What is GDPR?
The General Data Protection Regulation (GDPR) replaces the existing data protection framework under the EU Data Protection Directive. It is an EU Directive which enhances protection for consumers and creates new obligations for physiotherapists who collect and store data on patients.
Why does Physio 64 collect and use my personal information?
We collect this as part of your medical records when we assess and treat you for a painful condition. We keep this information as details of successful treatment plans and previous rehabilitation strategies may improve our understanding and inform future injuries that you may present with, which is of benefit to you when you return to us with a recurring injury. We use your email address to contact you with rehabilitation plans and home exercise programmes after each session, and to follow up with you during the management of your injury.
What changes will I see as a patient of Physio 64?
GDPR will give you greater control over your personal information and you will notice some small changes on our patient forms and emails as we clearly seek your consent as required during your treatment sessions. Rights for patients under GDPR include:
The right to access the personal information that we hold on you
The right to have inaccuracies in that information corrected
The right to have information on you deleted
The right to object
The right to have your personal information sent to you directly
Does Physio 64 share my personal information?
We do not share your personal information with any third parties. Your personal information and treatment notes are securely hosted on a physiotherapy specific practice management software package. If we need to correspond with another Healthcare Practitioner on your behalf, eg your GP or a consultant, we will obtain your written consent in advance to do so.
For how long does Physio 64 retain my personal information?
We operate in accordance with the Irish College of General Practitioners’ guidelines: "In general, medical records should be retained by practices for as long as is deemed necessary to provide treatment for the individual concerned or for the meeting of medico-legal and other professional requirements. At the very least, it is recommended that individual patient medical records be retained for a minimum of eight years from the date of last contact or for any period prescribed by law. (In the case of children's records, the period of eight years begins from the time they reach the age of 18).
Who is in charge of monitoring these new changes?
Physio 64 have appointed a Data Protection Officer (DPO) to ensure compliance with the new regulations and to liase with anyone who has a query. All queries will be dealt with in a confidential manner. You can contact the DPO, in writing, to: Data Protection Officer, Physio 64, 64 Merrion Square, Dublin 2.