I hold information about you in accordance with The Osteopathic Standards, Code of Practice Standard C8 as follows: Dates of the consultations, personal details, your problems and symptoms, relevant medical, family and social history, clinical findings, information and advice I provide, whether this is provided in person or via the telephone, diagnoses and treatment plans, records of consent, investigation or treatment and the results, any communication with, about or from you, copies of any correspondence, reports, test results (X-Ray, MRI, Blood etc.), clinical response to treatment and treatment outcomes, whether a chaperone was present or not required, whether a student or observer was present.

Security: I am committed to protecting your privacy and will only use the information collected lawfully in accordance with the Common Law Duty of Confidentiality, the General Osteopathic Practice Standards and the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018. Records held on computer are on a secure server, on paper or a mixture of both, and I use a combination of working practices and technology to ensure that your information is kept confidential and secure. More detail can be found in my Data Protection Policy at your request. Reception staff have access to your contact telephone numbers only, for administrative purposes, but do not have access to your medical records.

The Legal Basis under which I hold your data: The lawful basis for processing special category health data for direct care is that:
‘processing is necessary for compliance with a legal obligation to which the controller is subject’ (Article 6(1)(c).

The special category condition for processing for direct care is that processing is:
‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...’ (Article 9(2)(h)).

Further use of data: Information may be used for clinical audit to monitor the quality of the service provided. If this is the case, I take strict measures to ensure that individual patients cannot be identified.

Sometimes your information may be requested to be used for research purposes – I will always gain your explicit consent before releasing the information for this purpose. I may also use external companies to process personal information, such as for archiving and backup purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.

Referral Procedures: I will not share any of your information with any third party without your explicit permission in the form of a written consent. This may take the form of a referral to another specialist or the transfer of your records to another practitioner. This practice will always gain your explicit consent before releasing the information for such a purpose.

Record Retention Policy: I retain these records for 8 years after your last visit or if the patient is a child, until their 25th Birthday. (In accordance with The Osteopathic Standards, Code of Practice Standard D6 3.1, 3.2). This effects your right to erasure under the GDPR guidelines, as we have a lawful basis for retaining your records. Certain “personal data”, however, can be erased, such as your email address and your mobile telephone number. This practice will always gain your explicit consent before erasing or amending this information.

Right to access (Subject Access Request) or amend your records:

•    Your request must be made in writing and signed

•    I will respond to your request within 1 month

•    You will need to give adequate information and proof of identity.

•    There will be NO CHARGE

It is important that you tell me if any of your details, such as your contact details, have changed or are incorrect so that I can amend my records. You have a responsibility to inform me of any changes so that communication of personal information is sent to the correct person and not mislaid.

I am registered with the Information Commissioners Office (ICO).

Data Controller: Grit Koenigs (Osteopath)

ICO Registration Reference: ZA324000

Address: 33 Canford Road, London SW11 6PB

Telephone: 07887 763 210

Email: grit@jointhealthclinic.com

Data Protection Officer: Data Controller (as above)

Information Commissioners Office (ICO): www.ico.org.uk, casework@ico.org.uk, Telephone: 0303 123 1113 (local rate) or 01625 545 745