1. How we use your personal information

​

This notice tells you why FixPain collects information about you and/or your child and how this information may be used.
The health care professionals, who provide your care, maintain records about your health and any treatment or care you have received here or previously. These records help provide you with the best possible health care. Our records are electronic and on paper and we use a combination of working practices and technology to ensure your information is kept confidential and secure. Records which this clinic holds about you may include the following information:

• Details about you, such as your address, contact details, previous medical history and previous investigations

• Any contact with the clinic has had with you, such as appointments, clinic visits, advice given over the phone or email, emergency appointments etc.

• Notes about your and/or your child’s health

• Details about your and/or your child’s treatment and care

• Relevant information from other health care professionals

Information may be used within the clinic for clinical audit purposes to monitor the quality of the services we provide. All of your information is held securely on our premises and may be used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested for research purposes – in such instances we will always ask your consent before releasing such information.

​

2. How do we maintain the confidentiality of your records

2.1 We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

• General Data Protection Rules 2018

• Human Rights Act 1998

• Common Law Duty of Confidentiality

• General Chiropractic Council Code of Conduct

2.2 Every member of staff who works at FixPain has a legal obligation to keep information about you confidential.

​

3. Who do we share your information with?

3.1  We only ever pass on information about you to others, if there is a genuine need for it and you have given your consent. This may be your GP, dentist or other health care professionals, a solicitor or for court proceedings.

3.2  We will not disclose any information about you to any third party without your written permission or in case of a child’s information the parental consent, unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and/or in accordance with the Caldicott principles.

​

4. Access to your personal information

4.1 You have a right under the General Data Protection Rules 2018 to request access to view or obtain copies of what information FixPain holds about you and to have it amended should it be inaccurate. In order to request this you need to do the following:

• Your request must be made in writing to the clinic

• There is no charge for copies of your file

• We are required to respond to you within 40 days

• You will need to give us proof of name (Photo ID) so that your identity can be verified

​

5. Objections/Complaints

5.1 Should you have any concerns about how your information is managed at the clinic, please contact the Owner Dr David Elliott in the first instance. If you are still unhappy following a review by the other Clinic Owners, you can then complain to the Information Commissioner’s Office via their website (www.ico.gov.uk)

​

6. Change of details

6.1 It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for us to correct it.

​

7. Notification & Data Controller

7.1 Laura Gibbs is registered with the Information Commissioner’s Office as the Data Controller FixPain

 

 

GDPR Statement

 

FixPain GDPR - DATA QUESTIONAIRE

 

General

Practice Name ; FixPain

Practice Contact; Dr Laura Beaven

Service Provided ; Physiotherapy, Chiropractic, Osteopathy, Podiatry, Massage

​

Data

Who will you share data with?; GP, Surgeons. Only with premission of patient. Data may also be shared with Coaches and trainers if requested by patients

What application do you use to process the personal data; Practice Hub, PhysiTrack, Stripe

What application do you use to store the personal data; Practice Hub and Physitrack

Legal basis for storing the data; ICO and Governing body requirement to store for period of time

Where is the data stored; Practice Hub and Physitrack

What security measures (technical or procedural) have been implemented to protect the data that has been audited? (ie ISO 27001, third party audits, and other accreditations which cover data protection/ security); Follow ICO Guidelines

How do you monitor data breaches, investigate and report them?; Report to clinic manager as per their Information Security Policy, as provided

Are procedures in place to regularly review and destroy excessive or out of data (paper and computer records); Yes

How are files containing sensitive data moved from one location to another - digitally; Digital data - Electronically emailed with patients permission

​

Staff

Do staff receive frequent information security training (how frequent?) Yes - Annually

Do staff know what to do if personal data is lost, accessed improperly or stolen? Yes - follow Fix Pains Information Security Policy

Are there access restrictions in place to who can access the data we send? Yes

Is there a comprehensive information security policy in place? Yes - See Data Protection Policy

Are confidentiality agreements signed by staff? Yes