Rossendale Physiotherapy & Sports Injuries Clinic is committed to protecting your personal information.
“Personal information” means any information that is capable of identifying you.
“We” means Rossendale Physiotherapy and Sports Injuries Clinic.
How we collect your data
Your personal information is collected directly from you or via our online booking system, or from a referrer e.g. your surgeon. This may be information received by us by letter, fax, email, SMS or telephone.
Why we collect it
We collect, process and store data because we have a legal obligation to do so. It is limited to what is necessary, adequate and relevant to your care and treatment.
We use this information:
- To provide a legal record of any treatment or advice we give
- To ensure continuity of care
- To contact you in regard to your ongoing treatment including sending exercises by email. We use a third party for this service – Physiotec – which is based in Canada but is compliant to the General Data Protection Regulation 2018
- To contact you if new information or treatments become available that may be of benefit to you.
Where is your data stored?
We use electronic records that are hosted by a third party (Blue Zinc IT Ltd). All information is kept in an encrypted file that directly relates to your episode of care.
Who we share your data with?
We may pass information with your permission to other medical professionals who may be involved in your care; this may include GP’s, Consultants or other Health and Care Professions. If information is passed on in the form of a written letter, which is given to you, the letter becomes your responsibility and the protection of its contents is your responsibility.
If the information is passed electronically by email, it will be password protected and we will take all reasonable precautions to transmit the information securely.
We may pass on information to your insurance company e.g. to allow them to make funding decisions or for invoicing purposes.
We may use your information for quality feedback purposes.
We may use your information for audit purposes.
We do not pass on your information for commercial purposes.
How long do we keep personal information?
We have a legal obligation to retain records for 8 years after the conclusion of treatment. If the record relates to a child or a young person, the records must be kept until the patient’s 25th birthday or 8 years after death. We may retain records indefinitely.
How do we protect your information?
We take organisational and technical security measures to protect the information against unauthorised disclosure or unlawful processing.
All information collected by paper is securely shredded by Lancashire Shredding Ltd and is certificated.
Any messages on the answer machine are deleted once your records are updated.
We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is also your responsibility to inform us if any personal information changes.
You have the right within GDPR to see what data we have stored about you. You also have the right to withdraw your consent.
If you believe Rossendale Physiotherapy has not complied with your data protection rights, you can complain to the Information Commissioners Office (ICO).