Privacy Policy


GDPR – Data protection

At CFE dental practice, we take great care with all personal data we hold, to ensure we comply with best professional practice and with the law. For a copy of our Data privacy notice (ask at reception)

 

Privacy notice

CFE Dental practice

We are a Data controller under the terms of the Data protection Act 2017 and the requirements of the EU General Data Protection regulation.

This Privacy notice explains, what Personal data the practice holds, why we hold and process it, who might share it with, and your rights and freedom under the law.

Types of personal data

CFE holds personal data in the following categories:

  1. Patient Clinical and health data and correspondence
  2. Staff Employment data.
  3. Contractors data

Why we process personal data (what’s the “purpose”)

“Process” means we obtain, store and update our patient  / client database.

  1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
  2. Staff employment data is held in accordance with employment, taxation and Pension law.
  3. Contractors data is held for the purpose of managing their contracts.

What is the lawful basis for processing personal data?

The law says we must tell you this:

  1. We hold patients data because it is our legitimate interest to do so. Without holding the data we cannot work effectively ( also we must hold data on NHS care and treatment as it is a public task required by law).
  2. We hold staff employment data because it is a legal obligation for us to do so.
  3. We hold contractors data because it is needed to fulfil a contract with us.

 

Who might we share your data with?

We can only share data if it is done securely and it is necessary to do so.

  1. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken).   Patient information may also be stored securely and encrypted for backup purposes with our computer software suppliers) who may also store it securely.
  2. Employment data will be shared with government agencies such as HMRC.  

 

Your rights

You have the right to :

  1. Be informed about the personal data we hold and why we hold it.
  2. Access to a copy of your data that we hold contacting us directly, we will acknowledge your request and supply a response within one month or sooner.
  3. Check the information we hold about you is correct and make corrections if not.
  4. Have your personal data erased in certain circumstances.  
  5. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
  6. Tell us not to actively process or update your data in certain circumstances.

How long is the personal data stored for?

  1. We will store the data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store without further action) for a long as is required for medico-legal purposes as recommended by the nhs or other trusted experts such as our medico-legal indemnity advisors.  
  2. We must store employment data for 6 years after an employee has left.
  3. We must store contractors data for over 7 years after the contract is ended.

What if you are not happy or wish to raise a concern about our data processing?

You can complain in the first instance to CFE our Data protection officer who is Graham Murphy and we will do our best to resolve the matter. If this fails, you can complain to information commissioner at www.ico.org.uk/concerns or by calling 03031231113

 

CFE Dental-  CONFIDENTIALITY POLICY

At this practice the need for the strict confidentiality of personal information about patients is taken very seriously.   We follow the GDCs strict guidance of the matter. This document sets out our policy for maintaining confidentiality and all members of the practice team must comply with these safeguards as part of their contract of employment.

THE IMPORTANCE OF CONFIDENTIALITY

The relationship between dentist and patient is based on the understanding that any information revealed by the patient to the dentist will not be divulged without the patient’s consent.  Patients have the right to privacy and it is vital that they give the dentist full information on their state of health and ensure that treatment is carried out safely. The intensely personal nature of health information means that many patients would be reluctant to provide the dentist with information if they were not sure that it would not be passed on.  If confidentiality is breached, the dentist faces investigation by the General Dental Council and possible erasure from the Dentists Register and may also face legal action by the patient for damages and, for dentists, prosecution for breach of the 1998 Data Protection Act.

GENERAL DENTAL COUNCIL

All staff must follow the General Dental Council’s guidance for maintaining patient confidentiality a set out in  ‘ Standards for the Dental Team ‘

 

The dentist/patient relationship is founded on trust and a dentist should not disclose to a third party information about a patient acquired in a professional capacity without the permission of the patient.  To do so may lead to a charge of serious professional misconduct. A dentist should be aware that the duty of confidentiality extends to other members of the dental team. There may, however, be circumstances in which the public interest outweighs a dentist’s duty of confidentiality and in which disclosure would be justified.  Communications with patients should not compromise patient confidentiality. In the interests of security and confidentiality, for example, it is advisable that all postal communications to patients are sent in sealed envelopes.

 

WHAT IS PERSONAL INFORMATION?

In a dental context personal information held by a dentist about a patient includes:

  • The patient’s name, current and previous address, bank account details, telephone number/email address and other means of personal identification such as his or her physical description.
  • Information that the individual is or has been a patient of the practice or attended, cancelled or failed to attend an appointment on a certain day.
  • Information concerning the patient’s physical, mental or oral health or condition
  • Information about the treatment that is planned, is being or has been provided.
  • Information about family members and personal circumstances supplied by the patient or others.
  • The amount that was paid for treatment, the amount owing or the fact that the patient is a debtor to the practice.

 

DATA HELD FOR MEDICAL RECORDS

Patient  medical records are held in strictest confidence. We keep personal information such  name and address together with details of patient care, to ensure that our dentist has accurate and up to date information. Information is not passed on without your consent, unless it is by legal requirement, or is in the public interest i.e. if the patient or others are at risk of death or serious harm.

The registered under the Data Protection Act 2000. Most of our patient information is held in paper records and is only available to authorised users. All personal information is confidential and the consent of individual patients is generally needed before it can be given to anyone else. Sometimes, we may need to share information with other professionals involved in your care, but they also have a legal duty to keep it confidential.

Everyone working in the within the practice has a legal duty to maintain the confidentiality of patient information. We take this very seriously.

FREEDOM OF INFORMATION

This Act became operational on 1st January 2005.  Under the provisions of this Act any member of the public may request information from Dental Surgeries (as well as other public sector organisations).  You can make a request for information, in writing to Graham Murphy , 242 The Broadway, Cullercoats, North Shields, NE30 3DB.

Information may be provided free of charge. However, if there are administrative costs such as photocopying, there will be a nominal charge.

 

PRINCIPLES OF CONFIDENTIALITY

This practice has adopted the following three principles of confidentiality:

Personal information about a patient:

  • Is confidential in respect of that patient and to those providing the patient with health care.
  • Should only be disclosed to those who would be unable to provide effective care and treatment without that information (the need-to-know concept) and
  • Such information should not be disclosed to third parties without the consent of the patient except in certain specific circumstances described in this policy.

 

DISCLOSURES TO THIRD PARTIES

There are certain restricted circumstances in which a dentist may decide to disclose information to a third party or may be required to disclose by law.  Responsibility for disclosure rests with the patient’s dentist and under no circumstances can any other member of staff make a decision to disclose:

 

When disclosure is in the public interest
There are certain circumstances where the wider public interest outweighs the rights of the patient to confidentiality.  This might include cases where disclosure would prevent a serious future risk to the public or assist in the prevention or prosecution of serious crime.

When disclosure can be made
There are circumstances when personal information can be disclosed:

  • Where expressly the patient has given consent to the disclosure
  • Where disclosure is necessary for the purpose of enabling someone else to provide healthcare to the patient and the patient has consented to this sharing of information
  • Where disclosure is required by statute or is ordered by a court of law
  • Where disclosure is necessary for a dentist to pursue a bona-fide legal claim against a patient, when disclosure to a solicitor, court or debt collecting agency may be necessary.
  • Disclosure of information necessary in order to provide care and for the functioning of the NHS

Information may need to be disclosed to third party organisations to ensure the provision of care and the proper functioning of the NHS contract services .  In practical terms this type of disclosure means:

    • Transmission of claims/information to payment authority such as the BSA/DSD/DPD/CSA
    • In more limited circumstances, disclosure of information to the HA/HB
    • Referral of the patient to another dentist or health care provider such as a hospital.

 

DATA PROTECTION CODE OF PRACTICE

The Practice’s Data Protection Code of Practice provides the required procedures to ensure that we comply with the 1998 Data Protection Act and General Data Protection Regulations.  It is a condition of engagement that everyone at the practice complies with the Code of Practice.

 

ACCESS TO RECORDS

Patients have the right of access to their health records held.  A request from a patient to see records or for a copy must be referred to the dentist.  The patient should be given the opportunity of coming into the practice to discuss the records and will then be given a photocopy.  Care should be taken to ensure that the individual seeking access is the patient in question and where necessary the practice will seek information from the patient to confirm identity.  The copy of the record must be supplied within forty days of payment of the fee and receipt of identifying information, if required.

Access may be obtained by making a request in writing and the payment of a fee for access of up to £10 (for computer held records) or £50 (for those held manually or for computer held records with non-computer radiographs).  We will provide a copy of the records within 40 days of the request and fee (where payable) and an explanation of your records should you require it.

The fact that patients have the right of access to their records makes it essential that information is properly recorded.

PRACTICAL RULES

The principles of confidentiality give rise to a number of practice rules that everyone in the practice must observe:

  • Records must be kept secure and in a location where other patients or individuals cannot read them
  • Identifiable information about patients should not be discussed with anyone outside of the practice including relatives or friends
  • A school should not be given information about whether a child attended for an appointment on a particular day.  It should be suggested that the child is asked to obtain the dentist’s signature on his or her appointment card to signify attendance.
  • Demonstrations of the practice’s administrative system should not involve actual patient information
  • When talking to a patient on the telephone or in person in a public area, care should be taken that sensitive information is not overheard by other patients
  • Do not provide information about a patient’s appointment record to a patient’s employer
  • Messages about a patient’s care should not be left with third parties or left on answering machines.  A message to call the practice is all that can be left
  • Recall cards and other personal information must be sent in a sealed envelope
  • Disclosure of appointment books, records cards or other information should not be made to police officers or Inland Revenue officials unless upon the instructions of the dentist
  • Patients should not be able to see information contained in appointment books or day sheets
  • Discussions about patients should not take place in the practice’s public areas.  Phone calls requiring the use of patient details (ie when speaking to GP’s/Dental hospital) must only be made when there is no one in the waiting room.  Otherwise calls should be made from the surgery where there more privacy.
  • Conversations on non-professional matters should be reservedfor the staff room.
  • Any member of staff who breaks these rules will be liable for summary dismissal.
  • Personal information about a patients is confidential in respect of that patient and to those providing the patient with health care.
  • Personal information should only be disclosed those who would be unable to provide effective care and treatment without that information (the need to know concept)
  • Such information should not be disclosed to third parties without consent of the patient except in certain specific circumstances described in this policy
  • All data processed at CFE dental must be confidential even if your employment has terminated (it is an offence under Data protection Act 1998 to disclose such information)

Disclousure to Third parties

There are certain circumstance in which a dentist may decide to disclose information to a third party or may be required to disclose by law. Responsibility for the disclosure rests with the patient’s dentist and under no circumstances can nany other member of staff make a decision to disclose. Where a decision has been made to disclose personal information, an attempt should be made to obtain the patient’s permission for the information to be released or where appropriate to encourage the patient to release the information themselves. Failing this, it is advisable to contact the BDA or your defence organisation before acting. A brief summary of the circumstances is given below.

 

When disclosure can be made

  • Where expressly the patient has given consent to the disclosure
  • Where disclosure is necessary for the purpose of enabling someone else to provide healthcare to the patient and the patient has consented to this sharing of information
  • Where disclosure is necessary to safeguard the individual, or others, or is in the public interest
  • Where disclosure is required by statute or is ordered by a court of law
  • Where disclosure is necessary for the dentist to pursue a bonafide legal claim against a patient, when disclosure to a solicitor, court or debt collecting agency may be necessary
  • CQC have the legal right to have access to our patient records but if possible these should be anonymised or an attempt to get consent should be made

Before releasing any confidential information in the public interest, you must be prepared to explain and justify the decision and any action taken. A Court order can order patient information to be released without consent. In such circumstances, only the minimum information should be released to follow the order.

Disclosing Patient Information

If the pateint consents to their information being ddisclosed:

  • An explanation must be provided about the circumstances in which the information about them being shared
  • The patient must be provided with the opportunity to withhold permission for disclosure of the information
  • The patient mest understand what will be released, the reasons for the releasing it and the likely consequences of releasing information
  • The person with whom the information is shared must understand that the information is confidential.

DISCIPLINARY ACTION

If, after investigation, a member of staff is found to have breached patient confidentiality or this policy, her or she shall be liable to summary dismissal in accordance with the practice’s disciplinary policy.

QUERIES

Queries about confidentiality should be addressed to Graham Murphy or Miss Denise Allan.

further information can be found

http://ico.org.uk/for-organisations/register/