Introduction:
Back2Basics is committed to protecting the privacy and security of our patients' personal data. This policy outlines how we collect, process, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable laws and regulations.
Lawful basis for processing:
- We process personal data for the purpose of providing physiotherapy treatment to our patients. We rely on the following lawful basis for processing personal data:
- The patient's consent
- The necessity to provide treatment
- Legitimate interests of the practice
Types of personal data:
- We collect, process, and store the following types of personal data:
- Patient's name, contact details, and date of birth
- Medical history and health records
- Diagnosis and treatment plans
- Billing and payment information
Data processing:
- We process personal data for the following purposes:
- To provide physiotherapy treatment to our patients
- To communicate with our patients regarding their treatment
- To manage and maintain patient records
- To process billing and payment information
Data retention:
- We retain personal data for as long as necessary to provide physiotherapy treatment and meet our legal obligations. Patient records are retained for a minimum of 8 years from the date of the last treatment, or until the patient reaches the age of 25 if they were under 18 when the treatment was provided.
Data security:
- We take appropriate technical and organisational measures to protect personal data from unauthorised or unlawful processing, accidental loss, destruction, or damage.
These measures include:
- Secure storage of physical records
- Password protection and access controls for electronic records
- Regular software updates and security patches
- Staff training and awareness on data protection
Patient rights:
- Our patients have the following rights regarding their personal data:
- The right to access their personal data
- The right to rectify their personal data
- The right to erasure of their personal data
- The right to restrict processing of their personal data
- The right to data portability
- The right to object to processing of their personal data
- The right to lodge a complaint with a supervisory authority
- Patients can exercise these rights by contacting the practice in writing.
Data breaches:
- In the event of a personal data breach, we will take appropriate measures to mitigate the effects of the breach and notify the affected individuals and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.
Conclusion:
Back2Basics is committed to protecting the privacy and security of our patients' personal data. We will regularly review and update our GDPR policy to ensure that it is in line with current regulations and best practices.