Privacy Policy

Biddulph Physiotherapy and Sports Injury Clinic Privacy Policy

The following Privacy Policy outlines how Biddulph Physiotherapy and Sports Injury Clinic (trading name of M & J Chadwick Ltd) uses personal and confidential information to provide a physiotherapy service.

Introduction to GDPR

The data protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR) on the 25th May 2018. This is a new European framework for data protection laws. This will help to protect and unify how an individual’s information is managed. It gives you greater protection and rights and will give you more control over how your data is used. All patients are now required to consent to their personal information being used under their privacy policy guidelines. Biddulph Physiotherapy and Sports Injury Clinic recognise the importance of protecting personal and confidential information in all that we do and take care of its legal duties. Our Privacy policy has been written in accordance with the new rights of the individual within the new law.

What is a privacy policy?

A privacy policy is a statement that describes how we use, retain and disclose your personal information. We may amend this privacy policy to keep it accurate and to comply with any legal changes. To ensure that we process your personal data fairly and lawfully we are required to inform you of the following:

  • Who we are.
  • How to contact us.
  • What information we collect.
  • Why we need your information.
  • How we use your information.
  • How long will we keep your information.
  • Who we share your information with.
  • How will your information be kept.
  • How we dispose of your information.
  • Your choices and rights you have over your information.
  • Withdrawal of consent.

Who we are

Biddulph Physiotherapy and Sports Injury Clinic is the trading name of M & J Chadwick Ltd. We are a private physiotherapy clinic focused on providing a physiotherapy service to the general public.

Biddulph Physiotherapy and Sports Injury Clinic is registered with the Data Commissioners Office, registration number Z3039599.

In this policy “we” “us” or “our” refers to Biddulph Physiotherapy and Sports Injury Clinic.

Within Biddulph Physiotherapy and Sports Injury Clinic, Mark Chadwick has been appointed Data processor.

How to contact us

Biddulph Physiotherapy & Sports Injury Clinic.
4 Station Road, Biddulph, Stoke-on-Trent, ST8 6BJ.

If you have any queries regarding this privacy policy or any other points please contact 01782 519800 or email info@biddulph-physio.co.uk

The latest copy of this policy can be found on our website http://www.biddulph-physio.co.uk

What information we collect

Under the new regulations we can use and process personal information if we have an appropriate and lawful reason to do so. GDPR stipulates that information needs to me managed in a lawfully, fair and in a transparent manner.

We are required to collect personal information and sensitive personal data.

  • Patients

    Appointment enquiry: Name and telephone number.

    Registration: Name, Dob, Address, Marital status, Employment status, Hobbies.

    Consent: Signature
    Assessment: Sensitive information via a subjective assessment of your symptoms,
    Sensitive information via an objective assessment of your physical state.
    Medical co-ordination: Previous medical appointments, medical history
    Companies and alternative contact details,
    Insurance company: Membership number, authorisation number, patient
    financial details.
    Email: Email and email address.

  • Suppliers/ Insurance companies/medical co-ordination companies will have their company name, address, telephone number and email address stored.

We collect information about you by phone, email, by post, or face to face. We also collect information about you through third parties, (GP’s, consultants, other clinicians and health care professionals/providers, medical insurance companies, medical co-ordination companies acting on your behalf), those paying for your treatment.

We may collect information from your parent or guardian if under 18 years old, a family member acting on your behalf,

We also use, collect and store your financial details from cheques payments and third party payments.

Why we need your information

  • Voicemail

    When you initially contact Biddulph Physiotherapy and Sports Injury Clinic to arrange a physiotherapy appointment it is “within our legitimate interest” that we record your name and contact telephone number so that we can contact you to make an initial appointment or to reschedule an appointment.

  • Registration (personal details)

    Before we can assess you, it is our “legal obligation” to complete a registration form that is used to record your name, date of birth, address, telephone number, occupation, hobbies. Your personal details are held in case we need to contact you. Your age, occupation and hobbies will be used to formulate a clinical diagnosis and guide choice of treatment.

  • Consent

    It is our “legal obligation” to gain written consent to procedure with an assessment and treatment. It also signifies that they have been given the opportunity to read the privacy police and understand their rights to refuse treatment and rights with regards their personal data..

  • Assessment and Treatment (sensitive information)

    In order to make a diagnosis of your condition and to determine whether treatment is appropriate it is “our legitimate interest” and “legal obligation” to undertake a subjective assessment that includes documenting the history of your presenting condition, your past medical history, drug history, your aggravating factors, easing factors and diurnal pattern. Following your subjective examination an objective examination will be undertaken. This will require you getting suitably undressed to see the body part. This information will need to be stored and referred to, in order to provide ongoing treatment. The treatment modality will be recorded along with a treatment plan.

  • Medical co-ordination companies

    Patient who have been referred via a third party or have their physiotherapy treatment funded by an insurance company may be required to provide additional documentation such as referral letter, authorisation letter or payment details. It is our “legitimate interest” to gain this information. This information will be stored with your medical notes and used in correspondence with your third party or insurance companies.

  • Cookies

    Our website does not use cookies and therefore no tracking data is recorded.

How we use your information

We process your personal information for the purpose set out in this privacy notice. By law we must have a lawful reason for processing your information. We process both standard and specialist information in order to undertake a course of treatment, preventive or occupational medicine; insurance purposes, defend legal claims.

Appointment details

Your name and contact number will be stored following your initial telephone call to the Clinic. This information will be stored within a paper dairy. When not in use this information will be locked within a filling cabinet within the locked clinic room within the building.

Personal details

Your personal details disclosed during your registration will be used to contact you via telephone, email, letter or sms. This information may also be used to contact third parties, such as other health practitioners, third party refers and insurance companies.

Assessment documentation.

The notes written to document you assessment will be used to undertake a course of treatment. This information may also be used to inform third parties, such as other health practitioners, third party refers, insurance companies.

Marketing

We will not use your information to send marketing information to you or other third party in any format.

Continued processional development.

Your information may be used anonymously to enable continued professional development to be undertaken.

Research

Your information may be used anonymously for data analysis for research purposes.

Letter

Following an examination it may be deemed necessary to contact your GP. In most cases this will be by letter and posted. In more serious cases your Gp may be contacted by telephone. On rare occasions patient information may have to be passed to the emergency services.

Suppliers

Suppliers of medical equipment will have their contact details (name, address and telephone number) stored as digital information. This will be held on file for future reference so that orders can be placed. This will be held on an external storage device and kept within a locked cabinet within a locked room.

Third party medical co-ordination companies.

Medical co-ordination companies that refer patients for physiotherapy will have their contact details (company name, address and telephone number) stored as digital information. This will be held on file so that correspondence can be made. This will be held on an external storage device and kept within a locked cabinet within a locked room.

Medical insurance companies.

Medical insurance companies that fund the payment of physiotherapy services for their client will have their contact details (company name, address and telephone number) stored as digital information. This will be held on file so that correspondence can be made. This will be held on an external storage device and kept within a locked cabinet within a locked room.

Security

We are committed to keeping your information secure. Computer access is password protected. Computer hardware and software is stored in a locked cabinet in a locked room. Email are all send via E switch secure email.

How long will we keep your information.

  • Voicemail

    Personal details left via voicemail will be kept until an appointment has been arranged, or deleted after 7 days.

  • Patients consent, registration information and assessment information.

    Physiotherapy patients’ consent, registration information, assessment and treatment notes will be kept for the period of time in which you are receiving physiotherapy treatment, after which it will be stored as stated in this privacy policy and kept for the length of time outlined in the new GDPR and current clinical guidelines set by the Chartered Society of Physiotherapists (CSP).

Current CSP guidelines state that the notes of patients 18 or over at the time of treatment are to kept for 8 years. Notes of patients under 18 at the time of treatment are to be kept until they are 25 or 8 years after death.

You records may be kept indefinitely if you return for another episode of treatment.

Emails will be kept for the length of time as GDPR legislation.

Supplier companies, medical co-ordination companies and insurance companies data will be retained in accordance to GPDR legislation.

Who will we share your information with.

Your personal information will not be shared except in the following circumstances:

  • Other medical practitioners

    On occasions your personal information will have to be shared with other medical practitioners.

  • Medical co-ordination companies.

    Patients who have been referred via a medical co-ordination company working on their behalf will require your personal information, consent, and assessment findings to process your recovery.

  • Insurance companies.

    Patients who receive funding for their physiotherapy treatment from an insurance company will have their personal information included within the invoice sent to the insurance in order to process the payment for the treatment they have received,

  • Outside of the EU

    At no point will your personal information be transferred outside of the EU.

How will your information be kept.

  • Physiotherapy Notes

    Your information will be kept in the form of medical (paper) notes. Medical notes are kept within a locked filing cabinet within a locked room within the building.

  • Email

    Patients who have been referred via email from a third party should have had their personal information sent through a secure method requiring password access, All outgoing emails containing personal information will be sent using E Switch, a secure method requiring password access by the recipient.

    All historic emails will be stored and deleted in accordance with GDPR guidelines.

  • Digital information

    All digital information will be stored on an external memory storage and kept securely within a locked filing cabinet within a locked room. The information will be destroyed after the recommended length of time in accordance with GDPR and CSP guidelines.

    Patient who receiving funding through a medical insurance company may have (depending on which company) email correspondence. All outgoing emails will be sent securely via E switch.

  • Invoices

    All copies of patient paper invoices will be stored securely within a locked filing cabinet within a locked room.

  • Receipt books

    All receipt books will be stored securely within a locked filing cabinet within a locked room.

How we dispose of your information.

Following storage of your personal information for the legally stipulated period of time stated in this privacy policy medical notes containing personal and sensitive information will be destroyed securely and confidentially in accordance with the Chartered society of Physiotherapists guidelines.

Your rights and choices you have over your information

You have legal rights under the GDPR, summarised as follows:

  • The right to be informed about our information processing activities, including through Privacy Notices such as this.
  • The right of access to the personal information we hold about you. To request a copy of this information you must make a subject access request in writing to us.
  • The right of rectification. You may ask us to correct any inaccurate or incomplete information within one month.
  • The right to erasure and to restrict processing. You have the right to have your personal information erased and to prevent processing except where we have a legal obligation to process your personal information. You should bear in mind that by exercising this right you may hinder or prevent our ability to provide treatment.
  • The right to information portability. On your request, we will provide you with your personal information in a structured format.
  • If you want to invoke any of these rights please write to us see above.

Withdrawal of consent

Where you have provided your specific consent to the use of personal information, you may withdraw that consent by contacting us as above.

How to make a complaint

If you wish to make a complaint about how we hold or use your data, please contact us as above

If you are dissatisfied with how we deal with your complaint, you may contact the Information Commissioner's Office:

The Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire, SK9 5AF; Phone: 08456 30 60 60 Website: www.ico.gov.uk

Last updated: May 2018