Patient Privacy Information
Jersey Office of the Information Commissioner registration number: 66346
Introduction
Healthcare professionals who provide you with care are required by law to maintain records about your health and any treatment or care that you have received. These records help us to provide you with the best possible medical care. Jersey Chiropody acts as ‘controller’ and determines the purposes and means of the processing of this personal data and complies with the Data Protection Jersey Law 2018. This document explains why Jersey Chiropody collects information about patients and how we keep it safe and confidential, and how that information may be used.
The purpose of the privacy policy is to inform you as a user of the site about information we collect when you visit the site, how we use the information, whether the information is disclosed and the ways in which we protect users’ privacy.
We want you to feel secure when visiting the site. We are committed to respecting your privacy. Below we give an overview of how we do that.
Information collected when you visit jerseychiropody.co.uk
We collect information both indirectly and directly. When accessing jerseychiropody.co.uk information is collected indirectly, such as your internet address, which is kept in our internet access logs. Other records that we collect, include basic details, such as a patient’s name and address. They will usually also include more sensitive information, known as ‘special category data’, about an individual’s health and treatments they have received in the past.
Direct collection of information is generally by way of using cookies. Cookies are small files of information that save and retrieve information about your visit to our site, such as how you entered our site, how you navigated through the site and what information was of interest to you.
The cookies identify you as a number. If you are uncomfortable about using cookies, you can disable them on your computer by changing the settings in the preferences or options menu in your internet browser.
Browser and hardware data, such as IP address, type of device, operating system, browser type, screen resolution, language, device make and model, as well as the versions of the above mentioned services.
Do we disclose your information to or share collected personal data with other organisations?
As a private organisation, Jersey Chiropody does not share data with other organisations unless the law permits or requires us to do so. We do not sell individual information.
However in some situations a patient’s health needs may require direct care from other healthcare providers or healthcare services outside Jersey Chiropody. In these situations, we will exchange with them information about you that is necessary for them to provide that care. Anyone with whom we share this information will have a professional and contractual duty of confidentiality.
Situations where your information may be shared for direct care include:
Referral to a GP or physiotherapist.
We only share information with others involved in your direct care when they have a genuine need for it. In all cases only the minimum amount of information to serve the purpose required would be released.
The right to object and restrict processing
We would always try and respect the wishes of a patient if they did not want their data to be used in a particular way.Patients have the right to object to primary uses of their medical record; that is the sharing of their data with health professionals outside of the clinic for the provision of direct medical care, if you so wish.
Patients also have the right to object to secondary uses of your medical records; that is the sharing of their data for purposes unrelated to your direct medical care.
If a patient wishes to object to how their data is being processed they should ideally discuss this with Jersey Chiropody first.
Details of the software supplier (Cliniko) and their security arrangements are stated below.
Cliniko is hosted in state of the art data centre facilities. Physical access is controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems, and other electronic means.
Cliniko uses data centre facilities that are built in clusters in various global regions. In case of failure, automated processes move customer data traffic away from the affected area and into other sites.
Cliniko’s hosting partner has achieved the following accreditations and certifications; PCI DSS Level 1 (Payment Card Industry Data Security Standard), ISO 27001 (Information Security Management System), FIPS 140-2 (United States Federal Information Processing Standard).
Cliniko runs completely under HTTPS. This means your data is encrypted during transfer using a 2048-bit SSL certificate.
The medical database and file attachments are encrypted at rest, using the industry standard AES-256 encryption algorithm. For further information on security and technical details visit https://www.cliniko.com/security/
Your right of access, rectification and erasure
Patients have the right to access their personal data. It is Jersey Chiropody's policy that access requests should be put in writing. We would aim to provide the information within one month, and much sooner where this is possible.
As a general rule there is no charge for providing this information as long as the request is reasonable. However, an administrative fee may be charged for repetitive or unfounded requests. Requests from insurance companies and employers are not regarded as subject access requests and will be subject to a charge.
If a patient or carer wishes to correct any inaccurate information they believe is held about them, they should initially contact Jersey Chiropody in writing, detailing their concerns. We would aim to respond to the concern within one month. It may be the case that we cannot delete the relevant record or entry, because it is important that the entry, assessment and explanation or medical opinion be retained so that there is an understanding and explanation of subsequent events (such as how a patient was treated, or what further tests were organised) in their medical history.
Where we are not able to delete information, we can add a note to the disputed entry explaining your remaining concerns.
Please be aware that an alteration to an electronic record, or deletion of an entry in it, is always preserved (together with the original entry) as part of the electronic audit trail.
Changes to the Privacy Statement
By using Jersey Chiropody services and our web site, you consent to the collection and use of your information as we have outlined in this statement. Jersey Chiropody may decide to change this Privacy Statement from time to time. When I do, I will post those changes on this page so that you are always aware of the information collected, how its used, and under what circumstances it is disclosed.
If you wish to raise a concern about my use of your information (and without prejudice to any other rights you may have) you can make an official complaint to the Information Commissioner at:
Jersey Office of the Information Commissioner
2nd Floor, 5 Castle Street, St Helier, Jersey JE2 3BT
01534 716530 / enquiries@jerseyoic.org
www.jerseyoic.org
