As you may or may not be aware, the European Union is enacting sweeping new legislation regarding amongst other things, the collection, storage and retention of your personal data. The law is known as GDPR and is quite complex but in essence it regulates data controllers and provides rights to data subjects.
The new law will be invoked on the 25th of May 2018.
As one of your Healthcare Providers we are data controllers – put simply we are responsible for important personal data that is held on file in the clinic about you.
Is Personal Health prepared for GDPR?
To recognise the importance of this subject, we recently audited our practice to ensure that the way we handle your information is up to scratch. All our staff will be undergoing updated training in the coming weeks to reflect the changes in the new legislation.
What changes have the clinic made to protect patient data?
- All of our computers operate with firewalls to prevent outside interference
- We are formulating a new and improved safe internet policy for all of our staff members
- All of our computers and the software we use to access your data are password protected
- All patient data is backed up
- We have recently changed our Clinic Management Software to a Canadian firm (Fully GDPR Compliant) who stores your data under the same Encryption as your bank would use.
- Secure servers: Data is stored in a private server bank located in a secured SOC2, Type2-certified data center, and all data is backed up regularly on secondary servers in Eastern and Western Canada.
- Encrypted Data: Data is encrypted using 256 bit encryption when sent between your device and our servers (in the same way as your banking information would be).
- Role-based access to Jane Administrators, practitioners and patients each access Jane using their own account secured by a username and password.
- Account owner control: Account owners can control access permissions for each user, which includes control of accessing patient charts, billing records, and schedule records.
- Tracking: Jane offers a user-activity report to account owners in which they can see a detailed breakdown of all user activity. The report can be filtered by date range, user, and type of access for regular reviews on who is accessing patient charts.
- We have a computer consultant who upgrades and maintains our computers and software regularly and alerts us to changes that may be needed.
- All staff have confidentiality clauses in their contracts.
What do I need to do?
You don’t need to do anything specific. It is a good idea though to update us (and any hospitals or clinics that you attend) if you change your address or your phone number. This reduces the risk of letters or calls going to the wrong person.
It is also a good idea to check out this link to ensure you know your rights as a data subject.
This post is not intended in any way to be exhaustive and is to advise our patients that we are very careful when handling important patient data. It is also to update them on the upcoming changes in the law. We strongly advised that you use this post as a springboard to reading up on the topic yourself.
We will continue to monitor the way we process & handle your information and asides from work already done we are intending further meetings and updates both internally and externally in relation to the new GDPR regulations. Thanks for reading.