DATA PROTECTION

Privacy Notice for Patients

In providing your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it

About Us

We are The Loughton Dental Centre operating at 98 High Road, Loughton IG10 4HT

Tolani Nosa-Ehima and Ibibia Segun-Ojo are responsible for keeping secure the information about you that we hold. Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.

Our data protection officer, Tolani Nosa-Ehima ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly. You can contact our data protection officer, Tolani Nosa-Ehima by email at loughondental@gmail.com or by phone on 02085084195

Information that we hold

We can only keep and use information for specific reasons set out in the law. If we want to keep and use information about your health, we can only do so in particular circumstances. Below, we describe the information we hold and why, and the lawful basis for collecting and using it.

Contact details
We hold personal information about you including your name, date of birth, national insurance number, NHS number, address, telephone number and email address. This information allows us to fulfil our contract with you to provide appointments. We will also use the information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care and to make you aware of our services.

Dental records
We hold information about your dental and general health, including

- Clinical records made by dentists and other dental professionals involved with your care and treatment
- X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
- Medical and dental histories
- Treatment plans and consent
- Notes of conversations with you about your care
- Dates of your appointments
- Details of any complaints you have made and how these complaints were dealt with
- Correspondence with you and other health professionals or institutions.

We collect and use this information to allow us to fulfil our contract with you to discuss your treatment options and provide dental care that meets your needs. We also use this information for the legitimate interest of ensuring the quality of the treatment we provide.

Financial information
We hold information about the fees we have charged, the amounts you have paid and some payment details. This information forms part of our contractual obligation to you to provide dental care and allows us to meet legal financial requirements.

Where your dental care is provided under the terms of the NHS, we are required to complete statutory forms to allow payments to be processed. This is an NHS requirement.   

How we use your information

To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you.

We will share your information with The NHS, Denplan and Privilege Plan in connection with your dental treatment where relevant.

We may contact you to conduct patient surveys or to find out if you are happy with the treatment you received for quality control purposes.

We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, email or letter.

We have CCTV at the practice for the purposes of patient and staff safety. Please see our policy for CCTV for further details at the practice.

Sharing Information

Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:

- Your doctor
- The hospital or community dental services or other health professionals caring for you
- Specialist dental or medical services to which we may refer you
- NHS payment authorities
- The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
- Dental laboratories
- Debt collection agencies
- Private dental schemes of which you are a member.

We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. We will let you know in advance if we send your medical information to another medical provider and we will give you the details of that provider at that time.

In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.  

National data opt-out policy

The Loughton Dental Centre is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service (A&E or community care services, for example), personal information is collected and stored on your patient record to ensure that you receive the best and most appropriate care and treatment. The information collected can also be used by and provided to other organisations for purposes beyond your individual care, for example, to provide better health and care for you, your family and future generations by:

- Improving the quality and standards of care provided
- Research into the development of new treatments
- Preventing illness and diseases
- Monitoring safety
- Planning services.

Information about your health and care is confidential and can only be used where allowed by law. Mostly, information used for research and planning is anonymised so that you cannot be identified; your confidentiality is maintained.

You can choose whether you want your confidential information to be used in this way. If you are happy with this use of your information, you do not need to do anything. If you wish to opt out, your confidential information will be used only to support your individual care.

You can register your choice and find out more at nhs.uk/your-nhs-data-matters – including:

- What is meant by ‘confidential patient information’
- Examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- The benefits of sharing data and who uses it
- How your data is protected
- Situations where opt-out will not apply

You can change your choice at any time.

Your information will not be shared with insurance companies or used for marketing purposes without your specific agreement.

Keeping your information safe

We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.

We take precautions to ensure security of the practice premises, the practice filing systems and computers.

We use cloud computing facilities for storing some of your information. The practice has a rigorous agreement with our provider to ensure that we meet the obligations described in this policy and that we keep your information securely.

We keep your records for 10 years after the date of your last visit to the Practice or until you reach the age of 25 years whichever is the longer. At your request, we will delete non-essential information (for example some contact details) before the end of this period.  

Access to your information and other rights

You have a right to access the information that we hold about you and to receive a copy. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.

You can also request us to:

- Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change.
- Erase some of the information we hold. For legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). However, we can, if you ask us to, delete some contact details and other non-clinical information.
- Stop using your information – for example, sending you reminders for appointments or information about our service. Even if you have given us consent to send you marketing information, you may withdraw that consent at any time.
- Stop using information if you believe the information is inaccurate or you believe we are using your information illegally.
- Supply your information electronically to another dentist.

If we are relying on your consent to use your personal information for a particular purpose, you may withdraw your consent at any time and we will stop using your information for that purpose.

All requests should be made by email to our data protection officer at loughtondental@gmail.com

If you do not agree

If you do not wish us to use your personal information as described, you should discuss the matter with your dentist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.

If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).

Data Security Policy

This dental practice is committed to ensuring the security of personal data held by the practice. This policy is issued to all staff with access to personal data at the practice and will be given to new staff during their induction. If any member of the team has concerns about the security of personal data within the practice they should contact Tolani Nosa-Ehima.

All members of the team must comply with this policy.

Confidentiality
- All employment contracts and contracts for services contain a confidentiality clause, which includes a commitment to comply with the practice confidentiality policy
- Access to personal data is on a ‘need to know’ basis only. Access to information is monitored and breaches of security will be dealt with swiftly by Tolani Nosa-Ehima
- We have procedures in place to ensure that personal data is regularly reviewed, updated and, when no longer required, deleted in a confidential manner. For example, we keep patient records for at least 10 years or until the patient is aged 25 – whichever is the longer.

Physical security measures
- Personal data is only removed from the practice premises in exceptional circumstances and when authorised by Tolani Nosa-Ehima. If personal data is taken from the premises it must never be left unattended in a car or in a public place
- Records are kept in a lockable fireproof cabinet, which is not easily accessible by patients and visitors to the practice
- Efforts have been made to secure the practice against theft by, for example, the use of intruder alarms, lockable windows and doors
- The practice has in place a business continuity plan in case of a disaster. This includes procedures for protecting and restoring personal data.

Information held on computer
- Appropriate software controls are used to protect computerised records, for example the use of passwords, pseudonymisation and encryption. Passwords are only known to those who require access to the information, are changed on a regular basis and are not written down or kept near or on the computer for others to see
- Daily and weekly back-ups of computerised data are taken and stored in a fireproof container, off-site. Back-ups are also tested at prescribed intervals to ensure that the information being stored is usable should it be needed
- Staff using practice computers undertake computer training to avoid unintentional deletion or corruption of information
- Dental computer systems have a full audit trail facility preventing the erasure or overwriting of data. The system records details of any amendments made to data, who made them and when
- Precautions are taken to avoid loss of data through the introduction of computer viruses.
- Data stored on cloud computing facilities has in place a rigorous service level agreement with our cloud provider to ensure that all our obligations in this policy are fulfilled and that all information is secure

Loss of patient information
Any loss, damage to or unauthorised disclosure of patient information must be reported immediately to Tolani Nosa-Ehima immediately.

  • Stripe
  • Amazon
  • Ebay
  • Union Pay

© Copyright 2021 Loughton Dental Centre - All Rights Reserved - Privacy Policy