At BodyEvolve, we take the protection of your personal data and rights very seriously and we have aligned our clinic in accordance with GDPR legislation (25th May 2018).
1. How we use your personal information
1.1 The health care professionals who provide your care have to maintain records about your health and any treatment you have received here or previously. These records help provide you/your child with the best possible health care. Our lawful basis of processing this data is one of contract and will only examine or treat you with your explicit consent. Our records are electronic and on paper and we use a combination of working practices and technology to ensure your information is kept confidential and secure. Records held about you may include the following information:
- Details about you, such as your address, date of birth, contact details, previous medical history and previous investigations
- Any contact the clinic has had with you, such as appointments, clinic visits, advice given over the phone or email, emergency appointments etc.
- Notes about your own and/or your child’s health
- Details about your own and/or your child’s treatment and care
- Relevant information from other health care professionals
As an adult, your data by law is retained for 8 years from the last visit, or if a child, then until they reach their 25th birthday. If aged 17 years old at the last visit, then records are kept until age 26. After this period, all records are destroyed. If you believe we should erase or stop storing your data, please contact the Data Controller detailed below.
1.2 Information may be used within the clinic for clinical audit purposes to monitor the quality of the services we provide. All of your information is held securely on our premises and on a secured cloud system and may be used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
2. How do we maintain the confidentiality of your records
2.1 We will only use information collected lawfully in accordance with:
- General Data Protection Rules 2018
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- General Chiropractic Council Code of Conduct
2.2 Every member of staff who works at BodyEvolve Family Chiropractic has a legal obligation to keep information about you confidential.
3. Who do we share your information with?
3.1 We only ever pass on information about you to others if there is a genuine need for it and you have given your consent. This may be your GP or other health care professionals, such as a medical consultant or solicitor.
3.2 We will not disclose any information about you to any third party without your written permission, or parental consent for a child, unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and/or in accordance with the Caldicott principles.
4. Access to your personal information
4.1 You have a right under the GDPR 2018 to request access to view or obtain copies of information BodyEvolve Family Chiropractic holds about you and to have it amended should it be inaccurate. In order to request this you need to:
- Make your request in writing to the clinic
- There is no charge for copies of your file
- We are required to respond to you within 40 days
- You will need to give us proof of name, address and date of birth, so that your identity can be verified (photo ID)
5.1 Should you have any concerns about how your information is managed at the clinic, please contact Data Controller Michelle Knowles. If unresolved, you can then complain to the Information Commissioner’s Office via website (www.ico.gov.uk)
6. Change of details
6.1 It is important that you tell the person treating you of any changes to your details, such as name or address. If any of your details are incorrect, please notify us in order to correct it.
7. Notification & Data Controller
7.1 In any breaches of personal data where information we control is lost, stolen or otherwise breached and constitutes high risk to your rights and freedom, we will notify you immediately. We will explain the nature of breach and steps taken to deal with it.
7.2 Michelle Knowles is the Data Controller for BodyEvolve Family Chiropractic Clinic.