Access to information held by the practice
We may be asked to disclose information, documents or records held by the practice. Requests for personal information are made under data protection legislation and under freedom of information legislation for information about the NHS services provided by the practice.
Requests for personal information or for information about the practice that is not included in the practice information leaflet should be passed to Peter Martin.
This policy describes who can request information and how and the practice procedures for managing these requests.
Requests for personal information
Personal information is any information that allows an individual to be identified. This includes information where the individual is not named but a cross-reference to other information held by the practice would allow identification.
Date protection legislation allows individuals to request access to their personal information. Those eligible to request access include:
The request
The request must be made in writing and describe the type of information required with dates, if possible, and include sufficient information to ensure correct identification (name, address, date of birth, for example). You must check that the person asking for information has the right to do so and, if necessary, ask for proof of identity.
We will provide the requested information within one month of receiving the request or confirming the individual’s identity.
The information
We will usually provide the information requested in electronic form using secure means, unless the individual asks for the information in paper format or otherwise agreed. The individual may also come to the practice to view the original version under supervision and on practice premises.
We will provide the information in a way that can be understood by the individual making the requests and may need to provide an explanation to accompany dental clinical notes.
Unfounded or excessive requests
Where requests are manifestly unfounded or excessive (particularly if they are repetitive), we can:
Requests for information about the practice
Freedom of information legislation allows anyone to ask for information about the provision of NHS services. The available information is described fully in the practice guide to information available under FOIA and the model publication scheme. If the requested information is part of a larger document, we will disclose only the relevant part.
A freedom of information request cannot include clinical records or financial records.
The request
The request must be made in writing and should describe the information that they want and with dates, if possible. The individual making the request does not have to give a reason.
The charges for information provided under a freedom of information request are included in the practice guide and the model publication scheme
We will provide Information within 20 working days of receiving the request or confirmation of identity or, if applicable, from the receipt of the fee.
It may be possible to extend this timescale if we need more information about the request or are taking legal advice on whether an exemption applies. We must inform the person making the request if we need to extend the 20-working-day deadline.
The information
Most of the information covered by a freedom of information request is available in the practice information leaflet or on the practice website. Requests for other information should be referred to Peter Martin. If we do not hold the information requested, we will inform the individual within the 20-working-day time limit.
We will provide information in a way that is convenient for the person who requested it, which may be in writing, by allowing the applicant to read it on the premises, or, if the information is held electronically, in a useable electronic format.
We are not required to respond to
Date: 30th March 2018
Review date: 30/3/19
Practice Policy for collecting patient charges
Despite being classified as an NHS organisation, Barrow Street Dental Practice is privately-owned and needs to have a revenue stream to stay in business. As such, we need to collect charges from patients for dental care; this includes private fees agreed under fee per item arrangements and third-party mediated fees (mainly NHS fees set by the Department of Health and certain charges related to patients on capitation schemes such as Denplan). We accept payment by cash, cheque (up to the value of guarantee card) or electronically with chip and pin debit/credit cards. We cannot accept payment if the card holder is not present.
Under normal circumstances, patients will be given an estimate of the costs at the first visit of a course of treatment. This will be in writing (unless for a Band 1 NHS course of treatment with only one visit) using a form FP17DC (or equivalent) for NHS work and an itemised estimate for private work. Indicative private fees and current NHS fees are on notice boards in the waiting areas and on the practice website.
It is expected that payment would be made on the day when the work is carried out and the NHS regulations state that the full cost of a course of treatment is chargeable at the outset of treatment; patients in receipt of benefits should be aware of their obligations to pay for NHS treatment as our staff cannot offer advice in this area.
Credit
We are unable to offer credit terms as this is an area regulated by the Financial Conduct Authority and we have no legal right to offer financial services. It is sometimes possible to defer a small payment with agreement of the practice manager or dentist but this does not constitute any form of credit arrangement.
Bad Debts
If payment is not made for treatment at the time of the appointment or at least before the end of the treatment, we will request payment by post. If, after 2 reminders are sent a month apart, payment is still not received we may employ a debt collecting agency to pursue the matter on our behalf and would decline to provide dental services while the debt was outstanding (as is allowed under NHS regulations).
Refunds
Should there be a problem with work carried out or advanced payment for work that is subsequently not completed, we will refund the balance of the payment after deducting the cost of completed treatment. If payment was made by credit/debit card, the refund must be made to the same account as any alternative would risk fraud.
Peter Martin, (Practice owner)
Practice complaints handling policy
We are committed to providing high quality care for all and will ensure that our patients and their representatives can seek advice, provide feedback or make a complaint about any aspect of our service. This policy describes how we receive, manage, respond to and learn from complaints made about our service. All members of the team are expected to understand and follow this policy when dealing with a patient complaint.
The key aspects of this policy are that:
Information for patients
We believe that if a patient wishes to make a complaint or register a concern about any aspect of our service, they should find it easy to do so. Our code of practice for handling complaints, encourages patients to let us know when our service has not met their expectations and explains how we will investigate their complaint and keep them informed.
Copies of our code are available on request from reception or by email from the practice email ([email protected])
Our approach to complaints
A complaint can be made by a patient of the practice or a person acting on their behalf if the patient is a child, has physical or mental incapacity, has consented to the person acting on their behalf, or has delegated authority to act on their behalf. A complaint can also be made by an individual who is, or is likely to be, affected by our actions, inactions, decisions or omissions.
A complaint provides us with the opportunity to identify where our practice systems have failed and what we can do to improve our service. In dealing with a complaint, we will
Practice complaints process
Handling a complaint efficiently and sympathetically from the outset may encourage early resolution and avoid the need for a formal complaint process, involving investigation and formal reports, which is stressful and time-consuming for all concerned.
When making a complaint, an individual usually wants an apology and to know what happened and why, what will be done to put it right, what action will be taken immediately and to prevent the cause for complaint happening again.
Receiving complaints
All members of the team must be able to receive a complaint or feedback (verbal or written) and deal with it appropriately. You should bear in mind that the individual making the complaint may not refer to their concern as a complaint.
The practice Complaints Manger, Peter Martin, is responsible for dealing with all complaints received by the practice, unless immediate resolution is possible. The responsible person in charge of overseeing our complaints procedure and implementing changes where necessary is also Peter Martin.
Verbal complaints: Listen to what the individual is saying and be polite and considerate; avoid justifying the action that led to the complaint or being dismissive of the individual’s concerns. Where possible and, depending on the nature of the complaint, you should aim to resolve the matter as soon as it is received, making a note of the complaint and how you resolved it and pass the information to the Complaints Manager, Peter Martin.
If you are unable to resolve the complaint immediately, you should encourage the individual to speak with the Complaints Manager. If the Complaints Manager is not available, you should take brief details of the complaint and arrange a convenient time for the Complaints Manager to contact the individual. Your notes should be passed to the Complaints Manager and a copy given to the patient, together with a copy of the code of practice for handling patient complaints.
If the complaint requires an urgent response and the Complaints Manager is not available, you should pass the complaint to Julie Woods or any other member of staff.
Written complaints: If you receive a written complaint (by letter or email.), you should pass it immediately to the Complaints Manager.
Acknowledgement
The Complaints Manager will acknowledge the complaint in writing within three working days and enclose a copy of our code of practice for handling complaints. If a delay in acknowledging the complaint is anticipated, the reason for the delay will be explained to the individual.
The acknowledgement will include
Local organisations that can provide help:
Complainants can obtain advice and information from the Independent Complaints Advocacy Team at the local NHS Healthwatch – see.healthwatch.co.uk/find-local-healthwatch for contact details
Investigation
The purpose of the investigation is to
We aim for the investigation to be completed and for the individual to receive the report promptly, ideally within 10 working days. If this is not possible we will explain this to the individual and provide an update on progress at least every 10 working days.
Response
Before providing a written response, we will invite the individual to a meeting to discuss the findings of our investigation.
Our written response to the individual will
Records
The Complaints Manager keeps full records of all complaints, investigations and responses. These records are kept securely and not with the individual’s clinical records (if they are a patient of the practice). These records include:
Learning from complaints
We adopt a no-blame approach to complaints that we receive but recognise that all feedback provides an opportunity for us to develop and improve our service.
As soon as possible after a complaint has been dealt with, we will ensure that those involved are given individual feedback. Where our investigations identify a need to improve or review our practice systems, we will encourage general discussion at practice meetings and seek suggestions for improvement. Any agreed changes will be kept under review.
We will undertake ongoing monitoring of all complaints to identify trends and assess training requirements.
Date: February 2023
Review date: February 2024
Data protection privacy notice for patients
In providing your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.
Information that we collect
We may collect the following information about you:
Personal details such as your name, date of birth, national insurance number, NHS number, address, telephone number and email address
Information about your dental and general health, including
Peter Martin is responsible for keeping secure the information about you that we hold.
Our data protection officer (Jodie Wilde) ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly. She can be contacted at the practice directly.
Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.
How we use your information
To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you. This is primarily used to ensure that comprehensive records of dental care are kept and that we can contact you to help maintain dental health.
We will seek your preference for how we contact you about your dental care. Our usual methods are telephone (text message), email or letter.
Occasionally, we use some records (including x-rays and photographs) for teaching purposes. Should we do this, we will ask for permission and anonymise the information
Sharing information
Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
Keeping your information safe
We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to ensure security of the practice premises, the practice filing systems and computers
We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.
We keep your records for 10 years after the date of your last visit to the Practice or until you reach the age of 25 years, whichever is the longer.
Access to your information and other rights
You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.
You can also request us to
If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).
Date: 30th March 2018
Reviewed: 29/3/19
Reviewed 30/4/20
Reviewed 17/3/23
Data security policy
This dental practice is committed to ensuring the security of personal data held by the practice. This policy is issued to all staff with access to personal data at the practice and will be given to new staff during their induction. If any member of the team has concerns about the security of personal data within the practice they should contact Peter Martin.
All members of the team must comply with this policy.
Confidentiality
Physical security measures
Information held on computer
Any loss, damage to or unauthorised disclosure of patient information must be reported immediately to Peter Martin (practice owner) or Jodie Wilde (DPO).
If the breach results in a high risk of adversely affecting individuals’ rights and freedoms we also inform those individuals without undue delay. We will report certain types of personal data breaches to the ICO within 72 hours of becoming aware of the breach, where possible. We keep contemporaneous records of any personal data breaches.
Date: 30th March 2018
Reviewed 24/3/19
Reviewed: 30/4/20
Reviewed 17/3/23
We may be asked to disclose information, documents or records held by the practice. Requests for personal information are made under data protection legislation and under freedom of information legislation for information about the NHS services provided by the practice.
Requests for personal information or for information about the practice that is not included in the practice information leaflet should be passed to Peter Martin.
This policy describes who can request information and how and the practice procedures for managing these requests.
Requests for personal information
Personal information is any information that allows an individual to be identified. This includes information where the individual is not named but a cross-reference to other information held by the practice would allow identification.
Date protection legislation allows individuals to request access to their personal information. Those eligible to request access include:
- A person aged 16 years or older
- The parents or guardians of a child under the age of 16 years and in connection with the health and welfare needs of the child
- A child under the age of 16 years who has the capacity to understand the information held by the practice. Children aged 11 years and under are deemed too young
- A third party, such as a solicitor, who has the written consent of individual concerned – checks should be undertaken to ensure that the consent is genuine – for example, by checking the patient’s signature or contacting the patient directly to confirm that they have given consent for the information to be disclosed.
- The administrator or executor of the deceased person’s estate
- A person who has a legal claim arising from the person’s death – the next of kin, for example. The person should explain why the information requested is relevant to their claim.
The request
The request must be made in writing and describe the type of information required with dates, if possible, and include sufficient information to ensure correct identification (name, address, date of birth, for example). You must check that the person asking for information has the right to do so and, if necessary, ask for proof of identity.
We will provide the requested information within one month of receiving the request or confirming the individual’s identity.
The information
We will usually provide the information requested in electronic form using secure means, unless the individual asks for the information in paper format or otherwise agreed. The individual may also come to the practice to view the original version under supervision and on practice premises.
We will provide the information in a way that can be understood by the individual making the requests and may need to provide an explanation to accompany dental clinical notes.
Unfounded or excessive requests
Where requests are manifestly unfounded or excessive (particularly if they are repetitive), we can:
- Charge a reasonable fee taking into account the administrative costs of providing the information; or
- Refuse to respond.
Requests for information about the practice
Freedom of information legislation allows anyone to ask for information about the provision of NHS services. The available information is described fully in the practice guide to information available under FOIA and the model publication scheme. If the requested information is part of a larger document, we will disclose only the relevant part.
A freedom of information request cannot include clinical records or financial records.
The request
The request must be made in writing and should describe the information that they want and with dates, if possible. The individual making the request does not have to give a reason.
The charges for information provided under a freedom of information request are included in the practice guide and the model publication scheme
We will provide Information within 20 working days of receiving the request or confirmation of identity or, if applicable, from the receipt of the fee.
It may be possible to extend this timescale if we need more information about the request or are taking legal advice on whether an exemption applies. We must inform the person making the request if we need to extend the 20-working-day deadline.
The information
Most of the information covered by a freedom of information request is available in the practice information leaflet or on the practice website. Requests for other information should be referred to Peter Martin. If we do not hold the information requested, we will inform the individual within the 20-working-day time limit.
We will provide information in a way that is convenient for the person who requested it, which may be in writing, by allowing the applicant to read it on the premises, or, if the information is held electronically, in a useable electronic format.
We are not required to respond to
- Vexatious requests for information, for example, requests that are designed to cause inconvenience, harassment or expense.
- Repeated requests for the same or similar information (unless the information changes regularly, for example performance or activity information)
Date: 30th March 2018
Review date: 30/3/19
Practice Policy for collecting patient charges
Despite being classified as an NHS organisation, Barrow Street Dental Practice is privately-owned and needs to have a revenue stream to stay in business. As such, we need to collect charges from patients for dental care; this includes private fees agreed under fee per item arrangements and third-party mediated fees (mainly NHS fees set by the Department of Health and certain charges related to patients on capitation schemes such as Denplan). We accept payment by cash, cheque (up to the value of guarantee card) or electronically with chip and pin debit/credit cards. We cannot accept payment if the card holder is not present.
Under normal circumstances, patients will be given an estimate of the costs at the first visit of a course of treatment. This will be in writing (unless for a Band 1 NHS course of treatment with only one visit) using a form FP17DC (or equivalent) for NHS work and an itemised estimate for private work. Indicative private fees and current NHS fees are on notice boards in the waiting areas and on the practice website.
It is expected that payment would be made on the day when the work is carried out and the NHS regulations state that the full cost of a course of treatment is chargeable at the outset of treatment; patients in receipt of benefits should be aware of their obligations to pay for NHS treatment as our staff cannot offer advice in this area.
Credit
We are unable to offer credit terms as this is an area regulated by the Financial Conduct Authority and we have no legal right to offer financial services. It is sometimes possible to defer a small payment with agreement of the practice manager or dentist but this does not constitute any form of credit arrangement.
Bad Debts
If payment is not made for treatment at the time of the appointment or at least before the end of the treatment, we will request payment by post. If, after 2 reminders are sent a month apart, payment is still not received we may employ a debt collecting agency to pursue the matter on our behalf and would decline to provide dental services while the debt was outstanding (as is allowed under NHS regulations).
Refunds
Should there be a problem with work carried out or advanced payment for work that is subsequently not completed, we will refund the balance of the payment after deducting the cost of completed treatment. If payment was made by credit/debit card, the refund must be made to the same account as any alternative would risk fraud.
Peter Martin, (Practice owner)
Practice complaints handling policy
We are committed to providing high quality care for all and will ensure that our patients and their representatives can seek advice, provide feedback or make a complaint about any aspect of our service. This policy describes how we receive, manage, respond to and learn from complaints made about our service. All members of the team are expected to understand and follow this policy when dealing with a patient complaint.
The key aspects of this policy are that:
- Our patients know how to complain and are confident that we will take their complaint seriously
- We will investigate all complaints and will keep the patient informed of the findings of our investigation
- We will learn from any complaints, concerns and feedback that we receive and use these lessons to improve our service.
Information for patients
We believe that if a patient wishes to make a complaint or register a concern about any aspect of our service, they should find it easy to do so. Our code of practice for handling complaints, encourages patients to let us know when our service has not met their expectations and explains how we will investigate their complaint and keep them informed.
Copies of our code are available on request from reception or by email from the practice email ([email protected])
Our approach to complaints
A complaint can be made by a patient of the practice or a person acting on their behalf if the patient is a child, has physical or mental incapacity, has consented to the person acting on their behalf, or has delegated authority to act on their behalf. A complaint can also be made by an individual who is, or is likely to be, affected by our actions, inactions, decisions or omissions.
A complaint provides us with the opportunity to identify where our practice systems have failed and what we can do to improve our service. In dealing with a complaint, we will
- Be open and transparent to ensure that all those involved understand the process and what to expect
- Acknowledge a complaint promptly
- Undertake evidence-based investigations
- Provide sympathetic responses within appropriate timeframes
- Identify the causes of complaints and act to prevent recurrence
- Learn lessons and implement change
- if the individual is a patient of the practice, ensure that their ongoing care is not adversely affected by the complaint.
Practice complaints process
Handling a complaint efficiently and sympathetically from the outset may encourage early resolution and avoid the need for a formal complaint process, involving investigation and formal reports, which is stressful and time-consuming for all concerned.
When making a complaint, an individual usually wants an apology and to know what happened and why, what will be done to put it right, what action will be taken immediately and to prevent the cause for complaint happening again.
Receiving complaints
All members of the team must be able to receive a complaint or feedback (verbal or written) and deal with it appropriately. You should bear in mind that the individual making the complaint may not refer to their concern as a complaint.
The practice Complaints Manger, Peter Martin, is responsible for dealing with all complaints received by the practice, unless immediate resolution is possible. The responsible person in charge of overseeing our complaints procedure and implementing changes where necessary is also Peter Martin.
Verbal complaints: Listen to what the individual is saying and be polite and considerate; avoid justifying the action that led to the complaint or being dismissive of the individual’s concerns. Where possible and, depending on the nature of the complaint, you should aim to resolve the matter as soon as it is received, making a note of the complaint and how you resolved it and pass the information to the Complaints Manager, Peter Martin.
If you are unable to resolve the complaint immediately, you should encourage the individual to speak with the Complaints Manager. If the Complaints Manager is not available, you should take brief details of the complaint and arrange a convenient time for the Complaints Manager to contact the individual. Your notes should be passed to the Complaints Manager and a copy given to the patient, together with a copy of the code of practice for handling patient complaints.
If the complaint requires an urgent response and the Complaints Manager is not available, you should pass the complaint to Julie Woods or any other member of staff.
Written complaints: If you receive a written complaint (by letter or email.), you should pass it immediately to the Complaints Manager.
Acknowledgement
The Complaints Manager will acknowledge the complaint in writing within three working days and enclose a copy of our code of practice for handling complaints. If a delay in acknowledging the complaint is anticipated, the reason for the delay will be explained to the individual.
The acknowledgement will include
- Confirmation that the matter will be investigated and that the individual will receive a report of the findings
- An offer to meet with the individual to discuss the complaint and gather information
- A description of how the complaint will be handles and who will be involved
- Anticipated timescales for the investigation and preparation of the report
- How the individual would like to be kept informed of progress
Local organisations that can provide help:
Complainants can obtain advice and information from the Independent Complaints Advocacy Team at the local NHS Healthwatch – see.healthwatch.co.uk/find-local-healthwatch for contact details
Investigation
The purpose of the investigation is to
- Understand what the complaint is about
- Establish what the individual would consider to be a satisfactory resolution
- Seek the views of other team members and seek suggestions on how to resolve the matter
- Identify other useful sources of information – for example, published research, suppliers
We aim for the investigation to be completed and for the individual to receive the report promptly, ideally within 10 working days. If this is not possible we will explain this to the individual and provide an update on progress at least every 10 working days.
Response
Before providing a written response, we will invite the individual to a meeting to discuss the findings of our investigation.
Our written response to the individual will
- Address all the issues raised and demonstrate that each has been fully and fairly investigated
- Include an apology where something has gone wrong
- Explain our conclusions and any action that we have taken as a result or explain why no further action is needed
- Include details of how to contact the NHS Ombudsman or the Dental Complaints Service if the individual remains dissatisfied
Records
The Complaints Manager keeps full records of all complaints, investigations and responses. These records are kept securely and not with the individual’s clinical records (if they are a patient of the practice). These records include:
- The date a complaint was received, by who and how (verbally or in writing)
- Details of the complaint and the results of the investigation
- Copies of any communications and records of telephone conversations and meetings
- The outcome of the complaint and any action that we took as a result
- Correspondence between the patient and the practice.
Learning from complaints
We adopt a no-blame approach to complaints that we receive but recognise that all feedback provides an opportunity for us to develop and improve our service.
As soon as possible after a complaint has been dealt with, we will ensure that those involved are given individual feedback. Where our investigations identify a need to improve or review our practice systems, we will encourage general discussion at practice meetings and seek suggestions for improvement. Any agreed changes will be kept under review.
We will undertake ongoing monitoring of all complaints to identify trends and assess training requirements.
Date: February 2023
Review date: February 2024
Data protection privacy notice for patients
In providing your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.
Information that we collect
We may collect the following information about you:
Personal details such as your name, date of birth, national insurance number, NHS number, address, telephone number and email address
Information about your dental and general health, including
- Clinical records made by dentists and other dental professionals involved with your care and treatment
- X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
- Medical and dental histories
- Treatment plans and consent
- Notes of conversations with you about your care
- Dates of your appointments
- Details of any complaints you have made and how these complaints were dealt with
- Correspondence with other health professionals or institutions
- Details of the fees we have charged, the amounts you have paid and some payment details
Peter Martin is responsible for keeping secure the information about you that we hold.
Our data protection officer (Jodie Wilde) ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly. She can be contacted at the practice directly.
Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.
How we use your information
To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you. This is primarily used to ensure that comprehensive records of dental care are kept and that we can contact you to help maintain dental health.
We will seek your preference for how we contact you about your dental care. Our usual methods are telephone (text message), email or letter.
Occasionally, we use some records (including x-rays and photographs) for teaching purposes. Should we do this, we will ask for permission and anonymise the information
Sharing information
Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:
- Your doctor
- The hospital or community dental services or other health professionals caring for you
- NHS payment authorities
- The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
- Private dental schemes of which you are a member.
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
Keeping your information safe
We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to ensure security of the practice premises, the practice filing systems and computers
We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.
We keep your records for 10 years after the date of your last visit to the Practice or until you reach the age of 25 years, whichever is the longer.
Access to your information and other rights
You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.
You can also request us to
- Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
- Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment)
- Stop using your information – for example, sending you reminders for appointments or information about our service
- Supply your information electronically to another dentist.
- If you do not agree
- If you do not wish us to use your personal information as described, you should discuss the matter with your dentist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.
If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).
Date: 30th March 2018
Reviewed: 29/3/19
Reviewed 30/4/20
Reviewed 17/3/23
Data security policy
This dental practice is committed to ensuring the security of personal data held by the practice. This policy is issued to all staff with access to personal data at the practice and will be given to new staff during their induction. If any member of the team has concerns about the security of personal data within the practice they should contact Peter Martin.
All members of the team must comply with this policy.
Confidentiality
- All employment contracts and contracts for services contain a confidentiality clause, which includes a commitment to comply with the practice confidentiality policy
- Access to personal data is on a ‘need to know’ basis only. Access to information is monitored and breaches of security will be dealt with swiftly by Peter Martin
- We have procedures in place to ensure that personal data is regularly reviewed, updated and, when no longer required, deleted in a confidential manner. For example, we keep patient records for at least 10 years or until the patient is aged 25 – whichever is the longer.
Physical security measures
- Personal data is only removed from the practice premises in exceptional circumstances and when authorised by Peter Martin. If personal data is taken from the premises it must never be left unattended in a car or in a public place
- Records are kept in a lockable fireproof cabinet, which is not easily accessible by patients and visitors to the practice
- Efforts have been made to secure the practice against theft by, for example, the use of intruder alarms, lockable windows and doors
- The practice has in place a business continuity plan in case of a disaster. This includes procedures for protecting and restoring personal data.
Information held on computer
- Appropriate software controls are used to protect computerised records, for example the use of passwords and encryption. Passwords are only known to those who require access to the information, are changed on a regular basis and are not written down or kept near or on the computer for others to see
- Daily and weekly back-ups of computerised data are taken and stored off-site. Back-ups are also tested at prescribed intervals to ensure that the information being stored is usable should it be needed
- Staff using practice computers undertake computer training to avoid unintentional deletion or corruption of information
- Dental computer systems have a full audit trail facility preventing the erasure or overwriting of data. The system records details of any amendments made to data, who made them and when
- Precautions are taken to avoid loss of data through the introduction of computer viruses. Loss of patient information
Any loss, damage to or unauthorised disclosure of patient information must be reported immediately to Peter Martin (practice owner) or Jodie Wilde (DPO).
If the breach results in a high risk of adversely affecting individuals’ rights and freedoms we also inform those individuals without undue delay. We will report certain types of personal data breaches to the ICO within 72 hours of becoming aware of the breach, where possible. We keep contemporaneous records of any personal data breaches.
Date: 30th March 2018
Reviewed 24/3/19
Reviewed: 30/4/20
Reviewed 17/3/23