At Yasp we are committed to high standards of practice in all our activities. All personal information is collected, held and used in strict compliance with the General Data Protection Regulations 2018 (GDPR), and in accordance with the standards of the Health and Care Professional Council and Chartered Society of Physiotherapy.
- ‘Personal information’ means any information that is capable of identifying you.
- ‘Sensitive data’ is a special category of personal data which includes health conditions
- ‘We’ means Yasp
We collect and process health data because we have a legal obligation to do so and it is adequate, relevant and limited to what is necessary.
For the purposes of the GDPR, Margaret Gear, trading as Yasp, is the ‘data controller’, i.e. the entity who is responsible for and controls the processing of your personal data.
We collect and process information when you telephone to make an appointment or when you send a self-referral form.
At the point of enquiry or booking we may ask you for your name, date of birth, address, telephone numbers, e-mail address and details regarding your problem/condition.
At your appointment in the clinic, we will ask for information regarding your general and previous health and the condition you are seeking advice about. We will also ask for information regarding any activities you undertake, your employment and any medication you take. We will record the findings of a physical examination. We record our diagnosis, treatment plan and specific problems/goals.
Information regarding your health is collected directly from you, or may be collected from another health provider with your permission.
If you enquire or book but do not attend an appointment you do not become a patient with us and we will not keep your data.
Website: We do not collect any personal information from visitors to our website. Our website contains links to external sites, but we are not responsible for these sites.
How we may use your personal data
We may use your personal data for the following purposes:
- To provide a legal record of any treatment or advice we provide
- To ensure continuity of care
- To send exercises by e-mail. We use a third-party processor for this service.
- We may pass information with your permission to other professionals involved in your care.
- We may use your information for audit/admin purposes.
- We do not pass on your information for commercial purposes.
- We will send you news and offers from Yasp only if you have consented to this.
We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is also your responsibility to inform us if any personal information changes.
Disclosure of your information
With your permission we may pass information to other professionals involved in your care. If this information is given to you in a letter then the protection of the letter contents is your responsibility.
If the information is passed by email, it will be password protected and we will take all reasonable precautions to transmit the information securely. Otherwise it will be sent via post.
In certain circumstances, the GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances Yasp will disclose requested data where it is necessary to do so.
Data Security and Storage
We take appropriate measures to safeguard the information we hold from unauthorised access or improper use. Our database is stored in a secure, password protected location. Only users authorised by us have access to this data.
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet. For this reason, we prefer more secure means of transferring data.
Paper health records are stored in secure premises in locked cabinets. If we need to transport health records, e.g. to visit you at home, these records will be transported in a locked container.
Health records of adult patients must be stored for 6 years after the time of the last consultation. Child health records must be stored until the child’s 25th birthday (or 26th birthday if aged 17 at the time of treatment). Maternity records must be stored for 25 years. When health records and other data are no longer required to be stored these will be destroyed securely and permanently.
The right of access
Individuals have the right to access their personal data (subject access request).
To do so an individual must:
- put your request to any member of Yasp staff, who will record your request
- provide proof of your identity and address (e.g. a certified copy of driving license, passport)
- specify the personal data you want access to
This will be provided within 30 days in compliance with GDPR.
We can decline a subject access request if it is unreasonable.
The right of rectification
Individuals may request that we rectify any errors in their personal data.
The right of erasure (the right to be forgotten)
Our health care notes are collected due to legal obligation and therefore cannot be erased prior to the statutory periods listed above.
Restriction of processing
Individuals may be entitled to limit the purpose for which their data is processed, for example by withdrawing consent to receiving emails or withdrawing consent to us sharing data with named health care professionals.
Customers will be notified within 72 hours of any data breach if there is high risk to the individual.
Further information is available from the ICO on the website.
All changes will be notified on our website. Updated July 2018