Updated 18 Jan 2016
This policy describes the data that we hold about patients, how we hold it, how we protect it, how we use and process it (including what patients need to be provided with) and how we transfer it (if necessary).
There are certain legislative requirements for every organisation to hold information. Information about this is provided below.
- The Practice complies with the eight data protection principles under the Data Protection Act 1998 in its processing of personal data in that such data is:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than is necessary
- processed in line with patients’ rights
- not transferred to other countries without adequate protection
- The practice is registered with the information commissioner:
- Registration Number: A8092501
- Security Number: CSN1053863
- The practice has an up to date Freedom of Information Act statement and this is available to patients
- A practice policy notice on handling patient data is available to patients (See appendix below)
- The head office is responsible for procedures relating to confidentiality and data management.
What information we hold and how we hold it
- Patient records are held in a variety of formats:
- Paper records for sight test and contact lens clinical records.
- Paper records are used for spectacle prescription and dispensing information
- Clinical records are held electronically on computer
- Spectacle prescription and dispensing information is held in the practice management software.
- Recall dates are managed manually
- Recall dates are held in the practice management software.
- Photographic information (retinal and anterior segment) is held in the imaging software.
- Visual Field records may be held as paper, as data in the VF software or as images within the imaging software.
How we protect this information
- All practice staff have a confidentiality clause within their contracts.
- All personal information contained on practice records, whether paper or electronic, is considered confidential.
- No personal information is discussed with anyone other than the patient or their parent or guardian (except where Gillick competency applies) without the patient’s permission.
- Care is taken that records are not seen by other people in the practice
- All staff are aware of the importance of ensuring and maintaining the confidentiality of patients’ personal data and that such data must be processed and stored in a secure manner.
- All electronic data is protected by suitable back-up procedures and any on-line backup uses a service, which encrypts the data securely before transmitting it from the practice PC.
- When computers are replaced, old hard drives are securely erased or physically destroyed.
- Records are retained for periods as agreed by the optical bodies (See record retention policy below).
- Confidential paper information requiring destruction is shredded.
- Records due for destruction are shredded.
- If the need arises to transfer information we have procedures that include consent and secure transfer (See section on how we transfer personal data below)
- Any suspected breaches of security or loss of information are reported immediately and are dealt with appropriately by the person responsibility for confidentiality and data management.
- Paper records are kept secure and away from access by the public.
How we use and process the information we hold
To discharge our legal and contractual duties:
- Patients are given a copy of their spectacle prescription immediately following their sight test.
- If a patient is referred, they are given a written statement that they are being referred, with a reason [e.g. “cataract” written on the GOS2 or similar private form].
- Patients are given a copy of their contact lens specification on completion of the fitting process.
- Where a patient has diabetes or glaucoma, the GP is informed of the result of the sight test
- Staff assisting in the provision of GOS are appropriately trained, and supervised for the tasks that they undertake.
We may also use the information we hold about patients to remind them when they are due for checkups and we may send them eye care and eyewear information.
How we transfer personal data
We always transfer personal information (data) in a secure manner.
We seek permission before transferring personal information except in some cases where it is to another healthcare professional responsible for patient care and who needs that information to assist in patient care or where we are legally required not to.