Dear Patient,

You may have heard about the new General Data Protection Regulation (“GDPR”), that comes into effect May 25, 2018. To help us comply with GDPR consent requirements kindly read the following update to Roseneath’s Data Protection Policy.

Data Protection Code of Practice
Our data protection code of practice lays out our procedures that ensure Roseneath Medical Practice and our employees comply with The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Roseneath is registered with The Information Commissioner’s Office as a Data Controller.

What data do we store?

To provide patients with a high standard of medical care and attention, we need to hold their personal information. This personal data can include:

  • Past and current medical condition; personal details such as age, address, telephone number, email address and general medical practitioner
  • Information about treatment that we have provided or propose to provide and its cost
  • Treatment invoices
  • Tests requests and results
  • Notes of conversations or incidents that might occur for which a record needs to be kept
  • Records of consent to treatment
  • Any correspondence relating to you with other healthcare professionals, for example in the hospital

We do not store payment details such as card or bank details.

What do we use the data for?
We need to keep comprehensive and accurate personal data about patients to provide them with safe and appropriate medical care. We will ask you annually to update your medical history and contact details. We only use data to manage your treatment and stay in touch with you. We do not sell or forward on the data to any other parties.

SMS/email notifications and marketing, test results and recall cards
We occasionally send you information via the above media. This information includes appointment recalls, test results, occasional marketing notifications and holiday wishes. Should you not wish to receive this type of information kindly ask our Reception Team to amend your records. Please note that due to the specification of software we are using, we currently cannot choose the type of information you would like to opt out from, once you decide to opt out you will be removed from all lists (inc. appointment reminder notifications and recalls).

What software do we run to manage data?
We use the following software to store and handle our data. All software systems are fully or are working towards being fully GDPR compliant by 25th May 2018.

  • Crosscare – GDPR compliant
  • TDL laboratory software – GDPR compliant
  • LiveDrive – Online backup – GDPR Compliant
  • Offsite Microsoft Exchange and locally Outlook 2013 for Emails – GDPR Compliant
  • General documents are stored on our servers which are password protected

Security of information
The data is stored on our servers located in a dedicated room along with a secure on & off site back up. The information is only accessible to authorized team members.

Disclosure of information
In order to provide proper and safe medical care, we may need to disclose personal information
about you to:

  • your general medical practitioner
  • the hospital or other medical services
  • other health professionals caring for you
  • private medial schemes of which you are a member.

Disclosure will take place on a ‘need-to-know’ basis (only that information that the recipient needs to know will be disclosed).
In very limited circumstances or when required by law or a court order, personal data may have
to be disclosed to a third party not connected with your health care. In all other situations,
disclosure that is not covered by this Code of Practice will only occur when we have your
specific consent.

Retaining information
All data is retained for the appropriate lengths of time in compliance with all applicable legal, regulatory and contractual requirements. We will retain your medical records while you are a practice patient and after you cease to be a patient, for ten years or for children until age 25, whichever is the longer. Once this period has lapsed, your digital data is archived and only deleted if specifically requested.

Access to your records
You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to your doctor. Please note that you will be asked for ID verification when requesting access to your records.

If you do not agree
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with your doctor. You have the right to object; however, this may affect our ability to provide you with dental care.

You have a right to withdraw your consent at any time, however this will not be retrospective.

Kind regards,

Roseneath Medical Practice