Privacy Policy
We, at Nicola Johnson Physiotherapy, take your privacy and the use of your personal details very seriously. When using the term data we are referring to the personal details and information we collect about you (see below in data held).
The following policy tells you about the data we collect, how it is stored and what data might be shared and with whom. It also informs you of your rights with regard to the data we collect about you.
DATA HELD
- Nicola Johnson Physiotherapy holds only essential personal information which allows us to identify our clients and suppliers.
- Nicola Johnson Physiotherapy holds the following personal data – name, address, date of birth, telephone numbers, email addresses, GP, medical insurance details (if appropriate), parent contact details in the case of a child 18 years or under.
- Relevant medical details & clinical information pertinent to a client’s condition
- Invoicing details – we do not hold any of our client’s financial details
- Nicola Johnson Physiotherapy holds the details of other therapists who use the clinic room for their work. This includes name, address, email, CV and bank details for invoicing and payment.
- Nicola Johnson Physiotherapy holds the contact details of suppliers
- We ensure the data we hold is legitimate, accurate, specific, and explicit and limited only to that which is necessary.
DATA STORAGE
- All client clinical records are kept in paper format only, in a locked room, in locked metal filing cabinet, at Swan Cottage, Much Marcle.
- Nicola Johnson Physiotherapy is bound by its legal and professional responsibilities to retain all client records for a minimum of 8 years following the client’s last consultation.
- In the case of children under the age of 16, they will be kept until the child reaches the age of 25. In the case of pregnant women, the records are kept until the unborn baby reaches the age of 25.
- Nicola Johnson Physiotherapy will endeavour to keep all data accurate and up to date.
- DATA SHARING
- On occasions it may be necessary to share clinical data e.g. a report on treatment progress with a medical colleague. As a client, you will be informed and your consent obtained.
- On occasions clinical assessment reports or requests for further treatment need to be written and sent to medical insurance companies, insurance intermediaries or solicitors. Again, this will only be completed with consent from the client.
- This data will be sent to the third party via post or secure email.
- Data received from a third party via email will be uploaded to, and stored on a clinic PC and/ or printed and attached to that client’s record.
- An encrypted backup hard drive, is updated on a regular basis, and is held, in a secure place by the Data controller.
REQUEST TO ACCESS YOUR DATA
- Clients have the right to access the personal data held about them by Nicola Johnson Physiotherapy.
- This request must be made in writing to one of the Data controllers at Nicola Johnson Physiotherapy
- A Client may request that the Data controller rectify any inaccuracies of the personal data held about them except for a diagnosis made in good faith at the time of assessment.
- A Client may request erasure or restriction of their personal data, excepting that Nicola Johnson Physiotherapy has legal requirement to maintain clinical records for:
– 8 years following completion of their last episode of care for adults.
– In the case of children all clinical data must be kept until the child reaches the age of 25.
– In the case of pregnant women, the records are kept until the unborn baby reaches the age of 25.
In the event of a request in writing to access data details, Nicola Johnson Physiotherapy will comply with the request if reasonable, and no harm to physical or mental health is caused by complying with the request. Nicola Johnson Physiotherapy will provide a copy of the information requested within 1 month, at no cost to the subject.
DATA BREACH
- Nicola Johnson Physiotherapy will implement appropriate technical and organisational measures in an effort to prevent a data breach.
- In the event of a data breach Nicola Johnson Physiotherapy will inform the Information Commissioners Office, where possible within 72 hours or as soon after as Nicola Johnson Physiotherapy becomes aware of such a breach.
- If appropriate i.e where a risk to the individual is likely, we will inform those individuals affected.
DISPOSAL OF DATA
- Clinical notes and personal data will be destroyed by shredding and the deleting of relevant information from our computer system after 8 years ( or the relevant time frame for children or pregnant women).
- Personal data relevant to other therapists using the facilities at Nicola Johnson Physiotherapy will be deleted from our computer system at the time when their contract to use the room ceases.
- Data related to suppliers of goods to Nicola Johnson Physiotherapy will be deleted when no longer required
Nicola Johnson Physiotherapy is a data controller for the purposes of the Data Protection Act 1998 and GDPR May 2018.
The nominated Data Processor is Nicola Johnson, on behalf of Nicola Johnson Physiotherapy.
The nominated Data Protection Officers is Nicola Johnson, on behalf of Nicola Johnson Physiotherapy.
May 2018 NJ
Nicola Johnson Physiotherapy
Swan Cottage
Much Marcle
Ledbury
HR8 2LY
T: 07891 378379
nicola@njphysio.co.uk