RISE Physiotherapy and Pilates Data Processing Policy
Who are we?
Rise Physiotherapy and Pilates is the trading name of a partnership: Simon Carley-Smith and Stephanie Carley-Smith. We are the only people that have access to the data that you provide to Rise Physiotherapy and Pilates.
Rise Physiotherapy and Pilates will be what’s known as the ‘Controller’ of the personal data you provide to us.
What data do we hold, where is it stored and how is it secured?
We legally have to collect and hold certain Personal Data and Special Category Data for the purposes of Physiotherapy and sports massage, keeping a record of the therapy that has taken place at each appointment to fulfil legal and professional obligations imposed by the Heath Care Professions Council and Chartered Society of Physiotherapy. For all our services (currently Physiotherapy, Sports Massage, Pilates 1:1 and group classes (mat, pre-natal, post-natal and reformer) We collect the following data: Names, Dates of birth, current address, telephone and email addresses. We also collect: registered GP Surgery, previous medical history, drug history and social history as part of a comprehensive subjective history taking, which is seen as an industry standard amount of information required to have a full picture of a person’s health in order to clinically reason and professionally administer safe and effective therapeutic interventions.
Our clinicians use paper notes for physiotherapy and sports massage, these are stored securely in locked filing cabinets in a lockable room.
Where patients have called or texted us or we have called or texted them, our smart phone is used. This automatically stores telephone numbers and where manually entered, their names, as well as text content. Specific medical information is not discussed in texts. The telephone is locked by a 6 digit pin code making the records on it inaccessible in the event of loss or theft.
Follow up emails are routinely sent to patients asking for them to keep us updated of their progress. If a specific summary of findings and rehabilitation advice is offered it is attached in an encrypted document, the client will be sent a password via a separate channel to unlock this (e.g. text).
How do we get this data?
During the online booking process for Physiotherapy, sports massage and pilates clients are asked to enter their name, address, date of birth and some details of their present condition and history of any problems, which can contain medical information classed as special category data. This is entered by clients into an online pre-assessment sheet which is held within the password secured online booking system run by www.acuityscheduling.com. Because this system operates outside the EU we have signed an international data transfer agreement. By booking through this system clients are accepting that their data will be transferred and held by this secure system which meets international and european data protection standards.
At first assessments for physiotherapy and sports massage clients fill in a paper form by hand that includes all the above stated personal data. Previous medical history, social history and drug history is often clarified and recorded by the treating therapist on the same form by hand. This information is re-confirmed/checked at subsequent appointments to ensure it is up to date.
Why do we have this information?
To comply with standards set by the HCPC and CSP we need to collect the above special category data for Physiotherapy. To do the same for sports massage is thorough and best practice in order to keep fully comprehensive records of patient health and therapeutic care administered. Pilates is an active pastime, and when delivered in a personalised programme can also be considered as therapeutic exercise. As such it is best practice to be aware of clients’ medical health where it may affect the client’s ability to take part in the activity. This allows our instructors to adapt the exercises to deliver the safest and most effective programme for that individual.
Email addresses are requested and kept as a convenient point of contact for patients. They are not a required category. A checked box is offered to opt in to future marketing contact from Rise Physiotherapy and Pilates, with the purpose of keeping clients in touch with the activities and products of our company.
How long do we keep information?
We keep all records for 8 years from the date of the last appointment or their 18th birthday (whichever date is the latter) in line with the DPA. If clients have opted in to emails for marketing they will continue to stay on the list, with the option of unsubscribing at any time.
Our policy is to shred all paper records once they pass the 8 year threshold, and to pay an external, officially credited company to correctly erase electronic records and data when required.
When do we share this information?
We never share this information with third parties for any commercial reasons. We may communicate specific and limited information to your GP in writing, only when specifically agreed with the client in question and required for further investigations or medical input.
Healthcare professionals are legally bound to share limited and specific information on the extremely rare occasion that it relates to the safeguarding of a vulnerable child or adult, and this would only be to relevant authorities in line with safeguarding legislation.
What are your rights?
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office https://ico.org.uk/