Select Physio is a data controller for the purposes of the Data Protection Act 1998 and GDPR May 2018. There are clinical, safety and legal reasons to collect and process personal data for medical records and we also ask for consent from individual patients.
How do we store and control data at Select Physio? We use;
- Paper records of consultations with physiotherapists which are stored securely for 8 years after the last appointment (and the patient is over 25 years old). Maternity cases may be held for longer. Notes in transit between practices are kept with the Physiotherapist.
- Electronic patient data held on our medical management system which is securely hosted.
Why do we need to process data?
- To provide high quality care to our patients.
- To maintain accounts and records.
What data do we share and with whom?
- Personal and medical data with the hosts of the electronic diary TM3.
- Personal and medical data with other medical professionals e.g. your GP/consultant.
- Personal data on invoices to insurance companies relating to treatment.
Select Physio recognises the importance of keeping all information secure and confidential, whether medical, personal or financial. Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of data and against any accidental loss or destruction of or damage to personal data. We will not use your data for direct marketing.
Data protection legislation allows any adult patient or competent child to access to their medical records via a Subject Access Request (SAR) which must be made in writing, and this must be responded to within 1 month (unless serious harm could be caused to physical or mental health in doing so or the request is unfounded or excessive.) In most cases there is no charge for an SAR but decisions are made on an individual basis according to the nature of the request.
We have a legal duty to maintain clinical records for 8 years after completion of the last episode of care. Individuals can request that any inaccuracies are corrected and to complain to the ICO if they perceive there is a problem with the way Select Physio is handling their data.