Privacy policy

Your information and GDPR

DBR Sports Therapy collects personal details and information relating to our patients’ health.  Medical information is classed as sensitive data and termed as special category data under the General Protection Data Regulations (GDPR), effective 25th May 2018.

This document advises you of our policies and procedures for dealing with your personal and medical information in our clinic.

 

Why is information collected

The processing of personal and medical data is necessary so that we can deliver the best quality of sports therapy care to you, the patient:

  • Your date of birth is used as a unique identifier for your records.

  • Your postal address allows us to post invoices, receipts and statements, or other requested information to you.

  • Your email address allows us to send you confirmation of bookings, appointment reminders, invoices, receipts, statements, personalised exercise programmes or other requested information to you.  You may also receive an e-surveys following completion of your treatments, and/or and e-newsletters, but only if you have subscribed to these.

  • Your telephone number allows us to send text reminders of appointments and communicate with you outside of appointment times.  You may also receive SMS/text news updates should you subscribe to same.

  • Having next of kin contact details informs us of who to contact in the event of an emergency.

  • We ask you whether you are a student or an OAP, as we offer a concession for same.

    We ask you for information regarding your current and past health so that a detailed and accurate sports therapy assessment may take place and an appropriate sports therapy plan put into action.

  • We ask you for your occupation, as some occupational factors can contribute to musculoskeletal problems.

  • We ask you to outline your hobbies, as some physical factors can contribute to musculoskeletal problems.

 

Who has access to your information

All staff members at DBR Sports Therapy have access to client records.  All staff members at DBR Sports Therapy are bound by GDPR legislation and the standards of conduct, performance and ethics of CORU (Regulating Health & Social Care Professionals).

Your information will not be shared with any personnel outside DBR Sports Therapy unless you have given consent, except when;

  • Requested by law

  • In your best interests and you are unable to give consent

  • In the public interest to prevent serious harm to others

 

How is your information stored and protected?

DBR Sports Therapy has implemented appropriate operational and technical measures to safeguard your personal information:

  • We use Google Forms to record all patients’ personal and medical information.  Google Forms is GDPR-compliant and has robust access and security measures to protect against unauthorised access, alteration, interception, disclosure, loss or destruction of any personal information.

  • We use GDPR-compliant email and software packages, and our computers are fully up-to-date with password, firewall and antivirus protection so as to protect against unauthorised access, alteration, interception, disclosure, loss or destruction of any personal information.

  • We employ the services of a website developer, IT support provider and SEO consultant to help us operate and safeguard our website and IT systems.  These providers are bound by the terms of General Data Protection Regulations (GDPR) legislation.

  • We use GDPR-compliant third party service providers to administer activities such as e-newsletters (Mailchimp) or e-surveys (SurveyMonkey).  We will only share your name and email address with these third parties for those limited purposes, provided that you have given us your permission to do so.

  • All staff are trained on how to safeguard our patients’ personal information.

  • In the unlikely event of a data breach, you will be notified immediately as will the Data Protection Commissioner.

 

Managing Your Information

DBR Sports Therapy is committed to maintaining the accuracy and relevance of your personal data.  To this effect:

  • We will only ask for and keep information that is necessary.

  • We will endeavour to keep your information as accurate and up to-date as possible.

  • We request that you keep us informed of any changes to your contact details.

  • Please inform us of any relevant changes to your health which may impact upon your physiotherapy care (e.g. medical diagnosis, treatments, investigations etc).

 

Use of information for training, teaching and quality assurance

It is usual for sports therapists to discuss patient case histories as part of their continuing clinical education or for the purpose of training sports therapists or sports therapy students. In these situations, the identity of the patient concerned will not be revealed.

In other situations, however, it may be beneficial for other sports therapists within the practice to be aware of patients with particular conditions and in such cases this practice would only communicate the information necessary to provide the highest level of care to the patient.

 

Patient satisfaction

Patient satisfaction is extremely important to us; we issue a satisfaction form via email and SMS to all our clients following completion of their first treatment.  This is an important measure for us to ensure that we are meeting our patients’ expectations.

 

Direct marketing

Occasionally we send out information via email to our client database regarding clinic news, events or other important information.  You will only receive an e-newsletter from us if you have consented to receive same.  You can easily opt out of direct marketing communications by clicking the unsubscribe email at the bottom of the correspondence, or by contacting the practice directly.

 

CCTV recording

24-hour CCTV recording is in operation in the reception area only of our premises.  Images are recorded for the purposes of crime prevention and public safety.  Recordings are stored for 5 days. Per GDPR legislation, any person whose image is recorded on a CCTV system has a right to seek and be supplied with a copy of their own personal data from the footage.

 

Your right of access to your health information

You have the right of access to all the personal information held about you by DBR Sports Therapy.  If you wish to see your records, in most cases the quickest way is to discuss this with your sports therapist who will review the information in the record with you.  You can make a formal written access request to the practice and receive a copy of your medical records. These will be provided to you within 30 days, without cost.

 

Your right to amend the information held

Under GDPR legislation, all individuals have the right to have incorrect information that is held about them amended.  If this was to arise within the notes held by DBR Sports Therapy, the patient record would be “restricted” i.e. not used until the issue is resolved.  However, if DBR Sports Therapy deems the information to be accurate then no amendment will be made.

 

Your right to restrict the information held

You have the right to have the information we hold restricted;

  • If you contest the accuracy,

  • You need the information to establish, defend or exercise a legal claim,

  • Or you object to the information held.

In this instance all treatment will be stopped until the issue is resolved.  You also have the right to object to DBR Sports Therapy holding your personal information on grounds relating to your particular situation and, as with restriction, all treatments will stop and the notes will become restricted until the issue is resolved.

 

Data retention period

We hold onto a patient’s personal information and medical records for a period of 10 years after their last treatment, or at the date of death.  In the case of minors, we hold personal data until the age of 18, and for 10 years thereafter.

 

In the event that you do not consent to this policy

We require consent from the patient for us to collect and store their personal and medical data, in accordance with this Data Protection Policy.  In the event that you do not wish to consent to this policy, we regret that we will be unable to provide you with sports therapy services.

 

Questions

We hope that this policy document has explained any data protection queries you may have.  If you have any questions please don’t hesitate to ask us for clarification.