This policy is effective as from 25th May 2018.
Why we collect your data:
We collect your personal data because you give us consent to do so, in order to provide a dietetic service to you.
What we collect:
We may collect the following information:
- Information in relation to the new patient registration form
- Information regarding your health and eating habits provided by you at consultations
- Further clinical information provided by reports from other health professionals
What counts as information:
Personal information includes handwritten and electronic notes, completed patient registration forms, questionnaires and homework records given to us. It also includes letters, e-mails , texts and whatsapp messages.
What we do with the information we gather:
We require this information for the purpose of:
- Providing you with a dietetic service that is relevant and customised to you
- Professional clinical record keeping of client information
- Sharing information with other healthcare professionals with your consent (as per the new patient registration form)
Safeguarding your personal information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place encrypted electronic systems and standard operating procedures to safeguard and secure the information we collect.
Your information is stored on password-protected files on Dropbox, on a password-protected computer. Any written clinical notes during your sessions are anonymised and kept securely until they are transferred onto your electronic file. Paper notes are then safely shredded.
Any emails with patient identifiable information will be encrypted using encryption software. Texts and whatsapp messages are protected by the phone’s security code.
Sharing your personal information
“The Balanced Dietitian” is committed to ensuring that your privacy is protected and will always use private & confidential and encrypted methods of communication. In the unlikely event of this is not being possible, your full name will not be used to identify you.
With your consent, information may be shared about you:
- by post
- by secure email (using encryption software),
- over the phone, in a private place
- via Healthcode, a secure database, in order to process your bill
- using your private health insurance company’s secure online facility to process your bill, send reports, or communicate about anything pertaining to your treatment or payments.
Depending on your preferences we may communicate over Whatsapp and/ or text, although this should be kept to basic communications such as setting up or changing appointment times. If we have sessions over FaceTime, Whatsapp or Skype, this also counts as a method of sharing information.
Your information will only ever be shared with appropriate parties on a need to know basis. Where this is necessary I am required to comply with all aspects of the GDPR and the British Dietitian’s Association code of ethics.
Where necessary or required, and with your consent, I may share information with:
- other healthcare professionals
- social or welfare organisations
- your family, friends or other representatives
- insurance companies
Controlling your personal information
We will not distribute, sell or lease your personal information to third parties unless we have your explicit permission or are required by law to do so.
You may request details of personal information, which we hold about you under the General Data Protection Regulation (GDPR). If you would like a copy of the information held on you please contact Aleeza Rosenberg, Data Protection Officer, at firstname.lastname@example.org.
If you believe that any information we are holding for you is incorrect or incomplete, please email us as soon as possible at email@example.com. We will promptly correct any information found to be incorrect.
How you can withdraw and request to be deleted from our files
Under the GDPR, you have the right to be forgotten, which means that you can ask for your information held about you to be deleted. However, this must be balanced against the requirements of the Department of Health’s legal and statutory requirement that information is kept for eight years. After that time your information will be deleted.
Should you wish to put in a request to have your information forgotten please contact Aleeza Rosenberg, or email firstname.lastname@example.org
Should you have any queries in relation to General Data Protection Regulation (GDPR) here are the contact details of our Data Controller:
Name: Aleeza Rosenberg