Imokilly Physiotherapy and Sports Injury Clinic Ltd (Imokilly Physio) collects personal identifying information relating to patients’ health and personal details. Some of this information is classed as sensitive data and termed as special category data.
Patients, and other data subjects, of Imokilly Physio have a right to know why their information is collected, for what purpose it is used and how it is kept safe. Patients also have greater rights to access the information that Imokilly Physio holds.
Why is information collected?
For a detailed and accurate physiotherapy assessment and treatment to take place, information about a patient’s current and past health needs to be obtained. Under the General Data Protection Regulation (GDPR) Imokilly Physio has a legitimate interest in the patients’ information and that is part of the contract between a health professional and their patient. This information allows us to give patients the best treatment possible.
Other identifying information such as name phone number and email are collected in order to communicate with Patients.
How is this information used?
Information such as addresses, allow us to post receipts and invoices and also to provide the treatment at your place of residence if so required. Your telephone number allow us to send text reminders of appointments and communicate with you outside of appointment times. E-mail addresses are used for sending you receipts and your individual online exercise programme when required.
Your date of birth is used as a unique identification for your records and in order to verify who you are.
Medical details allow for a detailed assessment to take place which will help us diagnose and treat the problems that you have.
In some instances, with your consent, there will be communication with the referring GP or consultant.
Who has access to your information?
All staff of Imokilly Physioare bound by patient confidentiality laws, the standards of conduct, performance and ethics of CORU (Regulating Health & social care professionals) and the Irish Chartered Society of Physiotherapy (ICSP) code of conduct. Your information will not be shared Imokilly Physio unless you have given explicit consent, except when;
- requested by law
- in your best interests and you are unable to give consent
How is your information stored?
Your name, address, telephone number and e-mail are used to create an electronic record which is kept on a computer that is password protected with robust security measures to prevent loss of information. The initial health screening assessment and treatment notes are written on paper, which is then transferred onto your electronic record, and subsequently confidentially shredded.
All notes will be kept for a period of 7 years after the last treatment or date of death at which point they will be permanently deleted.
How can you access your records?
You have the right to request to see the information that Imokilly Physio holds about you. All requests will be answered in the time frame of one month. There will be no fee for information provided.
Requests can be made either verbally or in writing to:
Imokilly Physiotherapy and Sports Injury Clinic Ltd, U2 Medical Units, Market Green, Midleton, Co. Cork. 0214636642 or firstname.lastname@example.org.
Please ensure that you have filled in the subject line of the email or letter accurately and in order to ensure that the request is dealt with properly, the preferred phrase to use is DATA PROTECTION QUERY.
Imokilly Physio reserves the right to request further information from you in order to verify your identity prior to sending any information. We do not send health information or medical records to individuals, these are to be sent to a qualified health practitioner nominated by the you.
In the instance where requests are excessive or unfounded, Imokilly Physio has the right to refuse and/or charge for time spent. This does not affect the individual’s right to complain to the data protection commissioner to seek judicial remedy. Where a fee is deemed appropriate Imokilly Physio will not comply with any requests until the fee is received.
Your right to amend, restrict and object to the information held.
Under the GDPR all individuals have the right to have incorrect information that is held about them amended. If this was to arise within the notes held by Imokilly Physio Ltd the notes would become restricted, i.e. not used until the issue was resolved. However, if Imokilly Physio deems the information to be accurate then no amendment will be made.
You have the right to have the information we hold restricted;
- if you contest the accuracy,
- if you need the information to establish, defend or exercise a legal claim
- if you object to the processing of the information held.
In this instance all treatment will be stopped until the issue is resolved. You also have the right to object to Imokilly Physio Ltd holding your personal information on grounds relating to your particular situation and as with restriction, all treatments will stop and the notes will become restricted until the issue is resolved. For more detailed information on your rights please see below.
How is your information kept safe?
Notes stored by Imokilly Physio are kept on a password protected computer, stored in an encrypted folder within a password protected word document. There are robust security measures on the computer to prevent and minimise the risk of information theft. Written notes are kept in a locked filing cabinet in the clinic. When information is shared with others, GPs for example it will either be sent via encrypted email, recorded delivery or hand delivered.
Imokilly Physio will take the utmost care to ensure that your personal information is safe whilst it is under our care. In the unlikely event that this safety was compromised and it is deemed that there may be a threat to your rights and freedoms you will be notified immediately as will the Data Protection Commissioner. All breaches, whether notification is required or not, will be logged in the Data Breach Log.