RJB Physiotherapy Privacy Policy.

Introduction to GDPR


RJB Physiotherapy uses personal and confidential information to provide a physiotherapy service.

The data protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR) on the 25th May 2018.  This is a new European framework for data protection laws. This will help to protect and unify how an individual’s information is managed. It gives you greater protection and rights and will give you more control over how your data is used.

All patients are now required to consent to their personal information being used under their privacy policy guidelines. RJB Physiotherapy recognises the importance of protecting personal and confidential information in all that we do and takes care of its legal duties.

Our Privacy policy has been written in accordance with the new rights of the individual within the new law.


What is a privacy policy?


A privacy policy is a statement that describes how we use, retain and disclose your personal information. We may amend this privacy policy to keep it accurate and to comply with any legal changes.

To ensure that we process your personal data fairly and lawfully we are required to inform you of the following:

  • Who we are.
  • How to contact us.
  • What information we collect.
  • Why we need your information.
  • How we use your information.
  • How long will we keep your information.
  • Who we share your information with.
  • How your information will be kept.
  • How we dispose of your information.
  • Your choices and rights you have over your information.
  • Withdrawal of consent.

Who we are


RJB Physiotherapy is the trading name of Robert Brindley (Sole trader). We are a private physiotherapy clinic focused on providing a physiotherapy service to the general public.

RJB Physiotherapy is registered with the Data Commissioners Office, registration number ZA244455.

In this policy “we” “us” or “our” refers to RJB Physiotherapy.

Within RJB Physiotherapy, Rob Brindley has been appointed Data processor.


How to contact us


RJB Physiotherapy.

Swallow Hill, School Road, Bagnall, Stoke-on-Trent, Staffs. ST9 9JP. 

If you have any queries regarding this privacy policy or any other points please contact 07957387004 or email info@rjb.physio

The latest copy of this policy can be found on our website: www.rjb.physio


What information we collect


Under the new regulations we can use and process personal information if we have an appropriate and lawful reason to do so. GDPR stipulates that information needs to me managed in a lawfully, fair and in a transparent manner.

We are required to collect personal information and sensitive personal data.

  • Patients

Appointment enquiry: Name and telephone number.

Registration: Name, DOB, Address, Marital status, Employment status, Hobbies.

Consent: Signature

Assessment: Sensitive information via a subjective assessment of your symptoms,  Sensitive information via an objective assessment of your physical state.

Medical co-ordination companies : Previous medical appointments, medical history  and alternative contact details,

Insurance company: Membership number, authorisation number, patient financial details.

Email: If contacted by email, your email address.

  • Suppliers/ Insurance companies/medical co-ordination companies.
  • Company name, address, telephone number, email.

We collect information about you by phone, email, by post, or face to face. We also collect information about you through third parties, (GP’s, consultants, other clinicians and health care professionals/providers, medical insurance companies, medical co-ordination companies acting on your behalf), those paying for your treatment.

We may collect information from your parent or guardian if under 18 years old, or a family member acting on your behalf,

We also use, collect and store your financial details from cheques payments and third party payments.


Why we need your information


  • Voicemail

When you initially contact RJB Physiotherapy to arrange a physiotherapy appointment it is “within our legitimate interest” that we record your name and contact telephone number so that we can contact you to make an initial appointment or to reschedule an appointment.

  • Registration (personal details)

Before we can assess you, it is our “legal obligation” to complete a registration form that is used to record your name, date of birth, address, telephone number, occupation, hobbies. Your personal details are held in case we need to contact you. Your age, occupation and hobbies will be used to help formulate a clinical diagnosis and guide choice of treatment.

  • Consent

It is our “legal obligation” to gain written consent to procedure with an assessment and treatment.

  • Assessment and Treatment (sensitive information)

In order to make a diagnosis of your condition and to determine whether treatment is appropriate it is “our legitimate interest” and “legal obligation” to undertake a subjective assessment that includes documenting the history of your presenting condition, your past medical history, drug history, your aggravating factors, easing factors and diurnal pattern. Following your subjective examination an objective examination will be undertaken. This will require you getting suitably undressed to see the body part. This information will need to be stored and referred to, in order to provide ongoing treatment. The treatment modality will be recorded along with a treatment plan.

  • Medical co-ordination companies

Patient who have been referred via a third party or have their physiotherapy treatment funded by an insurance company may be required to provide additional documentation such as referral letter, authorisation letter or payment details. It is our “legitimate interest” to gain this information. This information will be stored with your medical notes and used in correspondence with your third party or insurance companies.


How we use your information


We process your personal information for the purpose set out in this privacy notice. By law we must have a lawful reason for processing your information. We process both standard and specialist information in order to undertake a course of treatment, preventive or occupational medicine; insurance purposes, defend legal claims.

  • Appointment details

Your name and contact number will be stored following your initial telephone call to the Clinic. This information will be stored within our online booking system - TM3 (Blue Zinc) based on line. This is secure and encrypted and governed by their data protection policy  Click here

  • Personal details

Your personal details disclosed during your registration will be used to contact you via telephone, email, letter or sms. This information may also be used to contact third parties, such as other health practitioners, third party refers and insurance companies.

  • Assessment documentation.

The notes written to document you assessment will be used to undertake a course of treatment. This information may also be used to inform third parties, such as other health practitioners, third party refers, insurance companies.

  • Marketing

We will not use your information to send marketing information to you or other third party in any format.

  • Continued processional development.

Your information may be used anonymously to enable continued professional development to be undertaken.

  • Research

Your information may be used anonymously for data analysis for research purposes.

  • Letter

Following an examination it may be deemed necessary to contact your GP. In most cases this will be by letter and posted. In more serious cases your GP may be contacted by telephone. On rare occasions patient information may have to be passed to the emergency services.

  • Suppliers

Suppliers of medical equipment will have their contact details (name, address and telephone number) stored as digital information. This will be held on file for future reference so that orders can be placed. This will be held on an external storage device and kept within a locked cabinet within a locked room.

  • Third party medical co-ordination companies.

Medical co-ordination companies that refer patients for physiotherapy will have their contact details (company name, address and telephone number) stored as digital information. This will be held on file so that correspondence can be made. This will be held on an external storage device and kept within a locked cabinet within a locked room.

  • Medical insurance companies.

Medical insurance companies that fund the payment of physiotherapy services for their client will have their contact details (company name, address and telephone number) stored as digital information. This will be held on file so that correspondence can be made.  This will be held on an external storage device and kept within a locked cabinet within a locked room.

  • Security

We are committed to keeping your information secure. Computer access is password protected. Computer hardware and software is stored in a locked cabinet in a locked room. Emails are all send via E switch secure email.

How long will we keep your information.


  • Voicemail

Personal details left via voicemail will be kept until an appointment has been arranged, or deleted after 7 days.

  • Patients consent, registration information and assessment information.

Physiotherapy patients’ consent, registration information, assessment and treatment notes will be kept for the period of time in which you are receiving physiotherapy treatment, after which it will be stored as stated in this privacy policy and kept for the length of time outlined in the new GDPR and current clinical guidelines set by the Chartered Society of Physiotherapists (CSP).

Current CSP guidelines state that the notes of patients 18 or over at the time of treatment are to kept for 8 years. Notes of patients under 18 at the time of treatment are to be kept until they are 25 or 8 years after death.

You records may be kept indefinitely if you return for another episode of treatment.

Emails will be kept for the length of time as GDPR legislation.

Supplier companies, medical co-ordination companies and insurance companies data will be retained in accordance to GPDR legislation.


Who will we share your information with.


Your personal information will not be shared except in the following circumstances: 

  • Other medical practitioners

On occasions your personal information will have to be shared with other medical practitioners.

  • Medical co-ordination companies.

Patients who have been referred via a medical co-ordination company working on their behalf will require your personal information, consent, and assessment findings to process your recovery.

  • Insurance companies.

Patients who receive funding for their physiotherapy treatment from an insurance company will have their personal information included within the invoice sent to the insurance in order to process the payment for the treatment they have received,

  • Outside of the EU

At no point will your personal information be transferred outside of the EU.

Your personal information will not be shared except in the following circumstances: 

  • Other medical practitioners

On occasions your personal information will have to be shared with other medical practitioners.

  • Medical co-ordination companies.

Patients who have been referred via a medical co-ordination company working on their behalf will require your personal information, consent, and assessment findings to process your recovery.

  • Insurance companies.

Patients who receive funding for their physiotherapy treatment from an insurance company will have their personal information included within the invoice sent to the insurance in order to process the payment for the treatment they have received,

  • Outside of the EU

At no point will your personal information be transferred outside of the EU.


How will your information be kept.


  • Physiotherapy Notes

Our Patient Data is stored within TM3 (Blue Zinc) based online, hosted system. This is secure and encrypted and governed by their data protection policy https://www.tm3practicemanagement.com/information/policy/

Some information e.g. GP letters, Acupuncture consent forms, will be kept in the form of paper notes. These notes are kept within a locked filing cabinet within a locked room within the building.

  • Email

Patients who have been referred via email from a third party should have had their personal information sent through a secure method requiring password access, All outgoing emails containing personal information will be sent using E Switch, a secure method requiring password access by the recipient.

All historic emails will be stored and deleted in accordance with GDPR guidelines.

  • Digital information

All digital information will be stored on an external memory storage and kept securely within a locked filing cabinet within a locked room. The information will be destroyed after the recommended length of time in accordance with GDPR and CSP guidelines.

Patients who are receiving funding through a medical insurance company may have (depending on which company) email correspondence. All outgoing emails will be sent securely via E switch.

  • Invoices

All copies of patient paper invoices will be stored securely within a locked filing cabinet within a locked room.

  • Receipt books

All receipt books will be stored securely within a locked filing cabinet within a locked room.


Website


This part of our privacy policy applies to the RJB Physiotherapy clinic’s website at www.rjb.physio (the “Website”).


Information we collect


We will collect personal data on this Website only if it is directly provided to us by you the user, e.g. your e-mail address, name, telephone number and any details from a written enquiry which you may write and therefore has been provided by you with your consent. Normally you will only provide such details if you are making an enquiry with us.

We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).


Where we store and transfer your data


We will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.


Security


The transmission of information via the Internet or email is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk.  Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, for example our online booking system, you are responsible for keeping this password confidential.  You should choose a password that is not easy for someone to guess.


How we dispose of your information.


Following storage of your personal information for the legally stipulated period of time stated in this privacy policy medical notes containing personal and sensitive information will be destroyed securely and confidentially in accordance with the Chartered society of Physiotherapy guidelines.


Third party links


You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.


Use of cookies


Our Website uses cookies. We use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our Website. Such information will not identify you personally - it is statistical data about our visitors and their use of our Website. This statistical data does not identify any personal details whatsoever. We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer's hard drive. They help us to improve our Website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Website. Where we work with advertisers on our Website, our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website.


Your rights and choices you have over your information


You have legal rights under the GDPR, summarised as follows:

  • The right to be informed about our information processing activities, including through Privacy Notices such as this.
  • The right of access to the personal information we hold about you. To request a copy of this information you must make a subject access request in writing to us.
  • The right of rectification. You may ask us to correct any inaccurate or incomplete information within one month.
  • The right to erasure and to restrict processing. You have the right to have your personal information erased and to prevent processing except where we have a legal obligation to process your personal information. You should bear in mind that by exercising this right you may hinder or prevent our ability to provide treatment.
  • The right to information portability. On your request, we will provide you with your personal information in a structured format.

If you want to invoke any of these rights please write to us see above.


Withdrawal of consent


Where you have provided your specific consent to the use of personal information, you may withdraw that consent by contacting us as above. 


How to make a complaint


If you wish to make a complaint about how we hold or use your data, please contact us as above 

If you are dissatisfied with how we deal with your complaint, you may contact the Information Commissioner's Office: 

The Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire, SK9 5AF; Phone: 08456 30 60 60 Website: www.ico.gov.uk


Last updated: May 2018


Rob would love to hear from anyone wishing to discuss any problems they may have. For an informal chat, call him on 07957 387004 or email rjbphysio@gmail.com


Image
Image
Image


Here at RJB Physiotherapy we pride ourselves in being able to offer a wide range of specialised treatments for all parties. We provide a personal service that will help you get the care you need.

Book online now using our automated system that's available 24/7.