All necessary steps are taken to secure your personal information and comply fully with GDPR regulations.
Your data are secured using a medical/ healthcare online system for making appointments, managing client records, documenting clinical care, and more. This online system has all the necessary parameters to comply with EU, GDPR and Data security regulations.
In this article we summarize some key information, however if you would like to read to full data protection regulation please do not hesitate to contact us and we will provide you with the extensive policy.
M.P. From Physio 2 Health employees have a responsibility to maintain the privacy of personal health information and related financial information. The privacy of this information is every client’s right. This policy outlines how the practice handles personal information collected (including health information) and how the security of this information is protected. A privacy statement is made available to clients and anyone who requests it. There are no degrees of privacy. All client information, including the information of employees who may be clients, must be considered private and confidential, even that which is seen or heard. Therefore, such information is not to be disclosed to family, friends, employees or others without the client’s approval. Sometimes details about a client’s medical history or other contextual information, such as details of an appointment, can identify them - even if no name is attached to that information. This is still considered health information and it must be protected. Client information may not be disclosed either verbally, in writing, in electronic form, or by copying either at the practice or outside it, during or outside work hours, except for strictly approved use within the client care context, or as legally directed.
This statement informs clients how their health information will be used. This includes the sharing of information to other organisations to which the practice usually discloses client health information, and any law that requires the particular information to be collected. Client consent to the handling and sharing of health information should be provided at an early stage in the process of client care. Clients should be made aware of the collection statement when giving consent to share health information. In general, quality improvement or audit activities for the purpose of seeking to improve the delivery of a particular treatment or service is considered a directly related secondary purpose for information use or disclosure. Specific consent for this use of client health information is not required.
Clients are informed of practice policies regarding the collection and management of their personal health information via: Signage at reception Brochure/s in the waiting area New client forms Verbally, if appropriate Practice website
When treatment room or administration office doors are closed, employees should either knock and wait for a response prior to entering, or alternatively, contact the relevant person by using an internal phone or messaging system. It is the practitioner / health care professional’s responsibility to ensure that records and related client information are kept secure at all times, including whenever they are not in attendance in a consulting / treatment room. Client privacy and security of information is enhanced during consultations by closing treatment room doors. All examination benches have curtains or privacy screens.
M.P. From Physio 2 Health client health records can be accessed by an appropriate team member when required. All client health records are electronic and accessible through Power Diary by appropriate employees. M.P. From Physio 2 Health employees have different levels of digital access to client health information. To protect the security of health information, employees do not give their computer / Power Diary passwords to others in the team. Personal health information should be kept where employee supervision is easily provided and kept out of public view and access.
Active and inactive client health records are kept and stored securely within Power Diary. This practice is considered paperless and has systems in place to protect the privacy, security, quality and integrity of the personal health information held electronically. Appropriate employees are trained in computer security policies and procedures. M.P. From Physio 2 Health computers and servers comply with computer security standards. Care should be taken that the general public cannot see or access computer screens that display information about other individuals. To reduce this risk, automated screen savers should be engaged.
Reception and other practice employees should be aware that conversations in the main reception area can often be overheard in the waiting room. As such, employees should avoid discussing confidential and sensitive client information in this area. Whenever sensitive documentation is discarded, the practice uses an appropriate method of destruction. Documents are placed in the confidential waste bin, and confidential waste is disposed of securely. All computers, memory sticks or CDs are disposed of properly by a designated employee. M.P. From Physio 2 Health employees ensure that all forms of client information are not visible to the public.
Electronic information is transmitted over the public network in an encrypted format using secure messaging software. Where client information is sent by mail, the use of secure postage or a courier service is used - determined on a case by case basis. Return address states the physical or post office address, but the practice name is not identified on the envelope. Incoming client correspondence and diagnostic results are opened by a designated employee. Items for collection or postage are left in a secure area out of public view. Facsimile, printers and other electronic communication devices in the practice are located in areas that are only accessible to practitioners and other approved staff. Faxing is point to point, and will therefore usually only be transmitted to one location. Emails are sent via various nodes and are at risk of being intercepted. Client information may only be sent via email if it is securely encrypted according to industry and best practice standards.