Clinic Data Protection Policy

Information Held:

The following information is collected – Name, address, date of birth, email address, phone numbers, GP details, past medical history, family medical history and case history for treatment carried out my clinic. All the information is given by the patient or their carer, parent or legal guardian.

Data Collection:

Information collected is sufficient for the purpose of making informed clinical decisions. Data is collected orally on the phone by me (or an appointed person) to book an appointment and take contact details. Medical information is collected by me at a face to face appointment. Patient contact details, appointments and clinical records are stored manually.

Data Storage:

The information is stored in a locked filing cabinet within the clinic room which is also locked when not in use. Archived notes are stored in locked cupboard. In the event of my death you may access patient records via my partner Kieran Hall at the above address for up to 12 months after my death.

Data Disposal:

Notes are archived after 12 months after the last treatment and then securely stored on the premises. The notes are diarised for the beginning of the month following 8 years or after age 25 for children. Notes are destroyed by cross cut shredding after 8 years following the last treatment (or age 25 for children).


Patient data may be used for appointment reminders if requested by the patient.

Data sharing:

Information is only shared with other persons with the patient’s permission. This would normally be with other health professionals. Patient information is never passed on to other practitioners, persons or companies. Data would extremely rarely be shared without consent if there was a legal order or in cases of serious safety risks.

Data Checks:

Every year we check 10% of our patients data records to make sure they are accurate.


Access to paper records is restricted to me. If email is used then electronic data is password protected and access to information is restricted to me. Systems are kept updated and antivirus security systems are in place and updated. Passwords are changed every year.
Data breaches will be detected by observing signs of unauthorised entry to storage, monitoring communications or becoming aware of a security breach (eg a virus or unauthorised log on or change to permissions) on the computer system. Data breaches will be investigated and reported to the Information Commisioner’s Office (ICO) by me and patients will be informed if I believe a data breach has occurred. Patients may contact the ICO if they believe a data breach has occurred on 0303 123 1113.

Subject Access Requests:

All subject access requests will be responded to within a month and no charge will be made.

Data is only released on receipt of a signed request from patients or in exceptional circumstances. Any data sharing is detailed in your records.