Our Policies

This section describes: 
 

• Our confidentiality Policy
• Web Privacy Policy
• Cookie Policy
• Complaints policy

Harewood Confidentiality Policy

The practice is committed to complying with the requirements of the legislation governing patient confidentiality including Access to Health Records 1990, Caldicott Guidelines 1997, Confidentiality Code of Practice 1998, Data Protection Act 1998, the current GDC Standards and the European General Data Protection Regulation (GDPR) and data protection act 2017.

For the purpose of this policy, confidential information is defined as all the information that is learned in a professional role including personal details, medical history, what treatment a patient is having and how much it costs. The definition of personal details includes, but is not limited by, such details as name, age, address, personal circumstances, race, health, sex and sexual orientation, etc. Note that even the fact that a patient attends the practice is confidential. Confidential information may be supplied or stored on any medium including images, videos, health records, and computer records or may be transmitted verbally.

Types of Personal Data we keep on our patients:

The practice holds personal data in the following categories:

1. Patient clinical and health data and correspondence
2. Personal contact details
3. Radiographic images
4. An account of your financial transactions with us, BUT NOT YOUR FINANCIAL DETAILS OF ANY KIND

Why we process Personal Data (what is the “purpose”)

“Process” means we obtain, store, update and archive data.

1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
2. To maintain a record of our financial transactions with you in order to function as a business.

What is the Lawful Basis for processing Personal Data?

The Law says we must tell you this:

We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. We must hold data on patient care and treatment as it is a Public Task required by law.

Who might we share your data with?

We can only share data if it is done securely and it is necessary to do so. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). But only with your consent.  Patient data may also be stored for back-up purposes. We use hard drive storage in the practice and legally regulated Cloud services.  

Your Rights

You have the right to:

1. Be informed about the personal data we hold and why we hold it.
2. Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
3. Check the information we hold about you is correct and to make corrections if not.
4. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
5. Tell us not to actively process or update your data in certain circumstances. For example you may wish not to receive automatic check up reminders.

How long is the Personal Data stored for?

We will store patient data for as long as we are providing treatment and for eleven years thereafter (Legal requirement).  We will archive / store without further action safely for as long as required for legal purposes as recommended by our professional bodies and the NHS and CQC.

What if you are not happy or wish to raise a concern about our data processing?

All staff members must be aware of their responsibilities for safeguarding patient confidentiality and keeping information secure and must have received appropriate training on the legislation requirements and the current GDC Standards to ensure that:

No personal information given or received in confidence is passed on to anyone else without the patient's prior consent. To obtain consent a patient is advised what information will be released and why and the likely consequences of the information release. The patient is given
an opportunity to withhold their permission to share information unless exceptional circumstances apply, and a record is made on their notes of whether or not they gave their permission

• If a patient consents to sharing information about them the team member will ensure that all recipients of the information understand that it is confidential.
• If a patient’s information or images are used for research or marketing the team member will advise the patient how these will be used, check that the patient understands what s/he is agreeing to, obtain and record the patient’s consent to their use and only release the minimum information for the purpose.
• The patient will be advised that s/he can withdraw permission at any time 
• If it is not necessary for a patient to be identified, they will remain anonymous in any information released
• The duty to keep information confidential also covers originals and copies of a patient's photographs, videos or audio recordings, including those made on a mobile phone.
• No image or recordings will be made without the patient's permission

Patient information is kept confidential even after death. Before releasing information without the patient’s permission, an effort is always made to either convince the patient to release the information himself or herself or give the practice permission to do so, with the details of the discussion fully documented in the patient record. If obtaining consent from a patient is not practical or appropriate or if the patient will not give their permission, the team member will obtain advice from their professional indemnity organisation before releasing it. 

A patient’s information will only be released without their prior permission in the following exceptional circumstances:

• It is in the best interests of the public or the patient and the information released could be important in preventing or detecting a serious crime
• If a team member has information that a patient could be at risk of significant harm or may be a victim of abuse, in which case the appropriate care agencies or the police will be informed
• If a team member is required to disclose information by a court or a court order, in which case only the minimum amount of information necessary to comply will be released

The practice treats breaches of confidentiality very seriously. No team member shall knowingly misuse any confidential information or allow others to do so. 

Failure to comply with this policy may result in disciplinary action.

This policy should be read in conjunction with the Information and Communication Policy (M 233-IAC), the Social Media Policy (M 233-SMD ) and the Information Governance Procedures (M 217C).

Harewood Data Protection Policy

The practice is committed to complying with the Data Protection Act 1998 and the GDC Standards by collecting, holding, maintaining and accessing data in an open and fair fashion. 

The practice only keeps relevant information about employees for the purposes of employment, and about patients to provide them with safe and appropriate dental care. 

The practice does not process any relevant ‘sensitive personal data’ without prior informed consent. 

As defined by the Act, ‘sensitive personal data’ is that related to political opinion, racial or ethnic origin, membership of a trade union, the sexual life of the individual, physical or mental health or condition, religious or other beliefs of a similar nature. Sickness and accidents records are also kept confidential.

Hard copy and computerised records are stored, reviewed and updated securely and confidentially. Records are securely destroyed when no longer required. Confidential information is only seen by personnel who need to see it and the team are trained on our policies and procedures to keep patient information confidential.

To facilitate patients’ health care, the personal information may be disclosed to a doctor, health care professional, hospital, NHS authorities, HMRC, the Benefits Agency (when claiming exemption or remission from NHS charges) or private dental schemes of which the patient is a member. In all cases , only relevant is shared. In very limited cases, such as for identification purposes, or if required by law, information may have to be shared with a party not involved in the patient’s health care. In all other cases, information is not disclosed to such a third party without the patient’s written authority. All confidential information is sent via secure methods. Electronic communications and stored data are
encrypted. All computerised clinical records are backed up and encrypted copies are kept off-site. No information or comments about patients are posted on social networking or blogging sites without written consent. Criminal record check information is kept securely in a lockable, non-portable storage cabinet with access strictly controlled and limited to persons who need to have access to this information in the course of their duties.

Data Breach

The practice will report serious data breaches to the ICO within 24 hours of becoming aware of the essential facts. The practice will keep a log of all personal data breaches and record the basic facts, effects of the breach and remedial action taken (See M 216 and M 217C).

Access to records

Patients and team members can have access to view the original of their records free of charge. Copies of patient or team member records are provided following a written request to Olha Medvid, using the ICO Subject access request template, together with a payment of [£10] for a copy of computerised records or [£50] for a copy of paper records. X-ray copies are charged at the current cost of taking x-rays at the practice. The requested copies will be provided within 40 days on receipt of payment. An employee or a patient may challenge information held on record and, following investigation, should the information be inaccurate the practice will correct the records and inform person of the change in writing.

When the request for information is about the personal data of a child, the practice will consider if the child is mature enough to understand their rights. If they do, then the practice will consider responding directly to the child rather than the parent. When it is decided that the child is not mature enough to understand their rights, and there is some doubt about parental responsibility, proof of identity and evidence of parental responsibility will be requested (See M 216).
When the practice receives a third party request for information on someone else’s behalf (e.g. from a solicitor) evidence of their permission will be requested, this could be a written authority to make a request or a power of attorney.

When the practice receives a third party request for information for a patient who lacks the mental capacity to manage their affairs the practice will ask to see evidence of a Lasting Power of Attorney or the evidence of appointment by:

- The Court of Protection in England & Wales
- The Sheriff Court in Scotland and
- The High Court (Office of Care and Protection) in Northern Ireland

This policy should be read in conjunction with the Confidentiality Policy (M 233-CON), and the Information Governance Procedure (M 217C).

Harewood Patient Complaints Procedure

It is our aim to always have satisfied patients, to meet your expectations of care and service and to resolve any complaints as efficiently, effectively and politely as possible. We take complaints very seriously, we investigate them in a full and fair way and take great care to protect your confidentiality. We learn from complaints to improve our care and service. We will never discriminate against patients who have made a complaint.

If you are not entirely satisfied with any aspect of our care or service, please let us know as soon as possible to allow us to address your concerns promptly.

Olha Medvid is the Complaints Manager and will be your personal contact to assist you with any complaints. If your verbal complaint is not resolved to your satisfaction within 24 hours or if you complain in writing, the complaints manager will acknowledge it in writing within 3 working days and aim to provide a full response in writing as soon as is practical.

If the complaints manager is unavailable, we will take brief details about the complaint and will arrange for a meeting when the person is next available. We will keep comprehensive and confidential records of your complaint, which will be stores securely and only accessible by those who need to know about your complaint.

If the complaint investigation takes longer than anticipated the Complaints Manager will keep you informed of the reason for the delay, the progress of the investigation and the proposed date it will be completed.

When the investigation has been completed, you will be informed of its outcome in writing and invited to a meeting to discuss the results and any practical solutions that we can offer to you. These solutions could include replacing treatment, refunding fees, referring you for specialist treatments or other solutions that meet your needs and resolve the complaint.

We regularly analyse patient complaints to learn from them and to improve our services. That is why we always welcome your feedback, comments, suggestions and complaints. If you as dissatisfied with our response to a complaint you may wish to take it further, please see the contacts below.

Contacts

For Private Dental treatment you can contact the dental complaints service within 12months of the treatment or within 12months of becoming aware of the issue by calling 020 8253 0800 or visiting www.dentalcomplaints.org.uk

You may contact Olha Medvid as below:

Olha Medvid

Harewood Dental Surgery

Christchurch Road

Virginia Water

GU25 4PT

info@harewood.dentist

01344 842476

Website privacy policy

Harewood Dental Surgery respects the privacy of every individual who visits our website.

As technology continues to develop, our website privacy policy may need changing in order to provide the best possible service to our site visitors. We would recommend you to check and make sure that you have read our most recent policy statement when you visit our website.

Harewood Dental Surgery only collects personally identifiable information about you (i.e. your name, address etc.) through our website when voluntarily submitted by you, the visitor. Website visitors may choose to submit personal information to obtain information (e.g. via an enquiry form or subscription to our newsletter) or to submit a comment. Providing personal information is up to you, our visitor. If you do not want your personal information collected, please do not submit it to us. If you sign up to our Newsletter you will only be sent information regarding Harewood Dental Surgery or items of interest regarding dental services or advice from us.

We will not sell, give, lend or trade your personal information to third parties that will drive spam email to you. 

The Harewood Dental Surgery website may contain links to other sites and whilst we make every effort to only link to sites that share our standards, we cannot be held responsible for the contents and privacy policies of such sites, because due to the nature of the internet, we have no control over the content held on these third party sites.

Security measures are in place to prevent the loss, misuse or alteration of the information received from our on-line visitors, and to make such information as secure as possible against unauthorised access and use.

Cookie Policy

The only Cookie in use on our websites is for Google Analytics which collects technical information automatically when you connect to our site which is not personally identifiable.

An example of this would include the type of Internet Browser or the type of computer operating system you are using or the domain name of the website from which you linked to our site. We use this "cookie" technology only to obtain this non-personal information for site improvement via the Google Analytics system. Google Analytics keeps track of the type of browser (e.g., Internet Explorer, Netscape) and operating system (e.g., Windows, Macintosh) used by the visitor.

We also track the total number of visitors to our site in an aggregate form to allow us to make improvements to our site, keeping it fresh and interesting to the majority of our visitors; personally identifiable information is not extracted in this process.

We do not use any form of Cookie which allows us to tailor content to a visitor's interests.