Data Protection Policy & Code of Practice

Capel Dental Practice

Data Protection Policy and Code of Practice

Why we have this Policy

This practice collects and stores information and is therefore legally obliged to ensure that all personal data is protected. The practice is registered under the Data Protection Laws with the Information Commissioner and there are heavy penalties for infringement of the Data Protection Act 2018 and GDPR (May 2018)

It is important therefore that every team member understands how and why we use such data and how it must be stored and handled securely. We only hold information that is relevant and only for as long as it is needed.

Our data protection code of practice provides the required procedures to ensure that we comply with the 2018 Data Protection Act and GDPR 2018. It is a condition of engagement that everyone at the practice complies with the code of practice.

Introduction

Please read the following policy carefully. You should ask Ashley Pettit, who is in charge of the correct operation of this policy if there is anything about which you are unsure.

What is ‘personal information?’

In a dental context personal information held by a dentist about a patient includes:

  • The patient’s name or even their ‘nickname’ or preferred name as written on a Record, current and previous addresses, bank account/credit card details, telephone number/e-mail address and other means of personal identification such as his or her physical description
  • Information that the individual is or has been a patient of the practice or attended, cancelled or failed to attend an appointment on a certain day
  • Information concerning the patient’s physical, mental or oral health or condition or protected characteristics
  • Information about the treatment that is planned, is being undertaken or has been provided
  • Information about family members and personal circumstances supplied by the patient or others
  • The amount that was paid for treatment, the amount owing, or the fact that the patient is a debtor to the practice.

Access to records

Patients have the right of access to their health records held on paper or on computer that we hold about them and to receive a copy, or they may authorise a third party, such as a lawyer, to do so on their behalf. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to Ashley Pettit and accompanied by the appropriate fee (If applicable).

A request from a patient to see records or for a copy must be referred to the patient’s dentist. The patient should be given the opportunity of coming into the practice to discuss the records and will then be given a photocopy. Care should be taken to ensure that the individual seeking access is the patient in question and where necessary the practice will seek information from the patient to confirm identity.

Access may be obtained by the patient making a request in writing. There is normally no fee payable for this. We will provide a copy of the record as soon as possible and within 30 days at the latest.

If a patient does not agree

If a patient does not wish personal data that we hold about them to be disclosed, updated or used in the way that is described in this Code of Practice, they must be allowed to discuss the matter with their dentist; however, this may affect our ability to provide them with dental care and they must be made aware of this.

The patient does not have a right to anonymity for medical records.

 


Capel Dental Practice

DATA PROTECTION CODE OF PRACTICE

INFORMATION FOR PATIENTS AND STAFF MEMBERS

We will keep your records secure

This practice complies with the Data Protection Act (2018) and General Data Protection Regulation (GDPR) 2018. This means that we will ensure that your information is processed fairly and lawfully.

What personal information do we hold?

  • Your past and current medical and dental condition; personal details such as your age, national insurance number/NHS number, address, telephone number and your general medical practitioner
  • Radiographs, clinical photographs and study models
  • Information about the treatment that we have provided or propose and its cost
  • Notes of conversations or incidents that might occur for which a record needs to be kept
  • Records of consent to treatment
  • Any correspondence relating to you with other health care professionals, e.g hospital or community services.
  • Employment/Training records
  • EDBS Disclosure Numbers

Why do we hold this information?

We need to keep accurate personal data about patients and staff member in order to provide you with safe and appropriate dental care and services. We also need to process personal data about you if we are providing care under NHS arrangements and to ensure the proper management and administration of the NHS.

Retaining information

We are required to retain your dental records, X rays and study models while you are a patient or staff member of this practice and after you cease to be a patient/employee, for at least eleven years, or for children until age 25, whichever is the longer. For staff members we need to keep records for up to 5 years.

Security

Your information is held in the practice’s computer system and/or in a manual filing system. The information is only accessible to authorised team members and Care Quality Commission Inspectors. Our computer system has been secured with audit trails and information is regularly backed up to ensure it is not lost.

In order to provide proper and safe dental care to:

  • Your general medical practitioner
  • The hospital or community dental services
  • Other health professionals caring for you
  • NHS payment authorities
  • The Inland Revenue
  • The Benefits Agency, where you are claiming exemption or remission from NHS charges
  • Private dental schemes of which you are a member.

Disclosure will take place on a ‘need-to-know’ basis, so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of Government (whose personnel are covered by strict confidentiality rules) will be given the information. Only that information that the recipient needs to know will be disclosed.

In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.

Keeping Data Secure

A copy of our Data Security policy is available on request.