GDPR – General Data Protection Regulation

Dear Patient, 

You may have heard about the new General Data Protection Regulation (“GDPR”), that comes into effect May 25, 2018. To help us comply with GDPR consent requirements kindly read the following update to Roseneath’s Data Protection Policy.

Data Protection Code of Practice

Our data protection code of practice lays out our procedures that ensure Roseneath Dental Care and our employees comply with The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Roseneath is registered with The Information Commissioner’s Office as a Data Controller.

What data do we store?

To provide patients with a high standard of dental care and attention, we need to hold their personal information. This personal data can include:

• past and current medical and dental condition; personal details such as age, address, telephone number, email address, and general medical practitioner
• radiographs, clinical photographs, and study models
• information about treatment that we have provided or propose to provide and its cost
• treatment invoices
• notes of conversations or incidents that might occur for which a record needs to be kept
• records of consent to treatment
• any correspondence relating to you with other healthcare professionals, for example in the hospital

We do not store payment details such as card or bank details. 

What do we use the data for?

We need to keep comprehensive and accurate personal data about patients to provide you with safe and appropriate dental care. We will ask you yearly to update your medical history and contact details. We only use data to manage your treatment and stay in touch with you. We do not sell or forward on the data to any other parties.

SMS/email notifications and marketing, recall cards

We occasionally send you information via the above media. This information includes appointment reminders and recalls, occasional marketing notifications and holiday wishes. Should you not wish to receive this type of information kindly ask our Reception Team to amend your records. Please note that due to the specification of the software which we are using, we currently cannot choose the type of information you would like to opt-out from, once you decide to opt-out you will be removed from all lists (inc. appointment reminder notifications and recalls). 

What software do we run to manage data?

We use the following software to store and handle our data. All software systems are fully or are working towards being fully GDPR compliant by 25th May 2018.

• Henry Schein – SOEi Exact Software – GDPR Compliant
• Digora Imaging Software – GDPR Compliant
• LiveDrive – Online backup – GDPR Compliant
• Offsite Microsoft Exchange and locally Outlook 2013 for Emails – GDPR Compliant
• General documents are stored on our servers which are password protected

Security of information

The data is stored on our servers located in a dedicated room along with a secure on & off-site backup. Paper documents, if retained, are stored in secure filing cabinets. The information is only accessible to authorized team members.

Disclosure of information

In order to provide proper and safe dental care, we may need to disclose personal information about you to:

• your general medical practitioner
• other dental services
• health professionals caring for you
• dental schemes of which you are a member.

Disclosure will take place on a ‘need-to-know basis (only that information that the recipient needs to know will be disclosed).

In very limited circumstances or when required by law or court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. 

Retaining information

All data is retained for the appropriate lengths of time in compliance with all applicable legal, regulatory, and contractual requirements. We will retain your dental records while you are a practice patient and after you cease to be a patient, for ten years or for children until age 25, whichever is the longer. Once this period has lapsed, your digital data is archived and only deleted if specifically requested. This does not apply to old hard copy data which gets destroyed by a professional shredding service. 

Access to your records

You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to your dentist. Please note that you will be asked for ID verification when requesting access to your records. 

If you do not agree

If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with your dentist. You have the right to object; however, this may affect our ability to provide you with dental care.

You have a right to withdraw your consent at any time, however, this will not be retrospective.

Kind regards,

Roseneath Dental Care