Your Data, Your Rights and Our Obligations
Key Points
When is data collected?
To book an appointment: when you first contact the practice by phone or online, some contact details will be taken. Then at your initial consultation in person a complete patient history will be taken. As your course of treatment ensues, additional be noted in your patient record.
When you opt-in for newsletter and marketing material on the website. There is also an option to do this at your first visit to the practice.
Sometimes personal data will be passed to us by a third party such as another healthcare practitioner with your permission.
What data is collected?
The following information is collected: Patient name, address, date of birth, email address, phone numbers, GP details if required, past medical history, family medical history and case history for treatment carried out at practice.
All information is given by the patient or their carer, parent or legal guardian.
Data is only shared when…
Information is only shared with the patient’s permission, usually to other health professionals. Patient information is never passed on to other persons or companies.
Data would extremely rarely be shared without consent if there was a legal order or in cases of serious safety risks.
How long is data kept?
It is a legal obligation that patient records for adults are kept 8 years after the last appointment at the practice.
For children, the legal obligation is to keep records until the child reaches 25 years of age.
How is data deleted?
Paper notes are destroyed by shredding after 8 years or 25 years of age for children.
Electronic records are deleted from the system (computer file, software file or app) after 8 years or 25 years of age for children.
Your rights as a patient
Patients and anyone we hold data about have some rights under GDPR: You can request to: see your data at any time, move your data to another practice, correct any inaccuracies, prevent marketing. You may request for details to be deleted but due to our legal obligation we cannot delete your health record but we can remove you from our contact list.
Patients with further queries can speak to our Data Controller, Priscilla Stevens, who may be contacted at: 07985 310401. There is a copy of our Data Protection Procedure at the practice, available on request.