KJ Physio is a data controller for the purposes of the Data Protection Act 1998 and GDPR May 2018. There are clinical, safety and legal reasons to collect and process personal data for medical records and we also ask for consent from individual patients.
How do we store and control data at KJ Physio?
Why do we need to process data?
What data do we share and with whom?
KJ Physio recognises the importance of keeping all information secure and confidential, whether medical, personal or financial. Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of data and against any accidental loss or destruction of or damage to personal data. We will not use your data for direct marketing.
Data protection legislation allows any adult patient or competent child to access to their medical records via a Subject Access Request (SAR) which must be made in writing, and this must be responded to within 1 month (unless serious harm could be caused to physical or mental health in doing so or the request is unfounded or excessive.) In most cases there is no charge for an SAR but decisions are made on an individual basis according to the nature of the request.
We have a legal duty to maintain clinical records for 8 years after completion of the last episode of care. Individuals can request that any inaccuracies are corrected and to complain to the ICO if they perceive there is a problem with the way KJ Physio is handling their data.
