Retford Physiotherapy and Pilates Practice Limited
t/a Physio Pilates Retford / Pilates Clinic Retford / PCR Physiotherapy / Jo Pritchard’s Neuro Physio Practice
Dental 22 Buildings
Retford Physiotherapy and Pilates Practice Limited; trading as “Physio Pilates Retford”, “Pilates Clinic Retford”, “PCR Physiotherapy” and “Jo Pritchard’s Neuro Physio Practice”, is committed to protecting your personal information, and this policy relates to our use of information collected from you either in person, by letter, by email, by SMS, by telephone conversations, or by social media.
“Personal information” means any data that is capable of identifying you.
“We” means “Retford Physiotherapy and Pilates Practice Limited”
We collect and process data as we have a professional and legal requirement to do so. We ensure this information is adequate, relevant and limited to only what is necessary.
What information do we collect and when?
We collect and process data when you telephone or text the clinic to make an enquiry or appointment, when you email us or send a message on social media, or when you visit the clinic in person.
At the time of your enquiry or booking, we may ask you for:
Your date of birth
Your telephone number (landline, mobile or both)
Your email address
This will all be referred to as personal details
A brief summary of your reason for enquiring or booking an appointment may also be documented at this initial point of contact.
At your appointment at the clinic we will ask for:
Information regarding your general health, your previous health, and information regarding the condition for which you are seeking assessment, advice, or treatment. We may also ask for copies of medical reports or scan results if relevant.
We will also ask for information regarding any medications you take, your employment, physical activities, hobbies, and interests. We may ask for further information regarding your social history if relevant.
We will also record the findings of any physical examination, any treatment administered by us, and any advice given.
Assessment and treatment may include photographs or videos (additional consent will be sought prior to taking any images).
This will all be referred to as sensitive health related data
How we store and use this information
Sensitive health related data is stored on our secure online record keeping system (third party Powerdiary). This account is secured with 2-factor authentication.
Some of your sensitive health related data may still be kept in paper format and scanned into your online notes at a later date. All paper Physiotherapy clinical records are stored at the clinic in locked drawers, in locked rooms, in a locked and alarmed building. At times your clinical notes may leave the building, due to a home visit for example. These notes will be stored in a locked cupboard at your Physiotherapist’s home address and returned to the clinic on their next working day. Once your paper notes have been fully transferred to our online clinical notes system, the paper notes will be destroyed. Your initial assessment will usually be completed in paper format and then scanned into your clinical notes. Once this is complete, the paper copy will be destroyed.
All additional documents containing personal details are password protected and stored on a password-protected computer with additional security software and synched with office-365 one-drive (password protected). Email communications are stored on the office-365 email server (third party PCI-DSS Compliant server), and at times are uploaded and saved to your online clinical notes. All computers with your data are password-protected with additional security software and are kept in locked rooms in a locked and alarmed building.
Any personal or sensitive health related data stored or sent electronically (e.g. reports) will be password protected in word or PDF documents.
Your name and telephone number, and any voice messages or SMS communications, may also be stored on your Physiotherapist’s work mobile phone (specifically for work and not personal use); these are all password protected.
Photographs and Videos
Photographs or Videos are recorded on a password-protected iPad; this is stored in a locked drawer in a locked room in a locked building.
If you request an online private appointment is filmed, this will be via Zoom (third party Zoom). Once the recording is downloaded by your therapist, it will then be transferred to Vimeo (third party Vimeo) and saved as a password protected video. It will then be deleted from Zoom and deleted from downloaded documents on the therapist’s computer. Only you will receive the link and password for this video. Recording of classes is strictly forbidden.
If you request a private face-to-face appointment is recorded, this will be on your own recording equipment, and you will be fully responsible for the security of your data. Recording of classes, or appointments in any environment where other persons are present (e.g. supported gym visits) is strictly forbidden.
Recordings are strictly for personal use only and must not be used on social media or any other platform without your therapist’s explicit permission.
Details of your name, payments and methodology are recorded and stored on our online account system (third-party Xero). This is protected with 2-factor authentication. If you have paid by cheque or online banking, “TSB bank” will have access to data related to your payment method. Your data will also be included on our bank statements.
We use this information:
- To provide a legal record of any treatment or advice we provide.
- To ensure continuity of care.
- To contact you regarding your ongoing treatment, including sending exercise programmes by email (we use a third party for this service – Physiotec).
- To contact you if new information or treatments become available that may be of benefit to you.
- We may pass your information, with your permission, to other health professionals who may be involved in your care; this may include your GP, your consultant, your midwife, or other healthcare or social services professionals involved in your care.
- We may use your data for quality feedback purposes.
- We may use your data for audit purposes.
- If requested, we are legally bound to share your data with any lawful and / or Crown agency that requests that your data is released.
- If required, your personal data may be shared with a debt collection agency in the event of non-payment.
- Payment data is also shared with our third-party accountant “RAL Associates” for HMRC tax returns purposes only.
- With your explicit consent, personal data is stored with a third party “mailchimp”. General emails and newsletters (including educational or social events, the occasional special offer, and any other matters directly linked with the clinic) are shared this way.
We DO NOT pass on your data for commercial purposes
We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is also your responsibility to inform us if any personal information changes.
All third-party privacy policies can be viewed on their own websites.
How long do we keep personal information for?
After your initial enquiry, your personal details are stored on our online password protected waiting list for 6 months. If you commence treatment within this period then these details are inserted into your clinical notes. If treatment has not commenced after 6 months, these details are destroyed and you need to make a new enquiry if you wish to start Physiotherapy or Pilates at a later date.
We have a legal obligation to retain your clinical records for a minimum of 8 years after the conclusion of your treatment. This includes email communications related to your care.
If your clinical records relate to a child or young person, or include a period of intervention during pregnancy, the records must be kept until your (or your baby’s) 25th birthday or 8 years after death.
We keep a copy of your personal data electronically indefinitely (third party Powerdiary). This is so we can identify when your final episode of care concluded, where your paper notes are filed, or when they were destroyed.
Unless you have given explicit consent for any Photographs to used for educational or promotional purposes, all photographs are deleted from the iPad after uploading into your online clinical notes. Unless you have given explicit consent for them to be used for educational purposes, video clips are deleted at the end of your episode of care (a written description of the video is included in your clinical notes).
How do we protect your information?
We have installed secure outdoor and indoor letterboxes for gathering postal communications, reports, booking forms and payment. This is to ensure they remain private and confidential.
We take organisational and technical security measures to protect the information against unauthorised disclosure or unlawful processing.
For purposes of staff security, an alarm fob may be worn during any face-to-face appointments. If at any time your’ therapist feels unsafe, they may activate this alarm enabling an alarm receiving centre (third party Orbisprotect) to listen in and alert emergency services if required. Any personal data they hear is protected under the following accreditations: BS8484 – the British standard for lone worker providers; BS5979 - ARC accreditation; ISO27001 - Data Security; BS7858 - Staff screening.
You are entitled to a copy of the personal information we hold about you and to have any discrepancies rectified. You can do this by written request to the address at the end of this policy.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you (provided it is lawful for us to delete these records). You can exercise these rights at any time by writing to us at the address at the end of this document.
Disclosure of your information
We may pass information, with your permission, to other professionals who may be involved in your care; this may include (but is not limited to) your GP, your consultant, your midwife, or any other healthcare or social services professionals involved in your care.
This information may be passed on in the form of a written letter. If this is handed to you to pass to the relevant person, the letter and the protection of its contents becomes your responsibility. If the letter is posted by Royal Mail, the envelope will be stamped with “Private and Confidential”; it can be posted recorded delivery at your request for an additional fee.
If any identifiable information is sent electronically by email, this will be in word document or PDF format, and will be password protected. We will take all reasonable precautions to transmit the information securely. If you are sending personal or sensitive health data to us electronically, it is your responsibility to password protect the document if you wish to protect the content in this way.
We may update this policy to reflect changes to our clinic, our website, and customer feedback. Please regularly review this policy to keep informed of how we are protecting your personal data.
Retford Physiotherapy and Pilates Practice Limited
Dental 22 Buildings