Patients have the right to privacy and it is vital that they give the dental hygienist full information on their state of health to ensure that treatment is carried out safely. The intensely personal nature of health information means that many patients would be reluctant to provide the dental hygienist with information if they were not sure that it would not be passed on. If confidentiality is breached, the dental hygienist/ dental nurse faces investigation by the General Dental Council and possible erasure from the Register, and may also face legal action by the patient for damages and, for dental hygienists, prosecution for breach of the 1998 Data Protection Act.

General Dental Council

All staff must follow the General Dental Council’s rules for maintaining patient confidentiality contained in Standards for dental professionals and Principles of patient confidentiality. If confidentiality is breached, each registered dental professional involved is responsible to the Council for their individual conduct.

Personal data we hold of you

• Name
• Contact details including mobile phone, landline number and email address
• Date of birth
• Name and contact details of guardian (where patient has impaired decision capacity or is unable to consent or a child under 16 who has not sufficient capacity to consent yet.)
• Medical and Health Details / History including name of GP
• Dental Records including dental photos, radiographs, dental models and laboratory work
• Ethnic Origin
• Membership of dental/medical insurance plans
• Card payment details (if you opt to pay this way)
• Correspondence with you (letters and emails, enquiries)
• Debt records
• Your signature

All data we hold is received from you directly, through your consent

How we use your personal data

• Administration
• Confirmation of your identity
• To contact you (Appointment reminders, response to any of your queries, etc.)
• Payment and claim transmission Dental Insurance Provider
• Clinical necessity
• To transfer or share with other registered dental or medical professionals with your consent or anonymously to discuss a case and look for advice.
• Occupational health reasons
• Consent for dental treatment
• Processing of payments for services we provided to you

We don’t create derived or inferred data about the data we hold of you and we don’t plan to use this in future for any other purposes.

What is our basis for legal processing of your data?

 We only hold data of you which we require in order to perform the contract between you and us providing you with our services.

As Health Care Providers we have a legal obligation to hold certain types of your personal data.

We hold data of you which is of legitimate interest to us and which you have been informed about, you consent and freely give to us.

If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.

What is our basis for legal processing of your data?

 We only hold data of you which we require in order to perform the contract between you and us providing you with our services.

• As Health Care Providers we have a legal obligation to hold certain types of your personal data.
• We hold data of you which is of legitimate interest to us and which you have been informed about, you consent and freely give to us.
• If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.

How we collect your personal data

• In person through you or your guardian -at our initial consultation by filling patient details, social and dental history forms and Medical History forms we use to regularly collect and update your information on. In future these will be on an ipad.
• Phone, Letter, Email
• Website: Flyingsmiles.co.uk, Feedback and complaints
• Online profile and social media information and activity, based on your interaction with us and
• Our websites, including for example Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
• Statistical data about your browsing actions and patterns – including the full URL clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page
• Please be aware when you contact us through email or the contact form on our website that like any generic email account this is not encrypted and can be hacked into. Only volunteer the information you feel safe you can share with us this way.

Cookies

Our website uses Google Analytics to help analyse how users use the site. “Cookies” are used, which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. This including IP address is transmitted to Google which then evaluates visitors’ use of our website and produces statistics of the website activity. Google and us will not associate or seek to link your IP address with any other data held by Google. We will never use the statistical analytics tool to track or collect any Personally Identifiable Information of visitors to our site. We also will not allow any third party to do so.

Who we share your data with

We only share the individual components of your personal data with others as far as it is required.

• Other registered dental or medical professionals
• Your dental insurance provider
• Service Providers of the practice (i.e. Dental laboratories, accountant, IT services, website designer, card machine merchant)
• Third Parties in context of a potential future sale or restructuring of the business (if it was to become the case)

Children’s Personal Data

Our website is directed to adults; it is not directed to children under the age of 13. We operate our site in compliance with the Children’s Online Privacy Protection Act, and will not knowingly collect or use personal information from anyone under 13 years of age.

The contact form on our site will only be used for the practice’s internal processes. Please be aware when you contact us through email or the contact form on our website that like any generic email account this is not encrypted and can be hacked into. Only volunteer the information you feel safe you can share with us this way. We will delete this data from our email account after a period of three months. We may record this information within our practice management software.

The contact form on our website is only to be used by children aged 13 years and over. If you are younger please ask your parent or guardian to fill it in for you. If you don’t know what to do, please phone the practice and we can help you further.

We keep your name, address, contact details, date of birth, medical and dental records and Community Health Index number, name and contact of your guardian (if necessary) and any details you freely give to us so that we can help you in the best way. By law, we need to keep your data up to 11 years or until you are aged 25, whichever is longer.

It is always good to bring a parent or guardian with you when you come to see us.

If you are under age 16, bring your parent/guardian because they will need to fill in and sign forms for you which give us details about you and your health.

Your right to access data

You have the right to access the data we hold of you. Please put your request in writing to the practice owner Fiona Perry

We will supply the requested information within one month. Where requests are complex or numerous we can extend this by up to a further two months.

A fee can be requested by the practice, but only restricted to requests which are manifestly unfounded or excessive.

How long we hold your data

Most of the personal data we hold of you we need to keep by law up to 11 years or until you are aged 25, whichever is longer. Card payment details we hold for 6 years and 11 months.

Your data is deleted in a confidential and secure manner when no longer required.

How we ensure the security of your data

Your data is partially stored on password-protected computers with the latest anti-virus software and partially stored in the cloud. Practice premises are secured and alarmed and paper files stored in lockable cabinets to which only authorised staff hold the key to. Data is backed-up daily and stored in a secure place. The dental software we use is cloud-based and is hosted on servers that are owned and operated by Amazon Web Services (AWS) that reside within the European Union. AWS is an industry leader and provides a highly scalable cloud computing platform with end-to-end security and privacy features. Access to these data centres is strictly controlled and monitored using a variety of physical controls, intrusion detection systems, environmental security measures and 24/7 on-site security staff, biometric scanning, multi-factor authentications, video surveillance and other electronic means. All physical and electronic access to data centres by AWS employees is authorized strictly on a least privileged basis and is logged and audited routinely.

Personal data is reviewed, updated and deleted in a confidential and secure manner when no longer required.

Transfer of your clinical/medical records is only by post or encrypted email.

Staff is trained on up-to-date data protection requirements and their contracts include a clause regarding confidentiality and data protection.

Request to delete your data

As a health care provider we need to comply with the law and are required to keep most of the data for the above listed periods of time.

However you can request immediate deletion of your contact phone numbers and/or email contact.

Created: 17 February 2020                                                Review: 17 February 2021