Privacy and Data Protection

Penn Farm Physio

Keeping you active

The practice administrator is the designated Data Information Officer registered with the Information Commissioner’s Office (ICO).

This website
Our website does not use ‘cookies’ and has no online sales facilities. However, we do have the facility to request an appointment by filling in an online form. This form simply generates an email to the practice with name, contact telephone number, email and optionally the ability to supply a brief description of the clinical problem. The email is only accessible to clinic staff.

What data do we store?
We store general information about you – specifically your name, date of birth, address and the doctor’s surgery at which you are registered. We also store the date of each treatment, the details of which therapist treated you, and the amounts paid or owed to us.

This is called personal data in this document. Following your assessment and treatment, your clinical details are written down and stored. This is called your clinical data in this document. Your name and telephone number are also entered onto the online practice calendar which is password protected and only accessible to clinic staff.

Your surname and method of payment is recorded on our accounts spreadsheet, available only to administrative staff. Merchant copies of card payments are shredded after processing for the accounts.

How and where do we store it?
The above non clinical details are stored on our computer database on the computer in the Reception area. This computer is password protected so only available to clinic staff. Periodically the database is backed up onto a ‘cloud’ based system (Dropbox) which is password protected and available only to practice administrative staff.
Clinical information (notes made at the time of assessment or treatment) are only stored in hand written format and kept in a locked filing cabinet and only available to clinic staff.

What do we do with it?
Your personal details are used for contact, logging when you had treatment sessions, a record of who treated you, and how much you were charged. We also store information about payment and if appropriate which provider is responsible for payment. We also use your personal details to write to your GP or other health services as required. Note that unless you ask us not to do so, we may write to your GP or consultant in order to provide you with a ‘joined up’ service, but we do not communicate with other services without your prior agreement.

Who has access to it?
Some private health care funding providers require us to supply some clinical details but you are asked to sign a consent form before we do this. Otherwise, your clinical details remain private to our clinical team. We do not share your personal details with anyone outside the practice, but they are available to all practice staff for clinical and administrative purposes.

Who has the right to see the data?
Anyone working in the practice who has anything to do with your treatment needs to have access to your personal details and your clinical notes. Clinical referrers only have the right to see your clinical notes if you have given your prior written permission. Administrative staff who handle your payments for your treatment only have access to your personal data.

You have the right to see all of the information that we hold on you.

How long do we keep it?
Your personal details are never deleted from our computer database.
Your clinical details are held for 8 years (a legal requirement) for persons over the age of 18. For patients under 18 they are stored until the patient is 25.

How do we destroy it?
Clinical details are professionally shredded.

Social Media
We do NOT subscribe to any social media.