Version number: 09-2020
16 September 2020
Beeston Chiropractic Clinic patient privacy statement
Beeston Chiropractic Clinic is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to protecting the privacy and security of your personal information. This privacy notice describes, in line with GDPR, how we collect and use personal data about you during and after your time as a patient of this clinic. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
This notice applies to current and former patients.
How we collect your data
We collect data about you in a variety of ways and this will usually start when you make an enquiry to the clinic and continue when you attend your first and subsequent appointments. At this clinic, we keep paper and electronic records. Information we write down on paper may be transferred to our electronic system. We may receive information about you from your GP or other health care provider regarding your referral or, with your permission, additional information that will help us continue with your treatment. We may also hold the results of tests that you have undertaken and that are relevant to your treatment with the clinic.
Personal data is kept in the clinic in paper form stored in locked fire proof cabinets behind lock doors and protected with an intruder alarm and CCTV. Some electronic data is stored in a server onsite – with security measures as described above and backed up by our computer support company Easylife IT in Peterborough. We are protected by the highest security of malware required for our data and our systems are not only monitored and checked daily but also updated on a regular basis.
Banking details i.e. credit cards slip are stored for a maximum of 18 months and then destroyed. The storage is in a safe and behind a locked door with the same security as described above. Only the Directors have access to this storage facility.
Recent changes to our patient management system means that your data is now stored in Janeapp.
Protecting Patient Data
We take privacy and security very seriously and so we’ve implemented multiple processes to ensure that everything is kept safe and secure. Though, we understand that you, as patients, may have some questions about how your data is stored in Jane, so here’s a list of our most-asked-about privacy and security features:
Encryption & Secure Data Transfer
Anytime you or a practitioner transfers data from a computer to Jane, the information is encrypted with the same level of security as your bank uses to transfer information. In addition all patient data is stored in encrypted data volumes on Jane servers.
Read more here: Security FAQ.
Removing Data from Jane
Practitioners offering health and medical services are under legal obligation to retain health or medical information that was collected during the course of treatment. It is their responsibility, in collaboration with the Jane Subscriber (clinic owner), to maintain these records, and in many cases, they are simply not allowed, under law, to delete certain records that they created, and they must retain records for a number of years, sometimes 10 years or more.
If you want your data removed, we do require that you bring your request to the clinic owner who will be able to evaluate their legal obligations to keep that data. Once they have evaluated their obligations, they will provide us with instructions on how to proceed.
Read more here: Privacy Terms.
Zero Credit Card Data in Jane
Jane never stores a patient’s plain credit card information directly on Jane’s servers. When you enter a credit card in Jane, Jane instantly transfers that data to one of our payment processing partners through encrypted transfer. Our PCI-compliant payment processing partners store that information for Jane. The default behaviour of these partners is to store the credit card information so that refunds can be processed.
Our partners for payments have been very carefully chosen, and they use the same 128-bit encryption as the big banks around the world. They send Jane back an encrypted key (a token) which represents the credit card so that Jane can continue to bill against that card if the customer wishes but note that this token can’t be used outside of Jane. The only information that Jane stores about the credit card are the last 4 digits and the expiration date so that the customer will know which card they gave you.
More info here: Is Jane PCI-Compliant?
Account Owner Control
The Account Owner determines what patient data is stored in Jane, who has access to it, and how long they will need to store it, this data may include a patient’s name, address, health insurance and billing information, medical charts, appointment history and other patient data.
Because of this, we give Account Owners full control to set access permissions for each staff member, which includes control of accessing patient charts, billing records, and schedule records.
Read more here: Patient Data
Unique User ID and Password Required
Administrators, practitioners and patients access their Jane account using their own account secured by a unique username and password. Account owners can control access permissions for each user, which includes control of accessing patient charts, billing records, and schedule records.
Jane offers a user-activity report, the Activity Log to account owners in which they can see a detailed breakdown of all user activity. The report can be filtered by date range, user, and type of access for regular reviews on who is accessing patient charts.
Logout All Sessions
As a patient, if you are interested in knowing your own activity, you can check out your managed sessions within your account to see what devices you are currently logged in under, and you’ll have the option to sign out of all sessions as well if needed.
And in the event that you aren’t able to access your account, the Account Owner can send you a password reset link, and once the password is reset, all of your active sessions will also be logged out.
Simple Password Reset
Fast password resetting from main login page so staff can keep passwords fresh (and more secure).
You have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).
Please use the form below.