This document shows that we are aware. This document lists where we keep patient data and what data we hold. We have a consent form which every patient or power of attorney signs before assessment is started.
This is all kept on a secure password protected computer in our house. The hard drive is encrypted. Any paper notes will be locked in a secure cabinet in our home.
We make written paper notes to record assessments and progress notes whilst with patients and transpose these onto word documents which are securely kept our computer at home. All paper notes are then shredded and disposed of safely.
Any photos of patient information such as GP summaries, medical reports, prescriptions etc must be taken with the Physiotherapist’s phone and saved to the electronic clinical notes; then deleted off the phone immediately. If this information has been emailed then it can be saved directly to the electronic notes and deleted from the inbox and trash.
We have a duty of care to share relevant information with involved health and social care practitioners in the case of safeguarding concerns, this is at our discretion and we will normally inform you first.
We also are required to sometimes share your information to make onward referrals, with your consent, or to liaise with other medical or social care staff for your benefit, you will also be informed before these discussions occur. This is only done when necessary with minimal information conveyed.
Information will only be shared for the purposes agreed at original time of disclosure. If later required for another purpose this must be agreed with the owner in person.
We will willingly provide patients their own data at their request in electronic or paper format within 28 days. We will need to verify the patient requesting the data is the correct person by asking for full name, date of birth and address.
After 10 years we delete all patient data electronically and do not keep any traceable form. In the case of paper notes these are shredded and untraceable.
We will not process any data for any profiling or marketing purposes currently (to be reviewed in 2021).
We will notify any clients involved within 72 hours of becoming aware of the breach. In the case of a significant breach we will inform the Information Commission Office.
Emily Foster will audit this data protection process every 6 months to ensure passwords are being used on digital documents, that information being shared by email has been anonymised as described above, and that paper documentation is locked and secured.
We have a legal duty to keep your notes for 10 years and no shorter time than this. In this case this means that this law does not allow you to ask us to be forgotten. If in the case of a court of law your notes are required within 10 years of us having contact with you we are obliged to provide them.
Sussex Physio does not resell your data.Emails with patient information on will be anonymised as far as possible. If this has not happened the information will be copied and pasted into the patient notes and then the email will be erased and ‘removed from trash’.