data protection policy
Hygeia Dental Care complies with the 1998 Data Protection Act and this Policy describes our procedures for ensuring that personal information about patients is processed fairly and lawfully. We are fully computerised and are registered as a Data Controller with the Information Commissioner for this purpose – registration number Z7617588.
What personal data do we hold?
In order to provide you with a high standard of dental care and attention, we need to hold personal information about you. This personal data comprises:
- Personal details such as your name, age, address, telephone numbers, email address and your general medical practitioner;
- Your past and current medical and dental condition;
- Radiographs, clinical photographs and study models;
- Information about the treatment we have provided or propose to provide (and its cost);
- Notes of conversations or incidents that might occur for which a record needs to be kept;
- Records of consent to treatment;
- Any correspondence (relating to you) with other healthcare professionals: such as referrals to specialists, for example.
Why do we hold information about you?
We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care.
How we process the data
We will process personal data that we hold about you in the following way:
We will retain your dental records indefinitely while you remain a patient of the practice. If you cease to be a patient, we will continue to hold them for at least another eleven years, or in the case of children until they reach the age of 25, whichever is the longer. We will retain them for no longer than 30 years, in accordance with current Department of Health guidance on records management – Code of Practice Part 2, Annex D1 2009 (policy updated 16.9.2016).
Security of information
Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not accessible to the public and only authorised members of staff have access to it. Our computer system has secure audit trails and we back up information in an encrypted form to a remote server on every working day. See also the practice’s Data Security Policy.
Disclosure of information
In order to provide proper and safe dental care, we may need to disclose personal information about you to:
- Your general medical practitioner;
- The hospital or community dental services;
- Other health professionals caring for you;
- Private dental schemes of which you are a member;
- Our dental defence organisation, insurers and/or legal advisers (if you make a complaint or commence/threaten to commence legal processes).
Disclosure will take place on a “need-to-know” basis. Information will only be given to those individuals/organisations who need to have it in order to provide care to you or to resolve issues arising out of that care and for the proper administration of Government (whose personnel are also covered by strict confidentiality rules). The recipient will only be given the information that they need to know for these purposes.
In very limited circumstances or when required by law or by a court order, personal data may have to be disclosed to a third party not connected with your dental care. In all other situations, disclosure that is not covered by this Policy will occur only when we have your specific consent. Where possible you will be informed of these requests for disclosure.
In order to ensure proper practice administration and that all communication between team members and third parties (including patients) is appropriate and accords with GDC principles of professional conduct, all incoming text communications, whether physical (eg letters in the post) or electronic (eg emails, SMS messages) are opened and read by the Practice Director, Neil Phillips, regardless of who they are addressed to or whose attention they are marked for. This does not apply to items of post that have clearly been delivered in error – eg where they are addressed to a neighbour and have been left by the postman by mistake. PLEASE NOTE: we do not record or monitor verbal communications.
You have the right to access the data that we hold about you and to receive a copy. Access may be obtained by making a request in writing. We will levy a fee of £10 (for records held on computer) or £50 (for records held manually or for records held on computer but with radiographs that are not). These fees are not arbitrary but are set by the Information Commissioner and can be found on their website (For the public – find out how to request your personal information; verified as at 1.9.2017). We will provide a copy of the record within 40 days of receipt of the request and fee and an explanation of your record should you require it.
If you move to another dental practice we may (at our discretion) loan any original x-rays and provide copy notes direct to that practice free of charge on receipt of a written request from them to do so.
The Practice Director maintains a summary of all requests for access to records, disclosures, consent to disclosure and reasons for refusing access: refer to office document database.
If you do not agree
If you do not wish personal data we hold about you to be disclosed or used in the way that is described in this Policy, please discuss the matter with your dentist. You have the right to object, but please remember that this may affect our ability to provide you with dental care.
Web version 8: 16.9.2016 (reviewed 1.9.2017)
Previous web versions: 5.5.2005; 31.1.2010; 15.2.2011 (reviewed 25.1.2012); 3.2.2012; 15.3.2012 (reviewed 12.3.2013 & 19.6.2014); 18.7.2014; 3.8.2016