Dr Kathryn Aesthetics & Skincare Limited Policy statement
1. CONFIDENTIALITY AND DATA PROTECTION POLICY
1.1 Dr Kathryn Aesthetics & Skincare Limited is fully committed to complying with the Data Protection Act 1998 which came into force on 1 March 2000.
1.2 It is important that Dr Kathryn Aesthetics & Skincare Limited protects and safeguards patient-identifiable (or person-identifiable) and confidential business information that it gathers, creates, processes and discloses, in order to comply with the law, and to provide assurance to patients who use the healthcare services on offer.
1.3 All employees of Dr Kathryn Aesthetics & Skincare Limited are bound by a legal duty of confidentiality to protect personal information they may come into contact with during the course of their work.
1.4 This policy sets out the principles that must be observed by all staff who work within Dr Kathryn Aesthetics & Skincare Limited and have access to person-identifiable information or confidential information.
1.5 All members of staff need to be aware of their responsibilities for safeguarding confidentiality and preserving information security.
1.6 Respect for confidentiality is an essential requirement for Dr Kathryn Aesthetics & Skincare Limited Aesthetics as an independent healthcare provider.
2. DATA PROTECTION
2.1 The ease with which personal information can be passed at Dr Kathryn Aesthetics & Skincare Limited – often electronically – is a benefit for patients and for those involved in their care and treatment. However, all staff need to be aware of their legal responsibilities under the Data Protection Act to protect the confidentiality of patient information, and other information relating to the business activities of Dr Kathryn Aesthetics & Skincare Limited.
2.2 Personal information on staff is also protected by the Data Protection Act. The Act affords members of staff the same rights of protection for, and of access to, their personal information held by Dr Kathryn Aesthetics & Skincare Limited
2.3 The term ‘person-identifiable information’ refers to information relating to any identifiable individual and it is important to be aware that healthcare information is considered in the Data Protection Act to be ‘sensitive information’ requiring the highest levels of care and protection.
2.4 Dr Kathryn Aesthetics & Skincare Limited fully supports and complies with the principles of the Data Protection Act. In summary, this means personal information must be:
- processed fairly and lawfully
- processed for limited purposes and in an appropriate way
- adequate, relevant and sufficient for the purpose
- accurate and up-to-date
- kept for as long as is necessary and no longer
- processed in line with individuals’ rights
- secure and protected against unlawful access, loss or damage, and only transferred to others that have suitable data protection controls.
2.5 Patient data, (including photographs) is currently stored in a password protected aesthetic clinic software programme, as well as being encrypted. For more information on this please see the following link: https://www.pabau.com/security
3. ROLES AND RESPONSIBILITIES
3.1 Dr Kathryn (Company Director) has overall responsibility for maintaining confidentiality within Dr Kathryn Aesthetics & Skincare Limited and ensuring that this policy is complied with by any staff.
3.2 All staff have a responsibility to protect the personal information held by Dr Kathryn Aesthetics & Skincare Limited
4. PERSON IDENTIFIABLE INFORMATION
4.1 Person-identifiable information is anything that contains the means to identify a person, e.g. an individual name, address, postcode, date of birth, email address, telephone number, or unique identifiable reference number.
4.2 Information can relate to Dr Kathryn Aesthetics & Skincare Limited patients and staff however stored. Information may be held in:
- paper format
- talet devices
- mobile phones
- digital cameras
- compact discs (CDs)
- digital versatile discs (DVDs), and USB devices. This list is not exhaustive.
5. DISCLOSURE OF PERSONAL INFORMATION
5.1 Strict conditions apply to the disclosure of personal information within Dr Kathryn Aesthetics & Skincare Limited. Dr Kathryn Aesthetics & Skincare Limited will not disclose personal information to any third party unless it is believed to be lawful to do so.
5.2 Information relating to identifiable patients must not be divulged to anyone other than an authorised person, for example medical, nursing or other healthcare professional staff, as appropriate, who are concerned directly with the care, diagnosis and/or treatment of the patient.
5.3 Maintaining confidentiality is an important duty but there are circumstances when it may be appropriate to disclose confidential patient information. These are:
- when the patient has given consent
- when the law says it must be disclosed, or when it is in the public interest to do so. An example of such circumstances would be child protection where the overriding principle is to secure the best interests of the child.
6. HANDLING OF PERSONAL INFORMATION
6.1 Dr Kathryn Aesthetics & Skincare Limited will handle all person-identifiable information securely and in keeping with the requirements of the Data Protection Act.
6.2 All staff, through appropriate training and responsible management, will be expected to:
- fully observe conditions regarding the collection and use of personal information
- meet legal obligations to specify the purposes for which personal information is gathered and used
- collect and process appropriate personal information only to the extent that it is needed to fulfil Dr Kathryn Aesthetics & Skincare Limited operational needs or to comply with any legal requirements
- apply strict checks to determine the length of time personal information is held, and
- take appropriate technical and organisational security measures to safeguard personal information.
We comply with the standard procedures and requirements as laid down by applicable law to ensure that your personal information is kept secure and we use the latest in Secure Server Technology (SSL – 128bit encryption) to ensure that all of your personal information is protected to the highest standards.
The transmission of information via the internet is not completely secure. Any emails we send or receive may not be protected in transit. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk.
Any passwords that you use must be kept securely. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
This site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. We may also use trusted third-party services that track this information on our behalf.
Most web browsers allow some control of most cookies through the browser settings. Every browser is different, look at your browser’s Help Menu to learn the correct way to modify your cookies. If you turn cookies off, some features may be disabled.
CHANGES TO THIS PRIVACY NOTICE
We keep our privacy notice under regular review. This privacy notice was last updated on 13th July 2022.