email (email@example.com) or in writing (Hygeia Dental Care, Malt Mill Lane, Totnes, Devon, TQ9 5NH).
The Practice Director maintains a summary of all requests for access to records, disclosures, consent to disclosure and reasons for refusing access: refer to office document database.
If you do not agree
If you do not wish us to use your personal information to be used in the way that is described in this Notice, please discuss the matter with your dentist or, if you prefer, with the Practice Director, Neil Phillips on 01803 866166. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.
If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call them on 0303 123 1113 or 01625 545745.
Web version 9: 18.5.2018 (reviewed 11.11.2018)
Previous web versions: 5.5.2005; 31.1.2010; 15.2.2011 (reviewed 25.1.2012); 3.2.2012; 15.3.2012 (reviewed 12.3.2013 & 19.6.2014); 18.7.2014; 3.8.2016; 16.9.2016 (reviewed 1.9.2017)