Privacy Policy for Loughridge Dental for Patient Data
Loughridge Dental takes great care to protect the personal data we hold for our patients in line with the requirements of the General Data Protection Regulation (GDPR).
The purpose of collecting and storing personal data about our patients is to ensure we can:
• Provide, appropriate, safe and effective dental care, treatment and advice for all our patients
• Fulfil any contracts we hold in relation to their care
• For business administration of their care.
Personal data held for our patients
The personal data we process (processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it) for our patients includes:
• Name, address, date of birth
• Unique identification number
• Next of kin
• Email address
• Phone numbers
• GP contact details
• Occupation
• Medical history
• Dental care records
• Photographs
• Family group
• Payment plan details
• Financial information
• Credit cards receipts
• Correspondence
• Details of any complaints received
We keep an inventory of personal data we hold on our patients and this is available for patients on request. A list of personal information held is also included in our Privacy Notice that is given to all patients.
Disclosure to third parties
The information we collect, and store will not be disclosed to anyone who does not need to see it.
We will share our patients’ personal information with third parties when required by law or to enable us to deliver a service to them or where we have another legitimate reason for doing so. Third parties we may share patients’ personal information with may include:
• Regulatory authorities such as the General Dental Council or the RQIA
• NHS Local Authorities
• Dental payment plan administrators
• Insurance companies
• Loss assessors
• Fraud prevention agencies
• In the event of a possible sale of the practice at some time in the future.
We may also share personal information where we consider it to be in a patient’s best interest or if we have reason to believe an individual may be at risk of harm or abuse.
Personal privacy rights
Under the GDPR all individuals who have personal information held about them have the following personal privacy rights:
• Right to subject access.
• Right to have inaccuracies deleted.
• Right to have information erased.
• Right to object to direct marketing.
• Right to restrict the processing of their information, including automated decision-making.
• Right to data portability.
Patients who wish to have inaccuracies deleted or to have information erased must speak to the dentist who provided or provides their care.
Legal basis for processing data held about patients
The GDPR requires us to state the legal basis upon which we process all personal data for our patients and it requires us to inform our patients of the legal basis on which we process their personal data.
This is clearly stated in our privacy notice that is given to all patients.
The legal bases for recording individual types of data are recorded in our patient personal data inventory. This is available for all patients to see on request.
The legal basis on which we process personal information for our private patients is
The legal basis on which we process personal information for our private patients, for our payment plan patients and for our NHS patients is as follows.
(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose
(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations)
(d) Vital interests: the processing is necessary to protect someone’s life
(e) Public task: the processing is necessary for us to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Automated decision making
All individuals who have personal data held about them have a right to object to their personal data being subjected to automated decision making.
Patients will always be asked to give specific, informed, verifiable, opt in consent for any processes involving automated decision making.
Consent
Loughridge Dental Care always obtains specific, unambiguous opt in consent from all patients to whom we send direct marketing information.
We also obtain specific, unambiguous, opt in consent from our patients for the record-ing of dental photography and/or transfer of information required for Dental Laboratory work or a Specialist Referral. For every new patient, we obtain consent for these things when the patient first attends the practice. For an existing patient, we ask the patient for consent when they attend for their recall appointment or for a treatment appointment. We refresh this consent annually when the patient completes a new medical history proforma.
Withdrawal of consent
Patients who have given their opt in consent have a right to withdraw their consent at any time. Patients are advised of their right to withdraw their consent for anything they wish to withdraw from in our privacy notice.
Retention period
This practice retains dental records and orthodontic study models while the patient is a patient of the practice and after they cease to be a patient, for at least eleven years, or for children until age 25, whichever is the longer.
Complaints
All individuals who have personal data held about them have a right to complain. All complaints concerning personal data should be made in person or in writing to Chris Loughridge. All complaints will be dealt with in line with the practice complaints policy and procedures.
Transferring personal data outside the EU
Patients’ personal data is not transferred outside the EU.
WEBSITE Privacy Policy
We are a data controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation, and this notice describes our procedures for ensuring that personal information about you is processed lawfully and fairly. We take your privacy seriously and will only ever use the information you provide as detailed in this notice. We do not do direct marketing for our products or services and will never contact you via social media, phone call or e-mail regarding promotions etc.
WHAT PERSONAL DATA DO WE HOLD?
For identification purposes and in order to provide you with a high standard of dental care and attention, we need to hold the following personal information.
1. Your past and present medical and dental conditions.
2. Personal details such as your date of birth, Health & Care number, address, phone number, email address and details of your medical practitioner.
3. Your bank details, if you are a member of our payment plan or use our finance options.
4. Radiographs, clinical photographs and study models.
5. Information about the treatment that we have provided, treatment options and outcomes and costs.
6. Notes of conversations or incidents that may occur for which a record may need to be kept.
7. Records of consent to treatment.
8. Any correspondence relating to you with other healthcare professionals, i.e. hospital, community, orthodontics, oral surgery and oral cancers.
WHAT ARE THE RISKS ASSOCIATED WITH HOLDING YOUR DATA?
There is a security risk with any company who hold personal data about an individual as it can be unlawfully obtained if it is not properly protected. As a practice we are committed to ensuring the security of your personal data through confidentiality, physical security measures, therefore limiting potential theft of such information.
WHY DO WE HOLD INFORMATION ABOUT YOU?
We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care. We also need to process personal data about patients in order to provide care under NHS arrangements and to ensure the proper management and administration of the NHS.
HOW DO WE OBTAIN THIS INFORMATION?
Registering with the practice as a new patient, requires you to fill in a confidential personal information form which includes some of the aforementioned personal details. routinely updated every visit.
HOW LONG ARE YOUR DETAILS KEPT?
We will retain your records whilst you are a practice patient, and after you cease to be a patient, for at least 11 years or, for children, until age 25, whichever is the longer.
HOW SECURE ARE THEY?
Personal data about you is held within the practice paper based system and in our manual filing system. The information is not accessible to the public and only authorised members of staff have access to it.
DO WE SHARE YOUR INFORMATION?
In order to provide safe and proper dental care, we may need to disclose personal information about you to:
1. Your medical practitioner.
2. The hospital or community services
3. Other health professionals caring for you.
4. NHS payment authorities.
5. Inland Revenue.
6. The Benefits agency, if you are claiming exemption or remission from NHS charges.
7. Private dental schemes of which you are a member
Disclosure will take place on a ‘need to know’ basis so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of government will be given the information. Only the information that the recipient needs to know will be disclosed. In very limited circumstances, or when required by law or a court order, personal data may have to be disclosed to a third party not connected to your health care. We do not currently transfer any information outside the EU. In all other situations, disclosure will only occur when we have your specific consent. Where possible, you will be informed of these requests for disclosure.
DO YOU HAVE A RIGHT TO YOUR OWN RECORDS?
You have the right of access to the data that we hold about you and to receive a copy. Access may be obtained by making a request in writing. We will require photographic evidence of your identity before being able to comply with the request. We will provide a copy of the record, and an explanation of the record if required, within 30 days of the request.
ARE YOU REQUIRED TO GIVE CONSENT FOR DISCLOSURE OF YOUR INFORMATION?
Yes, our confidential personal information forms provide a section about consenting for us to pass on your details to a consultant/specialist/laboratory if needed. This is a yes or no answer and is routinely updated every 4 months so you will be continually reminded to freely give consent. If you do not wish personal data that we hold about you to be disclosed or used in the way described in this policy, please discuss the matter with your dentist, however this may affect our ability to provide you with necessary dental care.
OUR PROMISE TO YOU
The team at Loughridge Dental Care is committed to ensuring the security of your personal data and will do our very best to protect it. We shall achieve this by ensuring our staff members comply with the following security measures;
Confidentiality
1. All staff employment contracts contain a confidentiality clause.
2. Access to personal data is on a ‘need to know’ basis only.
3. We have procedures in place to ensure personal data is regularly reviewed, updated and deleted in a confidential manner when no longer required.
Physical Security
Personal data is only taken away from the practice premises when absolutely necessary. If personal data must be removed from the practice it will never be left unattended e.g. in a car or public place. (Old written records) are kept in a locked room, which is not accessible by patients or visitors to the practice.
Efforts have been made to secure the practice against theft.
The practice has in place a business continuity plan in the case of a disaster. This includes procedures set out for protecting and restoring personal data.
Information Held on Computer
We do not use Dental Software to store our records.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Practice Manager, Chris Loughridge, 116 Upper Lisburn Road, Belfast, BT10 0BD or call on 028 9061 1880 and we will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 03031231113