Information Held
The following information is collected: Patient name, address, date of birth, email address, phone numbers, GP details, past medical history, family medical history and case history for treatment carried out at clinic.
All information is given by the patient or their carer, parent or legal guardian.
Data Collection
Information collected is sufficient for the purpose of making informed clinical decisions and communicating with patients.
Contact data is collected verbally, on the phone or by email by reception staff or by Dr Rockwell in order to book appointments. Medical information is collected and recorded by Dr Rockwell during consultations which may be face to face, phone, Skype or other modalities of appointment. Clinical information may also be collected by email.
Data Storage
Contact details and appointments are stored within the Sussex Back Pain Clinic PPS system on the reception computer which is password protected.
Patient clinical records are stored electronically by Dr Susie Rockwell. These are stored securely encrypted on the Microsoft One Drive for business cloud. All electronic devices used to access patient records are password protected.
Data Disposal
Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children
If paper records are received for example new patient questionnaires, pathology or radiology reports, letters from clinicians etc. they are scanned onto the patient’s clinical record and then the paper copy is shredded.
Consent
Patient data is used by The Sussex Back Pain Clinic for appointment reminder text/email messages.
Prior to/at their first appointment patients will be asked for their consent to the use of their data for these purposes plus every email from Dr Rockwell will remind patients of their option to opt out of further communications.
Outside of consultations Dr Rockwell will primarily communicate by email about clinical matters and will also send out occasional clinic updates by email.
Parents must give consent for communication with children under 16 years.
Data Sharing
I may receive information about your health from other organizations who are involved in providing you with health and social care. For example your GP or a specialist may send me a letter to let me know about your care.
Data such as name and address may be shared with supplement companies or laboratory suppliers if you have asked me to supply you with supplements or a blood or specimen pack and I am arranging for these to be sent directly out to you.
Information is generally only shared with other persons with patient’s permission. This would usually be with other health professionals.
In some circumstances I might also share medical records in anonymised form for medical research.
Data would extremely rarely be shared without consent if there was a legal order or in cases of serious safety risks. In certain circumstances it is a legal and professional requirement to share information for safeguarding reasons such as if there were concerns about domestic or child abuse or to prevent infectious diseases from spreading or to check the care being provided to you is safe. This is to protect people from harm.
Security
Stored electronic data is password protected and access to information is restricted. Systems are kept updated and antivirus security systems are in place and updated.
Data breaches will be investigated and reported to the Information Commissioner’s Office within 72 hours by Dr Rockwell and patients will be informed.
Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred. Information Commissioner’s Office Tel. 0303 123 1113
Subject Access Requests
I will respond to requests for access to medical records within a month and no charge will be made. Data is only released on receipt of a signed request from patients or in exceptional circumstances.
Any data sharing is detailed in the patient record.
Patient Rights
Patients and anyone I hold data about have rights under GDPR.
You can request to: see your data at any time, move your data to another practice, correct any inaccuracies, prevent marketing.
You may request for details to be deleted but due to my legal obligation I cannot delete your health record until 8 years after your last consultation but I can remove you from my contact list and from that of the Sussex Back Pain Clinic.
Complaints
Patients may raise any complaints about data processing with the Data Controller who is Dr Susie Rockwell and who may be contacted at: Sussex Back Pain Clinic, 58 New Church Road, Hove, BN3 4FL
You may also contact the Information Commissioner’s Office Directly on: 0303 123 1113
Privacy Policy updated May 2018