The Fencepiece Dental practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulations (GDPR), the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.
This policy describes our procedures for ensuring that personal information about patients is processed in a way that is fair, transparent and in keeping with the law.
- We will only process personal data for the purposes for which it was collected – in order to provide you with the best quality care and to operate our dental practice.
- We will not keep your personal data for any longer than necessary for us to provide our care to you, and we will delete any data that we no longer need to keep.
- We will only collect the personal data that we need in order for us to provide our care to you and operate our dental practice.
- We will ensure that the personal data that we hold on you is accurate and up to date- and update it promptly when you inform us of any changes.
- We will ensure that we have the necessary measures in place to protect your data and make sure it’s kept secure.
- We will be accountable for your personal data and make sure that any third parties we share your data in order to provide you with our care are held to the same standard.
The person responsible for data protection is Dr Edmond Geradts.
What personal data do we need to hold?
In order to provide you with a high standard of dental care and attention, we need to hold personal information about you. We will ask you to provide personal information when joining the practice. The purpose of us processing this data is to provide you with optimum health care.
This personal data comprises:
- your past and current medical and dental condition; personal details such as your age, address, email address, telephone number, and your general medical practitioner
- NHS number
- next of kin and emergency contacts
- card receipts
- radiographs, clinical photographs and study models
- information about the treatment that we have provided or propose to provide and its cost
- notes of conversations/incidents about your care, for which a record needs to be kept
- records of consent to treatment
- correspondence relating to you with other health care professionals, for example in the hospital or community services.
- employment records/training for team members
- DBS disclosure numbers
The categories of data we process are:
- Personal data for the purposes of staff and self-employed team member management
- Personal data for the purposes of direct mail/email/text/other marketing
- Special category data including health records for the purposes of the delivery of health care
- Special category data including health records and details of criminal record checks for managing employees and contracted team members
We never pass your personal data to a third party unless we have a contract for them to process data on your behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary such as a hospital, we will gain the individual’s permission before the referral is made and the personal data is shared.
The lawful basis for processing for processing special category data such as patient’s and employee’s health data is:
- Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.
The Lawful basis of processing personal data such as name, address, email or phone number is:
- Consent of the data subject
- Children are able to consent to the processing of data if over 16 years of age and have the same rights as an adult in relation to their data. Where a child is under 16, consent must be sought from the person who holds parental responsibility over the child. However, it should be noted that where processing is lawful under other grounds, consent need not be obtained from the child or the holder of parental responsibility.
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
Why do we hold information about you?
We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care.
We will ask you to update your medical history and contact details at each visit.
We will retain your dental records and any study models while you are a practice patient and after you cease to be a patient, for at least 11 years or for children until age 25, whichever is the longest. This is a legal requirement, and after this time, all patient data that we no longer need is destroyed.
Your rights under the GDPR
- You have the right to know how your personal data is processed
- You have the right of access to the data that we hold about you and to receive a copy, free of charge.
- Access may be obtained by making a request in writing.
- We will provide a copy of the record within one month of receipt of the request and an explanation of your record should you require it
- You have the right to have your personal information corrected in a timely fashion if you believe it’s inaccurate or incomplete.
- You have the right to have your personal data deleted when we no longer need your personal data.
- In certain circumstances you have the right to restrict or limit the extent to which we process your personal data.
- you have the right to request a copy of your personal information in a structured, commonly used, machine readable format and ask for it to be sent to another dental practice.
- You have the right to object to us processing your personal information for certain things including direct marketing.
Further details of these rights can be seen on the Information Commissioner’s website http:/ico.org.uk/for-organisations/guide-to-the-general=data=protection-regulations-gdpr/individual-rights/).
Your information is held in our practice’s dental computer system. The information is not accessible to the public and only authorised members of staff have access to it.
Your personal information is carefully protected by the staff at this practice.
Our computer system has secure audit trails and we back up information routinely.
Disclosure of information
To provide proper and safe dental care, we may need to disclose personal information about you to:
- your general medical practitioner
- the hospital or community dental services
- other health professionals caring for you
- HMRC, Payroll
- workplace pension scheme
- private dental schemes of which you are a member.
- dental laboratory
- specialists e.g. Implantologist
- court, police
- CQC-Care Quality Commission
- GDC-General Dental Council
Disclosure will take place on a ‘need-to-know’ basis, so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of Government (whose personnel are covered by strict confidentiality rules) will be given the information. Only that information that the recipient needs to know will be disclosed.
In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent.
Where possible you will be informed of these requests for disclosure.
The practice has appropriate procedures to ensure personal data breaches are detected, reported and investigated effectively, including procedures to assess and then report any breaches to the ICO where the individual is likely to suffer some form of damage, e.g. through identity theft or confidentiality breach.
The practice will report serious data breaches to the ICO within 24 hours of becoming aware of the essential facts. The practice will keep a log of all personal data breaches and record the basic facts, effects of the breach and remedial action taken.
If you do not agree
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this policy, please discuss the matter with your dentist. You have the right to object, but this may affect our ability to provide you with dental care.
If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO)
Their telephone number is 0303 123 1113
Policy adopted 29/06/18