Practice Privacy Notice

Kingston Orthodontics has a legal duty to explain how we use any personal information we collect about you, as a registered patient at the practice. We maintain records about your health and the treatment you receive in an electronic format.

What information do we collect about you?

We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays and any other relevant information to enable us to deliver effective orthodontic care.

How we will use your information

Your data is collected for the purpose of providing healthcare services; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. In addition, with your consent, we may share your data with other healthcare providers in order to provide you with a high level of care.
The practice may be requested to support research; however, we will always gain your consent before sharing your information.

Maintaining confidentiality and accessing your records

We adhere to the Data Protection Act 1998 (DPA), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). We are committed to maintaining confidentiality and protecting the information we hold about you. You have a right to the information we hold about you, and if you would like to access this information please contact our reception team who will be able to assist you.

Opt-outs

Please contact our Practice Manager who will be able to explain how you can opt out, if you would like to prevent the sharing of your information.

What to do if you have any questions

Should you have any questions about our privacy policy or the information we hold about you, you can contact our Practice Manager via email manager@kingstonortho.co.uk, in person or in writing.

Changes to our privacy policy

We regularly review our privacy policy and any updates will be published on our website.

Routine orthodontic care at Kingston Orthodontics

At Kingston Orthodontics we keep data on you relating to:

  1. Who you are, where you live, what you do
  2. Your medical, dental and orthodontic problems and diagnoses
  3. The reasons you have accessed care with us, your appointments, where you are seen and when you are seen
  4. Referrals to other specialists and other healthcare providers
  5. Results of investigations and scans, treatments and outcomes of treatments
  6. Your treatment history Staff who have access to your information within the practice will only normally have access to that which they need to fulfil their roles. If your health needs require care from others elsewhere outside our practice we will exchange with them whatever information about you that is necessary for them to provide that care, it is usual for them to send us information relating to that consultation. We will all of those reports. Your consent to this sharing of data, within the practice and with those others outside the practice is assumed and is allowed by the Law.

We are required by Articles in the General Data Protection Regulations to provide you with
the information in the following 9 subsections:

  1. Data Controller contact details
    Kingston Orthodontics, Strand House, 169 Richmond Road, Kingston upon Thames, KT2 5DA
  2. Data Protection Officer contact details:
    TBC
  3. Purpose of the processing
    Direct Care is care delivered to the individual alone, most of which is provided in the surgery. If a patient requires a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care
  4. Lawful basis for processing
    The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:
    Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
    Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social
    care systems and services…”

We will also recognise your rights established under UK case law collectively known
as the “Common Law Duty of Confidentiality”
“Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as 'judge-made' or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent.

The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider's consent.

In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.

Three circumstances making disclosure of confidential information lawful are:

  1. Recipient or categories of recipients of the processed data
    The data will be shared with Health and care professionals and support staff in this practice and at hospitals who contribute to your personal care such as Kingston NHS Foundation Trust Hospital

  2. Rights to object
    You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance

  3. Right to access and correct
    You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.

  4. Retention period
    The data will be retained in line with the law and national guidance.
    https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016

  5. Right to Complain
    You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/ or call their Helpline: 0303 123 1113 (local rate) or 01625 545 745 (national rate)