Iriston House Dental Practice Ltd
Data Protection Privacy Notice for Patients
At Iriston House Dental Practice, we will always protect and respect your privacy, and we are committed to security when it comes to your information. We promise that whenever we collect, process, store and share your data we will do safely, securely and in line with relevant Data Protection Regulation. We apply relevant organisational and technical measures to protect your personal data and uphold our compliance obligations.
In providing your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.
Information that we collect
We may collect the following information about you:
- Personal details such as your name, date of birth, national insurance number, NHS number, address, telephone number and email address
- Information about your dental and general health, including
- Clinical records made by dentists and other dental professionals involved with your care and treatment
- X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
- Medical and dental histories
- Treatment plans and consent
- Notes of conversations with you about your care
- Dates of your appointments
- Details of any complaints you have made and how these complaints were dealt with
- Correspondence with other health professionals or institutions
- Details of the fees we have charged, the amounts you have paid and some payment details
Our Data Protection Officer is responsible for ensuring we have the appropriate technical and security measures in place to keep secure the information about you that we hold and upholding our Data Regulations responsibilities at our practice.
We only collect and process personal data based on a lawful basis, in line with the relevant regulations. At our practice, we process patient data based on the necessity for the performance of a task carried out in the public interest and for the provision of health care or treatment or management of health care systems and services. Additionally, we process data in order to fulfil our contractual obligations and may contact patients from time to time with relevant communications based on legitimate interests.
Those at the practice who have access to personal information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice. In line with our approach to Information Security, we manage access data diligently and ensure it is role-based and protected according to privacy by design principles. Additionally, we undertake regular Data Protection training of our staff.
How we use your information
To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you.
We will share your information with the NHS or Denplan if you are a member of that scheme in connection with your dental treatment. We will also share your data with our trusted and vetted suppliers and partners, including: dental laboratories, referral dental practices, and orthodontics and other dental specialists; in relation to your treatment.
We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, email or letter.
If we seek to use your information for dental research or dental education, we will discuss this with you and seek your consent before doing so. Depending on the purpose and if possible, we will anonymise your information. If this is not possible we will inform you and discuss your options.
Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:
- Your doctor
- The hospital or community dental services or other health professionals caring for you
- NHS payment authorities
- The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
- Private dental schemes of which you are a member.
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies. Where we are obligated to share patient data in relation to audits or complaints in line with 1984 Dental Act, we will do so with the General Dental Council (GDC).
Keeping your information safe
We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to ensure the security of the practice premises, the practice filing systems and computers
We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we backup information routinely.
We keep your records for 10 years after the date of your last visit to the Practice or until you reach the age of 25 years, whichever is longer.
Access to your information and other rights
You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email to the address bellow . We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.
You can also request us to
- Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
- Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment
- Stop using your information – for example, sending you reminders for appointments or information about our service
- Supply your information electronically to another dentist.
If you do not agree
If you do not wish us to use your personal information as described, you should discuss the matter with your dentist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.
You can exercise any of the above rights by contacting us at DPO@iristonhouse.co.uk. Most of the above rights are subject to limitations and exceptions; we will provide reasons if we are unable to comply with any request for the exercise of your rights.
All your personal information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) AND THE Data Protection Act 2018 and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).
Review date: November 2019