Updated March 2019

Active Life Physiotherapy Centre Privacy Policy

We are Active Life Physiotherapy Centre(Contact details listed below), trading as Active Life Physiotherapy Ltd and for the purposes of processing your personal data we are the Controller. We are committed to protecting your personal information. This privacy policy relates to our use of your personal information which we may have collected from you in person, via information you give us by letter, email, SMS or over the telephone, or information sent to us by a third party who has evidenced consent from yourself for said third party to make this information available to us in order to enable us to provide Physiotherapy Services that you have agreed to, or requested, and also fulfil our legal obligation to maintain accurate and relevant medical records.

Data Protection Officer

As we record and use sensitive health data we take the protection of this data very seriously.  We have therefore appointed a Data Protection Officer, Active Life Physiotherapy Ltd, which is your first point of contact for any matters regarding your personal data we process.  They can be contacted on (01553) 772292, theiir email address is reception@physio-centre.co.uk and their postal address is 15 Blackfriars Street, King's Lynn, Norfolk. PE30 1NN.

How do we obtain your personal information

We collect and process personal information when you telephone the clinic to make an enquiry or appointment, when you email us or if you choose to give us relevant personal information if you visit the clinic in person.   Personal information that you give or discuss with us that is not relevant or required for maintaining legal, accurate contemporaneous Physiotherapy medical records will never be recorded in/on any form of media.  Third party referrers may send us your personal information via letter or email, following consent from yourself that this is the course of action you would like to take.  

What personal information do we collect

At the point of enquiry, most commonly an email or an answermachine message may be left with a name and a phone number and possibly also personal information regarding what part of the body requires physiotherapy, and possibly best times to call back.  This is all confidential personal information.  In this instance we would record all of this information in note form on a notepad, and immediately delete the non-secure message from the answer machine.  The enquiry would then be followed up and the notes on the notepad deleted at day end. During the intervening period the notepad is kept securely and out of view. 

At the point of booking we will ask you for;

Your name, date of birth, address and postcode, contact telephone number(s), and email address.

At initial appointment, the physiotherapist may ask for information regarding your general health, your previous health, medications you may be currently prescribed, which GP surgery you are registered at, and information about the condition you are seeking advice about.  The physiotherapist may also ask for information regarding any activities you undertake and your employment. A record of the findings of the Physiotherapy session will also be kept as hard copy.

How your personal information in hard copy is processed

Hard copy medical records are stored in lockable filing cabinets at all times when not in the physiotherapist's possession, and are required by law to be held for 8 years for adults over the age of 18, or for 8 years post mortem.  Medical records pertaining to minors are required by law to be kept until their 25th birthday.  Due to lack of storage space, 4 years of medical records are held off site in lockable filing cabinets available for easy access if required.  Once 8 years has elapsed the relevant medical records are incinerated.  Physiotherapists are bound by Quality Assurance Standards to complete note writing on the day of seeing a particular patient, and Patient record cards are not allowed to be removed from the practice premises unless they are over 4 years old and are being stored off site as previously described.  The daily folders of patient notes provided to the Physiotherapist at the beginning of the day are also treated with utmost confidentiality with any notes not being immediately in use, locked away in a treatment room cabinet.

How your electronically stored personal information is processed 

Your relevant personal data is inputted to a bespoke Practice Management program that is password protected.  In addition to the personal data listed above that we collect, we also generate and collect financial data relevant to you during your treatment journey storing it within the Practice Management program.  If your treatment is being financed by a 3rd party insurance company, intermediary company, or employer, we will require written consent from you before we can send financial data(invoices or billing information that will include dates of attendance) and clinical information/recommendations relevant to you to that particular company.  Unless we have your written consent no personal information will be transmitted by any form of media outside Active Life Physiotherapy Centre.  Copies of professional letters that physiotherapists write to other medical professionals, having obtained your consent, regarding your medical management are also stored within the Practice Management software.  Any personal information passed electronically by email will be encrypted and password protected and we will take all reasonable precautions to transmit the information securely.  Any personal information passed on in the form of a written letter is considered securely delivered if sent by recorded delivery Royal Mail, if handed to you personally, the contents of the letter becomes your full responsibility.

At Active Life Physiotherapy Centre we do not use portable data storage devices, but instead subscribe to an encrypted version of Dropbox and a bespoke backup system that stores all sensitive personal data in an encrypted form in a password protected "cloud".

When filling out your personal information at initial assessment we request an email address which we use only for clinically relevant discourse, for example sending exercise programmes, requesting progress reports or arranging appointments.  We will never pass on email addresses or personal information for commercial purposes.  We may use your information for clinical audit purposes but that process will always be anonymous.

How do we protect your information

We take organisational and technical security measures to protect your information against unauthorised disclosure or unlawful processing.

Our website and facebook page may contain links to external sites, these sites have their own privacy policies and we are not responsible for their content, you should check their privacy policy prior to submitting ant personal information.

Your Rights

As we process your personal data, you have certain rights.  These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.  You may request a copy of your data at any time.  You can do this by written request to Active Life Physiotherapy Centre, 15 Blackfriars Street, King's Lynn, Norfolk. PE 30 1NN, or email reception@physio-centre.co.uk.  Please provide the following information: your name, address, telephone number, email address and details of the information you require.  We will need to verify your identity so we may ask for a copy of your passport, driving license and/or recent utility bill. 

If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact the clinic directly and any corrections to your data will be made promptly. 

If you believe we should erase your data, please contact the Data Protection Officer, whose details are listed above.

If you wish us to stop storing or using your data, please contact the Data Protection Officer, whose details are listed above.

Data Breaches

Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay.  we will give you the contact details of the Data Protection Officer who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.

Should You Wish To Complain

You can contact the ICO via their website: www.ico.org.uk should you wish to make a complaint about the way we are processing your personal data.

Automated Decision Making and Profiling

We do not use any system which uses automated decision making or profiling in respect of your personal data.

Return To Living Life To The Full