Data Protection and Privacy Policy
What is a privacy policy or notice?
A privacy policy or notice is a statement that discloses the ways in which our Practice gathers, uses, discloses and manages our patient’s data. It fulfils a legal requirement to protect our patient’s privacy.
Why do we need one?
To ensure compliance with the new Data Protection (Jersey) Law 2018 (DPJL) and where relevant, the General Data Protection Regulation (GDPR) legislation, our Practice must ensure that information is provided to patients about how their personal data is processed in a manner which is:
- Concise, transparent, clear and easily accessible;
- Written in clear and plain language, particularly if addressed to a child; and
- Free of charge
What is DPJL/GDPR?
The new laws replace the current Data Protection legislations in Jersey and the UK and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region approach data privacy.
Who does this policy apply to?
In accordance with the new data protection legislation our Data Protection and Privacy polices applies to all patients aged 13 and over.
When did DPJL/GDPR Commence?
The DPJL and GPDR legislation came into effect on 25 May 2018.
How do we communicate our privacy notice?
At our Practice, the privacy notice is displayed on our website, through signage in the waiting room and in writing during the patient registration process.
Why we collect information about you
To enable our clinical and administration teams to provide you with the best possible healthcare from us, we will need to collect and process information about you, this will be either in paper or electronic format amongst others.
What personal information do we collect?
We will collect information provided by you directly or supplied to us by other providers for which you have engaged in their services. This will included personal information like your name, address and contact details etc but may also include sensitive personal information like reports on your health, tests results or your social or health status information.
What do we do with your information?
Your record are used to directly manage and deliver healthcare to you by ensuring the appropriate staff or agencies who are involved with your care are provided with such information which is relevant to them.
Who do we share your information with?
We share your relevant personal information with other healthcare organisations, for example the Hospital, out of hours or Social Security but this may also extend to other organisations for which you have given express consent for example insurance providers. How we maintain your records
Your personal information is held both in paper and electronic formats for specific periods of time. We hold and process your data in accordance with the Data Protection (Jersey) Law 2018 and in addition our staff have a contractual duty to comply with our confidentiality policy regarding patient as well as Practice data.
Communication with you
We will communicate with you in ways that you have agreed to within our registration procedure and policy which you have the option to update, amend or change at any time.
Communication with us
Understandably we have an obligation to protect your data and privacy as well as ensure we have accurate and up to date information about you. When communicating with us we will take steps to verify we are actually communicating with you. This may be in a variety of identification ways depending on your enquiry.
What are your rights
In line with the new legislation you have a right to access personal data we hold about you, for example your health record. You also have a right to have inaccurate or incomplete information corrected subject to certain safeguards. You also have the right to refuse or withdraw consent or sharing of your data and you also have the right to transfer your data to other providers.