Privacy policy

 

Patient Privacy Information

Introduction  

Healthcare professionals who provide you with care are required by law to maintain records about your health and any treatment or care that you have received. These records help us to provide you with the best possible medical care. Go Podiatry acts as ‘controller’ and determines the purposes and means of the processing of this personal data and complies with the Data Protection (Bailiwick of Guernsey) Law 2017. This document explains why Go Podiatry collects information about patients and how we keep it safe and confidential, and how that information may be used.

Why we collect information about patients

Healthcare professionals need to maintain records about a patient’s health and any treatment or care that they have received. We collect and hold data for the purpose of providing the best possible healthcare services to our patients. In carrying out this role we may collect information about patients, which helps us respond to their queries and medical concerns or secure for them other services. We may keep information about patients in a written or digital form. As a basic principle electronic records would be kept indefinitely. 

Details we collect about patients

The records we collect include basic details, such as a patient’s name and address. They will usually also include more sensitive information, known as ‘special category data’, about an individual’s health and treatments they have received in the past.

Records that we hold may include:

  • Details such as the patient’s address, telephone number, mobile phone number and email address.

  • Any contacts with Go Podiatry, such as appointments, clinic visits etc.

  • Notes and reports about an individual’s health, treatment and care.

  • Results of investigations, such as laboratory tests, x-rays etc.

  • Relevant information from other health professionals, relatives or those who care for the individual.

How we use information about patients

We adhere to a strict code of confidentially with regard to managing patient information. Our staff only access information that is required to fulfil their roles and have a duty of confidentiality.

In some situations a patient’s health needs may require direct care from other healthcare providers or healthcare services outside Go Podiatry. In these situations, we will exchange with them information about you that is necessary for them to provide that care. Anyone with whom we share this information will have a professional and contractual duty of confidentiality.

Situations where your information may be shared for direct care include:

  • Referral to a GP or physiotherapist.

  • Referral for investigations such as ultrasound investigations.

We only share information with others involved in your direct care when they have a genuine need for it. In all cases only the minimum amount of information to serve the purpose required would be released.

The legal basis for Go Podiatry to process patient data

For the provision of direct patient care, consent for Go Podiatry to process patient data within and outside the clinic is assumed and is allowed under the Data Protection (Bailiwick of Guernsey) Law 2017 articles Schedule 2 Part II (10)(a)(i)

  1. (a)  The processing is necessary for a health or social care purpose....

  2. (b)  In subparagraph (a) –

‘Health or social care purpose’ includes the purpose of –

    1. (i)  Preventative or occupational medicine

    2. (ii)  The assessment of the working capacity of an employee or worker

    3. (iii)  Medical diagnosis

    4. (iv)  The provision of medical, health or social care or treatment, or

    5. (v)  The management of medical, health or social care systems and services

We will not share patient information with any third parties for reasons that are not for direct patient care unless you give us the explicit consent to do so, such as providing information to:

  • Your employer

  • Insurance companies

  • Solicitors

In all other situations we would not disclose personal information about a patient without their consent unless there were exceptional circumstances (i.e. a life and death situation) or where disclosure is in the public interest or when there is a legal duty to do so, for example a court order. 

Data Processors

Go Podiatry uses data processors including Cliniko which is Allied Health Practice Management Software. In addition, Gmail is used to send and receive messages between Go Podiatry and patients. MyPhysioRehab is a programme for prescribing exercises which are sent to patients by email as part of their treatment. 

Patient rights under the Data Protection (Bailiwick of Guernsey) Law 2017

The right of access, rectification and erasure

Patients have the right to access their personal data. It is Go Podiatry policy that access requests should be put in writing. We would aim to provide the information within one month, and much sooner where this is possible. 

As a general rule there is no charge for providing this information as long as the request is reasonable. However, an administrative fee may be charged for repetitive or unfounded requests. Requests from insurance companies and employers are not regarded as subject access requests and will be subject to a charge.

If a patient or carer wishes to correct any inaccurate information they believe is held about them, they should initially contact Go Podiatry in writing, detailing their concerns. We would aim to respond to the concern within one month. It may be the case that we cannot delete the relevant record or entry, because it is important that the entry, assessment and explanation or medical opinion be retained so that there is an understanding and explanation of subsequent events (such as how a patient was treated, or what further tests were organised) in their medical history.

Where we are not able to delete information, we can add a note to the disputed entry explaining your remaining concerns.

Please be aware that an alteration to an electronic record, or deletion of an entry in it, is always preserved (together with the original entry) as part of the electronic audit trail.

If a patient remains dissatisfied with the outcome of their request they can make an official complaint to Go Podiatry or contact the Office of the Data Protection Commissioner Tel No: (01481 742074) or email: enquiries@dataci.org

The right to object and restrict processing

We would always try and respect the wishes of a patient if they did not want their data to be used in a particular way, unless to do so would mean that we could not provide you with safe and effective medical care.

Patients have the right to object to primary uses of your medical record; that is the sharing of their data with health professionals outside of the clinic for the provision of direct medical care, if you so wish.

Patients also have the right to object to secondary uses of your medical records; that is the sharing of their data for purposes unrelated to your direct medical care.

If a patient wishes to object to how their data is being processed they should ideally discuss this with Go Podiatry first.

Data Breaches

A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

If we become aware of a breach in confidentiality that is likely to result in a risk to the rights and freedoms of individuals, we are obliged to inform the Data Protection Commissioner within 72 hours. Likewise, we must inform the individuals concerned without undue delay.

If a patient has a concern that a breach of their personal data has taken place, they should contact Go Podiatry immediately, so that this can be fully investigated.

How to Complain

If you have a complaint regarding your data or privacy, you can either complain to Go Podiatry or to the Office of the Data Protection Commissioner on 742074 or email: enquiries@dataci.org .