I gather and hold your data on a lawful basis for the provision of healthcare and for legitimate interests in the ongoing provision of our clients hearing health. I take the security of your data seriously and have processes in place to keep it safe.
What do I hold?
Information gathered during a consultation will be added to your notes. This includes name, address, date of birth, phone number, email address, relevant medical history, name of GP or ENT consultant, referral information form, hearing assessment results and much more.
Why do I hold it?
This data is held to enable me to effectively carry out your hearing care needs for those who purchase hearing instruments from me or consult me regarding audiological concerns.
Some patients have been instructed by a solicitor or third party, to carry out testing on their behalf and will, therefore, be shared with them. I also carry out testing on behalf of workplaces for them to comply with health and safety legislation. The results in these cases are kept on file should any legal dispute arise in the future. I do not market these documents to individuals.
How do I process it?
I will hold your data on my computers that are regularly updated with the latest patches and security. I am subscribed to McAfee Lifesaver and the next subscription is due to automatically update in July 2019. Computers are all password protected and kept securely. The data is stored in the hearing healthcare industry standard software ‘Noah’ Licenced by HIMSA. Any information kept on the i-cloud is held in a folder that is also password protected and only the data controller and one processor have access to this.
I do not undertake any data profiling activities although I have a website and Facebook page for patients to gain information about my practice.
I also hold a small amount of data in paper files, these are in a locked room (when unoccupied) in a locked filing cabinet.
Your right to access
You have always had a right to access any data I hold about you. I have never charged for this service and agree to comply within the 30-day timeframe but would hope to manage this much more quickly.
Your right to delete data
I am more than happy to remove your address or email address from my database if you do not wish to be contacted in the future. I do however have a responsibility to maintain medical records in case they are required for legal purposes, for a period of 8 years after the last contact with the patient. These will be archived until a trigger date for full deletion is reached.
What will I do if there is a data breach?
I am obliged to inform the ICO within 72 hours of the discovery of a data breach. Individuals affected must be notified if the breach is likely to result in a ‘high risk’ to their individual freedoms which in my case is unlikely but I will take advice from the ICO in the unlikely event of a breach.
Complaints procedure
I hope to never do anything that will give you a reason to be unhappy with my services. However, if you have any cause to complain, please do so to Sarah Barlow in person, via letter to Just Hearing Eurocom House, Ashbourne Road, Mackworth Village, Derby DE22 4NB or via email to sarah@justhearing.com. I aim to resolve issues speedily and collaboratively. If I cannot reach a satisfactory outcome you can contact the professional body BSHAA for mediation at www.bshaa.com I am approved by the HCPC ( Health and Care Professions Council)Park House 184 Kennington Park Road, London SE11 4BU.
I am registered under the ICO as stated in the introduction. In the unlikely event, the complaint has not been resolved, I can take it to one or both of these regulatory bodies.