Privacy Policy

Our approach to your privacy 

Kate’s Home Physiotherapy is committed to protecting your personal information. The privacy and security of your personal information is very important to us. We want to assure you that your information will be properly managed and protected whilst in our hands. 

The information we collect and how we collect it 

This privacy policy relates to our use of any personal information we collect from you in person, by telephone, text, post, email or via your G.P, specialist or other referring health professional. 

This information may include 

  • Basic personal details such as your name, date of birth, age, address, email address, telephone numbers, marital status and occupation. 
  • Sensitive personal information such as your current health, past medical history, family or personal history in relation to your health, prescribed medication, x-ray and scan reports, 
  • Relevant information about your health, lifestyle, weight, sports, hobbies, social circumstances. 
  • Information collected from 3rd parties – GP’s, specialists, other health professionals and private medical insurers who we will always seek your permission to contact if necessary. 
  • Details about the signs and symptoms you are presenting with and what we find on examining you. 

 

How we use your personal information: the legal basis and purposes 

We’ll process your personal data: 

  • As necessary to help us reach a diagnosis of your presenting problems and draw conclusions in order to tailor a treatment programme to you. 
  • As necessary for our own legitimate interests, for good governance, accounting, managing and auditing our clinical activities. To document emails, calls, other communications and activities. 
  • As necessary for compliance with legal and regulatory requirements, related disclosures and establishing and defending of legal rights. 
  • Based on your consent e.g. when you allow us to disclose your personal data and health information to another health professional, G.P, specialist. 

 

Sharing of your personal data 

Subject to applicable data protection law, your information may be shared with: 

  • G.P’s, Consultants, other health professionals. This may be by letter, which is given to you, so the protection of its contents becomes your responsibility. If the information is sent by email we will take all reasonable precautions to transmit the information securely.  
  • Our legal and other professional advisors. 
  • Courts, to comply with legal requirements. 
  • In an emergency or to otherwise protect your vital interests. 
  • To protect the security and integrity of our clinical practices. 
  • We will not provide your personal information to any third parties for the purpose of direct marketing. 

 

Keeping your personal information secure 

We work hard to keep your personal information safe. We are committed to protecting the confidentiality and security of the information you provide to us. We use appropriate measures to maintain the security of your personal data, to protect against unauthorised access to, disclosure of, unlawful processing/alteration of, accidental damage to, unlawful destruction of or loss of your personal information. All patient’s patient information and clinical notes are held securely in GDPR compliant electronic format and can only be accessed by the appropriate Physiotherapist. 

Data retention 

We have a legal obligation to keep your personal information on file for 8 years after the date of your last attendance. After this time, all patient’s clinical notes held will be safely destroyed.

Your rights in connection with personal information 

Under certain circumstances, by law you have the right to: 

  • Request access to your personal data and information about how we process it. This enables you to receive a copy of the personal information we hold and check that we are lawfully processing it. 
  • Object to processing of your personal data, where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. 
  • Have your personal data corrected if inaccurate and have incomplete data completed. We may need to verify the accuracy of any new data you provide to us. 
  • Have your personal data erased. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it; where you have exercised your right to object to processing.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 
  • Move, copy or transfer your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use. 
  • You have the right to withdraw consent at any time eg. for us to communicate with your G.P. or to decline certain treatments, but this will limit how we can help you/what we can offer you. We will advise you if this is the case at the time you withdraw your consent. Withdrawing your consent will not affect the lawfulness of any processing carried out before you withdraw your consent. 

 

Time limit to respond 

We try to respond to all legitimate requests within one month. Occasionally it may take longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request for access is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 

What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Please let us know if your information changes as it is important that the information we hold about you is accurate and up to date. 

You can contact Kathryn Whitaker (Chartered Physiotherapist, Practice Principal and Data Protection Officer) at kate@kateshomephysiotherapy.co.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for. 

For further information about your rights, including circumstances in which they apply, see the guidance from the Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation