Privacy

Policy

Your privacy is important to us. It is DHA Clinic’s policy to respect your privacy regarding any information we may collect from you across our website, https://dhaclinic.co.uk, and other sites we own and operate.

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.

We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.

We don’t share any personally identifying information publicly or with third-parties, except when required to by law.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.

Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us.

This policy is effective as of February 2023.

Information

Governance Policy

Introduction

Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. It plays a key part in clinical governance, service planning and performance management. It is therefore of paramount importance that information is efficiently managed, and that appropriate policies, procedures, management accountability and structures provide a robust governance framework for information management.

Purpose of the policy

This Information Governance policy provides an overview of the practice’s approach to information governance; a guide to the procedures in use; and details about the IG management structures within the dental practice.

The practice’s approach to Information Governance

The practice undertakes to implement information governance effectively and will ensure the following

  • Information will be protected against unauthorised access;
  • Confidentiality of information will be assured;
  • Integrity of information will be maintained;
  • Information will be supported by the highest quality data;
  • Regulatory and legislative requirements will be met;
  • Business continuity plans will be produced maintained and tested;
  • Information governance training will be available to all staff as necessary to their role;
  • All breaches of confidentiality and information security, actual or suspected, will be reported and

Procedures in use in the practice This Information Governance policy is underpinned by the following procedures:

  • Records management procedure that set outs how patient dental records will be created, used, stored and disposed of;
  • Access control procedure that sets out procedures for the management of access to computer-based information systems;
  • Information handling procedure that sets out procedures around the transfer of confidential information;
  • Incident management procedure that sets out the procedures for managing and reporting information incidents;
  • Business continuity plan that sets out the procedures in the event of a security failure or disaster affecting computer systems; Staff guidance in use in the practice Staff compliance with the procedures is supported by the following guidance material:
  • Records management: guidelines on good record keeping;
  • Staff confidentiality code of conduct: sets out the required standards to maintain the confidentiality of patient information; obligations around the disclosure of information and appropriately obtaining patient consent;
  • Access control: guidelines on the appropriate use of computer systems;
  • Information handling: guidelines on the secure use of patient information;
  • Using mobile computing devices: guidelines on maintaining confidentiality and security when working with portable or removable computer equipment;
  • Information incidents: guidelines on identifying and reporting information incidents.

Responsibilities and accountabilities. The designated Information Governance lead for the practice is Luke Snelling.

The key responsibilities of the lead are:

  • Developing and implementing IG procedures and processes for the practice;
  • Raising awareness and providing advice and guidelines about IG to all staff;
  • Ensuring that any training made available is taken up;
  • Coordinating the activities of any other practice staff given data protection, confidentiality, information quality, records management and Freedom of Information responsibilities;
  • Ensuring that patient data is kept secure and that all data flows, internal and external are periodically checked against the Caldicott Principles;
  • Monitoring information handling in the practice to ensure compliance with law. guidance and practice procedures;
  • Ensuring patients are appropriately informed about the practice’s information handling activities. The day to day responsibilities for providing guidance to staff will be undertaken by Luke Snelling who is responsible for ensuring that sufficient resources are provided to support the effective implementation of IG in order to ensure compliance with the law, professional codes of conduct and the NHS information governance assurance framework. All staff, whether permanent. temporary or contracted, and contractors are responsible for ensuring that they are aware of and comply with the requirements of this policy and the procedures and guidelines produced to support it.

This policy has been approved by the undersigned and will be reviewed on an annual basis.