Stored Data at the Practice
Great care is taken to protect your personal data. This in line with the requirements of the General Data Protection Regulation (GDPR 2018), The General Dental Council, The Care Quality Commission and NHS England.
The person responsible for Data Protection is the Practice Manager: Mrs Lisa Graham, Princes Street Dental Practice Ltd, Hedley House, Princes Street, Corbridge, Northumberland
Our legal basis for processing data is:
- Processing is necessary for the performance of our care for our patients
- All the health care data we process is called special data, our legal basis for processing it is:
“For the purposes of delivering preventative dental care
For Dental /medical diagnosis,
For the provision of Dental Care or Treatment
For the management of dental care systems and services, on the basis of contract with a Dental professional.”
Hard copy and computerised records are stored, reviewed and updated securely and confidentially. Records are securely destroyed when no longer required. Confidential information is only seen by personnel who need to see it. The team are trained on our policies and procedures to keep patient information confidential.
To facilitate a patients’ Dental health care, your personal information may be disclosed to a Dental Specialist, Doctor, Dental /Health Care Professionals, Hospital, NHS authorities, HMRC. In all cases only relevant data is shared.
In very limited cases, such as for forensic identification purposes, or if required by law, information may have to be shared with a party not involved in the patient’s care, e.g. the Police. In all other cases, information is never disclosed to a third party without the patient’s consent / written authority.
Electronic communications and stored data are password protected and encrypted. All computerised clinical records are backed up and copies are kept off-site.
Your Consent for Marketing
When we need to obtain your consent for marketing such as email marketing, the consent sort will be specific, clear, prominent, opt-in, documented and easily withdrawn. (We have a system used to record consent and implement appropriate mechanisms in order to ensure an effective audit trail.)
The practice has appropriate procedures to ensure personal data breaches (where the individual could suffer some form of damage, e.g. through identity theft or confidentiality breach) are detected, reported and investigated effectively, including procedures to assess and then report any breaches to the Information Commissioner’s Office, NHS England and The Care Quality Commission.
The practice will report serious data breaches to the ICO within 24 hours of becoming aware of the essential facts. The practice will keep a log of all personal data breaches and record the basic facts, effects of the breach and remedial action taken.
Requested access to your records
Patients have access to view their records free of charge. Copies of patient records will be provided following a written request to the Practice Manager Mrs Lisa Graham. The requested copies will be provided within 40 days on receipt of request.
A patient may challenge information held on record and, following investigation, should the information be inaccurate the practice will correct the records and inform the person of the change in writing.
When the practice receives a third-party request for information on someone else’s behalf (e.g. from a solicitor) evidence of their permission will be requested, this could be a written authority to make a request or a power of attorney.
When the practice receives a third-party request for information, for a patient who lacks the mental capacity to manage their affairs, the practice will ask to see evidence of a Lasting Power of Attorney or the evidence of appointment by:
- The Court of Protection in England & Wales;
- The Sheriff Court in Scotland; and
- The High Court (Office of Care and Protection) in Northern Ireland