01473 462355

We are committed to safeguarding the privacy of our patients either online or in the practice; this policy/notice sets out how we will treat your personal information.

PRIVACY NOTICE FOR PATIENTS

KEEPING YOUR RECORDS SAFELY

This practice aims to comply with the Data Protection Act 2018, The General Data Protection Regulations (GDPR) the guidelines on the Information Commissioner’s website as well as our own professional guidelines and requirements. This means that we will ensure that your information is processed fairly and lawfully.

 As part of the services we offer, we are required to process personal data about our staff, our patients and sometimes the relatives of our patients. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We obtain your personal details when you enquire about our care and services, when you join the practice, when you complete a practice record form or medical history form and when another healthcare professional refers you for treatment ( e.g. from your NHS dental practice).

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.

WHAT PERSONAL DATA DO WE NEED TO HOLD?

In order to provide you with a high standard of dental care and attention, we need to process personal information about you. It is essential that your details are accurate and up to date.  Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible. 

  • Your past and current medical and dental condition, personal details such as your date of birth, gender, NHS number, address, telephone numbers, Email address, family contact details, marital status, financial details if necessary and your general medical practitioner.
  • Radiographs, clinical photographs and study models.
  • Information about the treatment that we have provided or propose to provide and its cost.
  • Notes of conversations/incidents that might occur for which a record needs to be kept.
  • Records of consent to treatment.
  • Any correspondence relating to you with other health care professionals, for example your dentist, in the hospital or community services.

We may also process Sensitive Special Category Data

 Categories and why we process the data

Personal Data

  • For the provision of dental health care.
  • To maintain your contemporaneous clinical records
  • To manage your NHS orthodontic treatment.
  • To refer you to other dentist, doctors and health professionals as required.
  • For the purposes of providing treatment plans, recall appointments, reminders or estimates.
  • Details of family members for the provision of healthcare or for emergency contact details.
  • For the purposes of employed and self employed staff members’ employment and engagement, including criminal record disclosures.
  • For the purpose of direct mail/email/text/other to inform you of important announcements.
  • To send your personal data to the General Dental Council or other authority as required by law.
  • To carry out financial transactions with you and if necessary debt recovery.
  • To continually improve the care and service you receive from us.

 

Special Category Data

  • Including health records
  • Ethnicity, race, religion, sexual orientation so we can meet requirements of the Equality Act 2010 or modify treatment to suit your religion.
  • Including health records for the purpose of healthcare delivery and meeting our legal obligation with the NHS.
  • Details of Criminal Record Checks for Employees and contracted staff members.

 

Legal bases for processing your data

Patient data is processed in accordance with the 2005 NHS General Dental Services contract and the relevant UK Data Protection Act (DPA2018) as regulated by the UK Information Commissioner’s Office (ICO).  All personal data associated with NHS treatments, including any private treatments on NHS patients, is shared with NHS England and their NHS partners under the terms of the mentioned GDS contract.  Information related to private patients is processed under similar conditions though not shared with the NHS.  We are legally required to share all information with the Care Quality Commission (CQC) and the General Dental Council (GDC) should they request it.

Processing of staff or patient medical records is done so under DPA2018, and GDPR Articles:

All personal data is stored in the EU either in Digital or Hardcopy format.

For full details of where we store your personal data please ask to see our Information Governance Procedures.

WHY DO WE HOLD INFORMATION ABOUT YOU?

We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate orthodontic care. We also need to process personal data about you in order to provide care under NHS arrangements and to ensure the proper management and administration of the NHS. 

This means your records are used to direct, manage and deliver the care you receive to ensure that:

  • The dental professionals involved in your care have accurate and up to date information to assess your oral health and decide on the most appropriate care for you.
  • Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive.
  • Your concerns can be properly investigated if a complaint is raised.
  • Appropriate information is available if you see another dental professional or are referred to a specialist.

If we wish to use your information for dental research or dental education, we will discuss this with you and seek your explicit consent.  Depending on the purpose and if possible, we will anonymise your information.  If this is not possible we will inform you and discuss your options.

DISCLOSURE/ SHARING OF INFORMATION

In order to provide proper and safe dental care, we may need to disclose personal information about you to:

  • Your general medical practitioner. 
  • The hospital or community dental services.
  •  Other health professionals caring for you.     
  •  NHS payment authorities.
  •  Private dental schemes of which you are a member.    
  •  The Inland Revenue.                                                                                                                                                                                   

Disclosure will take place on a “need to know” basis, so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of government (whose personnel are covered by strict confidentiality rules) will be given the information. Only that information that the recipient needs to know will be disclosed.

Patients over 14 have the option to list which family members/ other person we can share data with e.g. appointments or treatment/medical history.

We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent for example a referral to a secondary care practitioner or hospital and your permission will be obtained before the referral is made  where it will be shared with the NHS.

Where possible, you will be informed of these requests for disclosure.

SECURITY OF YOUR PERSONAL DATA AND INFORMATION

GDPR and DPA2018 require us to treat Data protection by design and default. We will take reasonable technical and organisational precautions to prevent the loss, misuse, alteration, or inappropriate sharing of your personal information.

We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.

Personal data about you is held in the practice’s secure computer system and in a secure manual filing system. The information is not available to the public and the information is only accessible to authorised personnel. Your personal information is carefully protected by the staff at this practice. All access to information is held securely and can only be accessed by regularly changed passwords. All our staff have individual accounts and are trained in safe data usage. Data is encrypted and computer terminals are closed if unattended. Computers containing patient data software are in a closed network with no internet access, our computer system has secure audit trails and we back up information routinely to a secure sever. Our only internet is accessed through the practice Laptop and isn’t connected to the practice computers. It has anti-virus and malware protection and uses a secure wifi connection.

We also use physical locks and managed alarm systems.

Personal information will not be removed from this practice without the patient’s authorised consent. Any lab work sent away only has an ID number and surname to avoid personal identification.

Any non-two-week-wait referral to other healthcare professions for your treatments to hospitals and oral care specialists will use secure NHS email accounts or use a secure NHS provided web portal to prevent inappropriate sharing of data.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.  This includes any email communication via non-NHS email accounts.  We therefore request you not to send us sensitive information over email accounts that we use for general enquiries or diary booking, reminder and recall correspondence.

Should we need to email you your sensitive data, we will do so using the [secure] feature of NHS email, or via another means with your consent.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.  Even prior to GDPR, we were mandated to notify the NHS, and the ICO, of data breaches in accordance with our NHS contract.

All information assets are recorded, and their data flows mapped, and risk assessed.  We have carried out a recent Data Privacy Impact Assessment (DPIA) on our dental information system, where identified risks have been mitigated or otherwise functionality disabled.

In accordance with the GDPR and DPA2018, all future changes or proposed new technology or processes will only be implemented after a DPIA has been completed and authorised.

YOUR RIGHTS

The GDPR includes many ‘rights’ for the data subject to exercise.  These are listed below.  It should be noted however that not all are applicable under UK law, DPA2018, in the delivery of your dental care.

  1. The right to be informed about the personal data we collect and use.
  2. The right to access a copy of your data that we hold by contacting us directly: Please ask at reception for a SAR form, we will acknowledge your request and supply a response within one month or sooner. Generally we will not charge for this service.
  3. The right to rectify the information we hold about you if incomplete or inaccurate.
  4. The right to erasure of your personal data, although clinical records must be retained for a certain period of time.
  5. The right to restrict processing of your data in certain circumstances.
  6. The right to data portability for us to transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
  7. The right not to be subjected to automated individual decision-making and profiling (this would not occur at Orthoactive as our software is not capable)

 

DPA2018 Exemptions from the GDPR

The Data Protection Act 2018 Schedule 3 does contain exemptions from the above GDPR rights when pertaining to health.  Please be aware of the following:

  • Part 1, 1(e) restricts the deletion of patient identifiable data, which effectively overrides the patient’s Right to Erasure.
  • Part 1(1)(g) restricts the moving of records, effectively overriding the patient’s Right to Data Portability.
  • Part 2, 2(1) allows ‘the appropriate health professional’ to restrict the patient’s Right of Access should it be determined by doing so would cause ‘serious harm to the physical or mental health of the data subject or another individual’.

Further details of these rights can be found in our Information Governance Procedures or at the Information Commissioner’s Website www.ico.org.uk

REQUESTS FOR PERSONAL INFORMATION

Data protection legislation allows individuals to request access to their personal information at nil cost.  Those eligible to request access include:

  •    A person aged 16 years or older for practices in England.
  •    The parents or guardians of a child under the age of 16 years and in connection with the health and welfare needs of the child.
  •    A child under the age of 16 years who has the capacity to understand the information held by the practice.  Children aged 11 years and under are deemed too young.
  •     A third party, such as a solicitor, who has the written consent of individual concerned.

If a request concerns information about a deceased person, those eligible to request access include:

  •    The administrator or executor of the deceased person’s estate
  •    A person who has a legal claim arising from the person’s death – the next of kin, for example. The person should explain why the information requested is relevant to their claim.
  •    But does not include someone who had Power of Attorney prior to death.

If the information requested includes information about third parties, it can be disclosed if the third party gives consent or is a health professional involved in the care of the patient or is otherwise irreversibly redacted or anonymised.

Subject Access Requests (SAR) may be made in writing and describe the type of information required with dates, if possible, and include sufficient information to ensure correct identification (name, address, date of birth, for example).  We will always check that the person asking for information has the right to do so and, if necessary, ask for proof of identity.

We will aim to provide the requested information within one month of receiving.  Should we need to extend the reply up to an additional two months, we will inform you of the delay and the reasons why.

In accordance with DPA2018, where requests are manifestly unfounded or excessive, we can charge an administrative fee or refuse to respond.

REQUESTS FOR INFORMATION ABOUT THE PRACTICE

DPA2018 Part 2, Chapter 2, section 7 defines the meaning of ‘public authority’ to be ‘a public authority as defined by the Freedom of Information Act 2000’.  For this dental practice, this means the activities of the business that are funded by the NHS.

Freedom of information legislation allows anyone to ask for information about the provision of NHS services.  If the requested information is part of a larger document, we will disclose only the relevant part.

A freedom of information request cannot include clinical records or financial records.

The request must be made in writing to Dr Kornel Csongrady and should describe the required information with dates if possible.

  •    Email info@orthoactive.co.uk or write to
  •    Dr Kornel Csongrady (Owner), Orthoactive, 310 Norwich road, Ipswich, Suffolk, IP1 4HD

Charges for information provided under a freedom of information request are included as follows:

  •     Up to £10 (for records held on computer)
  •     Up to £50 (for those held manually)

We will aim to provide the information within 20 working days of receiving the request or confirmation of identity or, if applicable, from the receipt of the fee.  Timescale may need to be extended if we need to seek clarification or are taking legal advice on whether an exemption applies.

Please note that we will not respond to:

  •    Vexatious requests for information, for example, requests that are designed to cause inconvenience, harassment or expense.
  •    Repeated requests for the same or similar information (unless the information changes regularly, for example performance or activity information).

 

HOW LONG IS THE PERSONAL DATA STORED FOR?

  1. We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend.
  2. We must store employment data for six years after an employee has left.
  3. We must store contractors’ data for seven years after the contract is ended.

 

RETAINING INFORMATION (RECORD KEEPING)

We are required to retain your dental records, X- rays and study models while you are a patient of this practice and after you cease to be a patient. We have to abide by the NHS Records Management Code of Practice which means that at the end of your treatment when you are discharged the following rules apply:

If you are under 17 records are kept until you turn 25 years old

If you are 17 records are kept until you turn 26 years old

If you are 18 or over records are kept for 15 years

We archive all electronic medical records as a patient finishes treatment, we then delete at the appropriate date; at present this is not a permanent 100% delete as the software/ backup system doesn’t allow for this. Other data typically is held in accordance with NHS guidelines for data retention and disposal. 

We have a retention schedule listing all documents and the timeframes for disposal.  Retention periods may be changed from time to time based on business or legal and regulatory requirements.  Before securely destroying the data in accordance with NHS guidelines (cross-cutting or incineration of paper, or making computer data beyond recovery, etc) we re-audit the material – sometimes ex patients return to us several years later.  Should we use a third party to handle our destruction, then they operate under contract and provide records of their activities.

Sometimes the retention period is longer as recommended by the Dental Defence Union (DDU) best practice, for example to support a potential or ongoing dental insurance claim. We reserve the right to retain details of bad debtors indefinitely to ensure the financial stability of our business.

What if you are not happy or wish to raise a concern about our data processing?

You can complain in the first instance to our Data Controller -Dr Kornel Csongrady  or to our Data Protection Officer/ Governance Lead – June Schofield  on 01473 462355 or by email info@orthoactive.co.uk

We will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.

NATIONAL DATA OPT OUT POLICY

How the NHS and care services use your information.

When you use a health and care system such as Accident and Emergency or Community Services, important data is collected about you in a patient record for that service.  This information can sometimes be used and or provided to other organisations for purposes beyond your individual care.

This may aid in the following:

  • Improving the quality and standards of care provided
  • Preventing illness and diseases
  • Research into the development of new treatments
  • Monitoring safety
  • Planning Services

Your information can only be shared when there is a clear legal basis to do so; confidential patient information is only used like this when allowed by law. Most of the time anonymised data is used for research and planning in which case your confidential data isn’t needed.

All patients have a choice about whether they want their data used in this way. If you are happy with this use of your information you do not have to do anything.

If you only want your confidential data to be used in your own personal care you have the option to opt out. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page as well as finding out more about how your personal data will be used, you can access the system to view, set or change your opt out setting. There is also a contact telephone number if you wish to know more or opt out by telephone.

Don’t forget you can change your mind about your choice at any time.  All Health and Care organisations have had to put systems and processes in place to be compliant with the National Data opt out and to apply your personal to choice to any confidential information they hold.

Orthoactive only uses your personal health data to provide individualised personal care to you and does not use or disclose your data for any other reason.  Therefore the National Data Opt-out does not apply to our data so we are compliant with the National Policy.

 

Cookies

Liability notice
Despite careful checking, we assume no liability for the content of external links. The content of linked pages is the exclusive responsibility of their operators.

Links
This website contains links to other website or social media sites. By clicking on a link that leads to third-party website you acknowledge that these websites have their own privacy policies. Please check the privacy policies when using these website, as we assume no responsibility or liability whatsoever for third-party website.

Cookies

Our website uses cookies. If you already visited the Orthoactive website, you will have alerted the cookies, which may or may not allow you access.

The vast majority of commercial websites use cookies (tiny text files that download to your computer when you visit a website) for a variety of purposes including functional reasons like storing shopping basket items, personalizing content, counting visitors etc. Most cookies, including the ones used here, are harmless.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies can be used by web servers to identity and track users as they navigate different pages on a website, and to identify users returning to a website.

Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies on this website

Google Analytics (by third parties):
This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use includes the “Universal Analytics” operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user’s activities across devices.
Google Analytics uses “cookies”, which are text files placed on your computer, to allow the website operator to analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is § 15 para. 3 TMG and Art. 6 para. 1 lit. f GDPR. The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

How we use cookies

Cookies do not contain any information that personally identifies you, but we may use the information we obtain from your use of our cookies for the following purposes:

(1) to recognise your computer when you visit our website;
(2) to improve the website’s usability;
(3) to analyse the use of our website;
(4) in the administration of this website.

 Third party cookies

When you use our website, you may also be sent third party cookies. Our service providers may send you cookies. They may use the information they obtain from your use of their cookies.

 Blocking / Deleting cookies

Most browsers allow you to refuse to accept cookies. Blocking all cookies will, however, have a negative impact upon the usability of many websites.

Internet Explorer:

  1. Open Internet Explorer
  2. Click “Tools” and then “Internet Options” top right of your user interface
  3. Click on “Privacy” tab on top
  4. Adapt your desired settings with the controller – all cookies are blocked on top
  5. Save your settings

Google Chrome:

  1. Open Google Chrome
  2. Press on the so-called burger menu (hamburger icon with three parallel horizontal lines) top right
  3. Choose “Settings”
  4. Click “Show Advanced Settings”
  5. Click the “Privacy” tab and open the “Content Settings”
  6. In the section “Cookies” you can choose the option “Block sites from setting any data”
  7. Save your settings

Mozilla Firefox:

  1. Open the Mozilla Firefox browser
  2. Press on the so-called burger menu (hamburger icon with three parallel horizontal lines) top right
  3. Select “Options”
  4. Select the tab “Privacy”
  5. Select “Firefox will:” to use custom settings for history
  6. Uncheck “Accept cookies”
  7. Save your settings

Safari:

  1. Open Safari
  2. Press the grey gear in the corner top right and click “Preferences”
  3. Click the “Privacy” tab
  4. Set your preferences to “Always” next to “Block cookies”

Contact us

If you have any questions about our cookies or this Privacy Policy, please contact the practice directly on 01473 462355

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

 

 

Latest News

Read More...

Opening Hours:

Monday, Tuesday, Thursday 8.30am -5.30pm
Closed for lunch 1.00pm - 2.00pm

Address:

310 Norwich Road, Ipswich, Suffolk, IP1 4HD

Email:

info@orthoactive.co.uk

Tel:

01473 462355

Fax:

01473 462356

Important Notice:

We accept a minimum of one day notice before cancelling the appointment. More than one missed or cancelled appointments without giving notice may incur a charge. More than three missed appointments (without cancelling) may lead to the discontinuation of your treatment.

Occasionally we may need to rearrange clinics at short notice for a variety of reasons such as training courses or illness. We do sometimes run late, often due to emergency repairs or a previous patient arriving late - please bear with us and allow sufficient time.

Appointments and cancellations:

Usually your appointments will be at 3-5 week intervals. If you are unable to attend, please call and let us know as soon as possible by calling our practice.

In case of emergency:

For advice call:

01473 462 355

Emergency number:

07582 284659

If no one is there to answer, you will be asked either to leave a message or given an alternative telephone number to contact.

Code of Practice for Complaints

Infection Control Policy