Casterbridge Data Protection Procedure/Privacy Statement
The relationship between our laboratory and our clients/patients and suppliers/sub-contractors is based on the understanding that any information received or supplied regarding patients will not be divulged without prior consent and will be protected while in our possession. All personal information held or used within the laboratory is treated as sensitive. This is any form of information which may help to identify an individual in any way, including patient details/prescription information supplied by the dentist, collected from the patient direct or passed on to sub-contractors, all information collected for card transactions/payments or any other financial reason, and all personal information held on employees or their families.
1. Personal Information.
Personal information held in our laboratory to enable us to carry out our normal business while complying with the requirements of the MHRA may include any of the following:
- Names and addresses, of patient, practice and employee.
- Age and gender
- Telephone numbers and e-mail addresses
- Dental treatment details and appliances
- Clinical photos/images
- Medical treatment details
- Card and bank details
- Contract/payroll data.
All staff handling sensitive information are informed or trained as appropriate. Our technicians are registered with the GDC and as such contracted to confidentiality, if confidentiality is breached, the DCP faces investigation by the GDC and possible removal from the register. The contract issued to all members of staff contains a clause on confidentiality and all members of staff must follow the GDC rules on confidentiality. Any breach or suspected breach of confidentiality in our laboratory will be reported immediately and dealt with promptly.
3. Laboratory instructions.
On receipt of work all information supplied is entered on to professional laboratory software and the written information remains with the work until dispatch, after which they are stored in a secure manner and disposed of appropriately, i.e. shredded, at the earliest possible point. All computers are cleaned by an appropriately trained person before disposal.
4. Security .
The laboratory is a secure environment where all visitors remain in the waiting area of reception unless signed in and accompanied by a member of staff. Outside working hours, the property is securely locked and fitted with intruder alarms.
All computers and computer software are password protected with antivirus protection in place. Passwords are only known to those who require access to the information and are changed on a regular basis, these are not kept close to the computer where others may see.
Regular back-ups of computerised data are taken and stored appropriately.
No personal data is removed from the Laboratory by unauthorised persons in the form of documents, e-mails (all forms of digital data) or telephoned, except for documentation returned to the client with finished work, as required by the MHRA.
5. Use of Personal Data.
We do not use personal data for anything other than what it was supplied to us for. We do not pass on any sensitive personal information to any third parties other than that where consent has been given by the prescribing dentist/surgeon/practice/patient or person whose details they are, which may be required for the manufacture of the dental appliance. No data is processed in the laboratory except for producing financial invoices.
There are certain circumstances where the wider public interest outweighs the rights to confidentiality. This may include cases where disclosure would prevent serious risk to the public or assist in the prevention of serious crime. Circumstances where disclosure can be made include:
- Where the patient has given consent.
- Where disclosure is necessary for the purposes of enabling someone else to provide health care to the patient and the patient has consented to this.
- Where disclosure is required by statute or ordered by court of law.
- Where disclosure is necessary for a laboratory to pursue a bona-fida legal claim against a client/patient, where disclosure to a solicitor or debt collecting agency may be necessary.
Documents are stored in a safe and secure manner and only stored for the minimum amount of time required, before being disposed of in the appropriate manner i.e. in-house shredding or the use of certificated professional shredding services or computer software companies.
8. Collection and Delivery.
Consideration of confidentiality is made when transporting data to and from our laboratory and information and appliances are packed in an appropriate manner. Drivers are made aware of their responsibilities in respect of confidentiality.