Bath & Bristol Periodontal Clinic: Data Protection Privacy Notice for Patients
We provide care for those who refer themselves to us, and as a specialist referral practice we also receive referrals from dental practices (providers). Therefore, we may receive information from other providers who have been involved in providing your care. In providing your dental care and treatment, we will ask you for information about you and your health. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it. The information we collect includes:
- Personal details such as your name, date of birth, address, telephone number and email address
- Information about your dental and general health, including -
- Clinical records made by dentists and other dental professionals involved with your care and treatment
- X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
- Medical and dental histories
- Treatment plans and consent
- Notes about your care, appointment dates, any complaints made and how these were dealt with
- Correspondence with other health professionals or institutions
- Details of the fees we have charged, the amounts you have paid and some payment details
Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice. Dr King is responsible for keeping secure the information about you that we hold. We use your information to provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you. We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, text, email or letter. Your information is used only by those working at the practice but there may be instances where we need to share it – for example, with your doctor, hospital, or other health professionals caring for you. We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies. We store your personal information securely on our practice computer system and for some existing patients, a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to ensure security of the practice premises, the practice filing systems and computers. We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely. We keep your records for 10 years after the date of your last visit to the Clinic.
You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons. If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745). You can also request us to correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change. You can request we erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). You may request we stop using your information – for example, sending you reminders for appointments or information about our service, or supply your information electronically to another dentist. If you do not wish us to use your personal information as described, you should discuss the matter with Dr King. If you object to the way that we collect and use your information, we may not be able to continue to provide you with specialist periodontal treatment.
Bath & Bristol Periodontal Clinic: Referrer’s agreement (GDPR 3rd Party contract)
As a colleague and practitioner who refers to us, we know you show a strong commitment to ensuring the best possible patient care. We work in partnership with you as the referring dentist to ensure that our specialist care and treatment is right for your patients. Communication is important to us and we send reports of our findings, proposed treatment and updates on the provision and outcome of the specialist care we provide, while at the same time ensuring that the patient continues their general dental care with you.
Because we work alongside you the referrer, then as a processor of data, you must agree to comply by this confidentiality agreement.
Parties: Data Controller - (Bath & Bristol Periodontal Clinic - B&BPC -) & Data Processor - (referrer or referring practice). The Data Controller agrees to share personal data with the Data Processor in the European Economic Area within the terms set out in this agreement. The Data Processor agrees to use the personal data in the EEA within the terms set out and in accordance with the contract.
In completing the referral on this website you agree to abide by the requirements set out below for handling Personal Data/information.
As the referrer (Data Processor) you agree to:
- act as the controller of personal information in accordance with GDPR
- gain authority of B&BPC to involve further processors/third parties in accordance with GDPR
- treat confidential all information which may be obtained in the course of providing care
- take precautions and ensure all such information is treated confidential by their employees, agents or subcontractors
- ensure they are aware of the provisions of the Data Protection Act 1998 BS7799
- ensure any personal information shall not be disclosed or used unlawfully
- indemnify the practice against any loss arising under the Act 1998
- ensure the Personal Data processed is accurate and kept up to date
- review the accuracy annually and make any changes which need updating
- not retain or process Personal Data for longer than necessary to carry out the agreed purposes
- shall notify the B&BPC if any Personal Data has been deleted.
- provide confirmation that Personal Data has been destroyed in accordance with any instructions issued by B&BPC
- shall not disclose or transfer Personal Data relating to the care received by B&BPC to a 3rd party without the written authorisation of the B&BPC
- notify immediately the B&BPC of any data security breach within 24 hrs of becoming aware of the breach
The referrer agrees to implement appropriate technological and organisational measures to prevent:
- unauthorised or unlawful processing of Personal Data
- accidental loss of destruction of or damage to Personal Data
- ensure a level of security appropriate
- harm that might result from such unauthorised or unlawful processing or accidental loss or destruction
- the nature of Personal Data to be protected
If as the Data Processor you answer yes to any of these questions please contact B&BPC:
- Have you had a security breach resulting in unauthorised disclosure, loss or damage to Personal Data within past 2 years?
- Have you been the subject of any complaints to the Information Commissioner within past 2 years?