Eileen Lewis Physiotherapy GDPR Policy
Eileen Lewis Physiotherapy is committed to protecting and respecting the privacy of my patients. this policy ensures that I comply with the relevant provisions of the General Data Protection Regulations ( GDPR 2018) with reference to the information provided by the Information Commissioners Office (ICO). The data controller is Eileen Lewis, 11 Bakers Close , Turvey, Bedford, MK43 8GJ.
Principles Of GDPR:
I shall ensure that your information will be; fairly and lawfully processed; processed for a lawful purpose; adequate, relevant and not excessive; accurate and up to date; not kept longer than necessary; processed in accordance with your rights; secure.
Sensitive Personal Data:
Clinical records contain sensitive personal information and is recorded in accordance with the relevant professional standards and legal obligations. Consent will be obtained before sensitive personal data is shared, for example with General Practitioners, other health professionals or insurers. You can ask to see a copy of any correspondence before it is sent.
You will be asked to give your full name and telephone number when you book your initial appointment by phone in person or by text or email. When you come to your initial appointment you will be asked to complete a registration from and sign a consent with reference to my privacy notice to allow me to process your information. All your relevant medical and personal information will be collected at your initial assessment. This will be recorded on paper and will not be shared without consent.
The physiotherapy notes will be owned by me and you have the right to access this information I hold. I will endeavour to respond to such a request asap and at the most within 21 days I will reply to this request and within 30 days I will ensure access to records. I will keep data accurately and ask you to notify me of any changes to information held and also to note you have the right to have any inaccurate data corrected or erased. This does not apply when there is a legal requirement to retain records or corrections or mistakes in the interest of all parties to which they apply and no alterations can be made to the clinical record.
Monitoring Data Protection:
I will conduct a GDPR Risk Assessment annually to document ; type of information I hold; where the data is being stored; how data is being processed; whether the data is being collected and stored in accordance with my policies; records of consent; records of data breaches.
Data Retention and Destruction
Your information will be retained in accordance with legal requirements. Clinical notes are kept for 8 years and anything financial is retained for 7 years. Data will be securely destroyed once the retention period has expired.
I will not share your personal information with anyone without your consent. If you are paying for treatment through a health insurer they may require me to share information. It may not be possible to process your claim without this but if you wish you can ask to see any information or reports before they are shared.
Physiotools is the tool I currently use to provide exercises to you. This secure system requires your full name and email address so that you can receive your exercises. There is a contractual agreement that protects against them using this information for any other purpose.
Some of your personal data such as GP letters and invoices are stored on my computer which is encrypted. This is backed up on the cloud every night and paper clinical notes are stored in locked filing cabinets in a secure building belonging to me.
To arrange an appointment, call now on 01234 881400 or email: firstname.lastname@example.org
↑ Back to Top
Get in touch!
I am always happy to answer any questions you may have.
Call now on: 01234 881400 or email:
I am Registered...
I am a member of the Health Professions Council, Chartered Society of Physiotherapy, PhysioFirst ands The Acupuncture Association of Chartered Physiotherapists