Stourbridge Physiotherapy Practice Limited wants you to be confident that the personal data we hold for you is safe and secure.
We collect your data in a number of ways and it is kept confidential at all times.
What data will be collected and by whom?
As a practice, the data will be collected initially by the reception staff and will be name, address, telephone number, date of birth and your GP practice you are registered with. (This is your basic data)
The physiotherapist will then collect your recent medical history and a description of your current symptoms and concerns. (This is your sensitive data)
Where is my data stored?
Your basic data is stored on our desktop computer which can only be accessed by staff using 2 different passwords. No sensitive data is stored this way. Data may be used for analysis.
Your sensitive data is stored on our paper-based files only which is kept in locked cabinets when the practice is closed. Once discharged the data is kept locked away for 7 years until it is shredded.
Will my data be shared?
The data will only be shared with the following and for the reasons given:-
GP/Consultants: We may write to your GP/consultant if symptoms do not ease or get worse. This may be to ask for further investigations or to give them a report on your condition. We will ask for your permission before we do this.
Insurance company: If you have been referred to us by an insurance company we have to provide them with initial assessments and discharge reports. You will sign a document at your initial assessment with us to authorise this.
Staff: In the course of completing their jobs staff may see sensitive information on your treatment notes. All staff have signed a confidentiality clause as part of their job contract.
Imaging Services: If we have to refer you on to an imaging service for MRI or ultrasound we have to give them your basic data such as address, DOB etc and then a brief history of the issue and why we are asking for it to be scanned.
Card Companies: When you pay by card your data is shared when you enter your pin number into our card machine. The receipt that we keep is kept in a locked box in a locked cupboard.
Who has access to your data?
Physiotherapists have access to both basic and sensitive data to enable them to treat you.
Receptionists have access to your basic data. In carrying out their job they may see sensitive data but have signed confidentiality agreements.
We may need to contact your GP or send them a report of your treatment/symptoms.
We may need to send an assessment and discharge report to your insurance company if you have been referred to us by them.
How your data will be used?
To enable the clinic to provide you with the best treatment possible.
To provide you with an invoice by post or email for payments due or a receipt for payments made.
To send you a text message reminder of appointments.
What legitimate interest does the clinic have for using your data?
As a healthcare provider Stourbridge Physiotherapy Practice needs your data to complete your treatment and to allow us to comply with our legal requirements.
What is considered as special or sensitive data?
Health data (including genetic) is sensitive data. This is needed as a requirement to treat you. Other sensitive data Eg. Racial, political, religious, biometric and sexual is not collected by us or recorded in any way unless you specifically ask for it to be recorded.
Right to be forgotten
You have the right under the law to ask companies to remove your data from their systems. We are able to do this but not until after 7 years have passed after you have been discharged. This is the legal minimum we have to keep your notes by law and this law over rules GDPR.