Privacy and Data Protection

Penn Farm Physio

Keeping you active

The practice administrator is the designated Data Information Officer registered with the Information Commissioner’s Office (ICO).

This website
We do have the facility to request an appointment by filling in an online form. This form simply generates an email to the practice with name, contact telephone number, email and optionally the ability to supply a brief description of the clinical problem. The email is only accessible to clinic staff.

What data do we store?
We store general information about you – specifically your name, date of birth, address and the doctor’s surgery at which you are registered. We also store the date of each treatment, the details of which therapist treated you, and the amounts paid or owed to us.

Following your assessment and treatment, your clinical details are documented and stored electronically.

Merchant copies of card payments are shredded after processing for the accounts.

How and where do we store it?
All clinical and non-clinical details are sored electronically with a company called Cliniko, an international medical software provider.

The computer used to collect this data is password protected, so only available to clinic staff, and to access Cliniko we have a two factor authentication process, which generates a one off verification code, for extra security.

Cliniko store your data in multiple different physical locations and backed up to those locations daily.

All of your data is fully encrypted at all times, while in transit, and while it’s being stored (at rest).

Cliniko are fully GDPR compliant in the UK, which you can read more about here, if you’re keen: https://www.cliniko.com/security.

Historical clinical paper notes are stored in hand written format and kept in a locked filing cabinet and only available to clinic staff.

What do we do with it?
Your personal details are used for contact, logging when you had treatment sessions, a record of who treated you, and how much you were charged. We also store information about payment and if appropriate which provider is responsible for payment. We also use your personal details to write to your GP or other health services as required. Note that unless you ask us not to do so, we may write to your GP or consultant in order to provide you with a ‘joined up’ service, but we do not communicate with other services without your prior agreement.

Who has access to it?
Some private health care funding providers require us to supply some clinical details but you are asked to sign a consent form before we do this. Otherwise, your clinical details remain private to our clinical team. We do not share your personal details with anyone outside the practice, but they are available to all practice staff for clinical and administrative purposes.

Who has the right to see the data?
Anyone working in the practice who has anything to do with your treatment needs to have access to your personal details and your clinical notes. Clinical referrers only have the right to see your clinical notes if you have given your prior written permission. Administrative staff who handle your payments for your treatment only have access to your personal data.

You have the right to see all of the information that we hold on you.

How long do we keep it?
Your personal details are never deleted from our computer database.
Your clinical details are held for 8 years (a legal requirement) for persons over the age of 18. For patients under 18 they are stored until the patient is 25.

How do we destroy it?
Historical paper based clinical details are professionally shredded.

Social Media
We have a facebook account, but this contains no clinical information