At Yerbury McCullagh and Blessing, we’re committed to protecting and respecting privacy and take data handling seriously.
This Policy explains when and why we collect personal information about people who visit our practice, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Our staff are have recently undergone rigorous training in line with the 2018 changes to data Protection and we have other policies which should be read in relation to this one.
This policy should be read alongside our policies and Procedures on:
Why do we have data?
In order to provide patients with the best dental care possible we have to take data to determine the best possible course of treatment.
What Information do we have?
When a patient registers at the practice we usually take a few personal details on the telephone or face to face. These are details which you provide us with and some examples are name, address, telephone number and date of birth. We also take contact details like mobile phone numbers and email addresses for correspondence.
These details are entered into our Practice Management software (Dentally) which we use to manage our database and diary. A detailed list of the information we hold is as follows:
- Date of birth
- Email address
- Telephone number
- Referral source
- Which dentist you see here
- Which hygienist you see here
- How often you attend here
When a patient comes for their initial clinical consultation we take and process further data to provide them with the best possible care tailored to suit their specific needs. A detailed list of the information we ask for, use clinically and then often store, is as follows:
- A confidential Medical History Form
- Radiographs of the teeth
- Study models of the teeth
- Correspondence from a previous clinician to avoid unnecessary duplication of radiographs
How is information used?
Overall, information is used to provide patients with the best dental care possible. Here are some examples of how and why we use data.
- To schedule appointments here at the practice
- To remind patients of the need for a routine visit to either the dentist or hygienist, or both.
- To correspond with patients regarding the next stage of your treatment.
- To seek a patients views or comments on the services that we provide – (we limit this as much as possible)
- To notify patients of changes to our services
- To refer patients to a colleague, with your consent
- To liaise with patients regarding your treatment
- To determine the safest options for patients, based on their medical history
- To avoid medical emergencies
- To effectively diagnose early caries, periodontitis and any other pathology
- To demonstrate procedures and aid patient education
- To Send invoices for payment of treatment
- To process payments for dental treatment – We process payments by cheque, BACs or card payments taken over the telephone
- To Complete Dental Insurance Claim forms for our patients
- To send receipts to patients
We will never sell or rent information to third parties for marketing purposes.
We try as much as possible to limit the amount of unnecessary correspondence with patients.
We do not market our own services and always ask patients for their contact preferences when they register at the practice.
We never store or write down a patient’s payment card details. Our calls are not recorded, and our payments are processed by streamline – for which we hold a data service user agreement.
We do not accept payments through a website and every effort is made by us and by streamline to make sure all payments are secure.
In some cases, we may need to refer you to a specialist colleague in line with your personal dental treatment needs. This is an example of when we may “share” your data. This is only done with your consent and our referrals are sent securely by email (office 365) with encryption. Again, we have a service user agreement in place to ensure that every possible effort is being made to secure your data when we send it.
As a specialist prosthodontic practice, a large part of our work involves the services of a Dental technician or a laboratory. We often make impressions of your teeth to construct custom made dental appliances. Examples of these are crowns, bridges and dentures. Impressions of your teeth are sent to our laboratories along with minimal personal details (usually your name or an ID number) for identification.
We have user agreements and contracts in place with our Laboratories to protect your data, as this another example of when we might ‘share’ your data.
Data at this practice is stored electronically and on site at the practice.
We use a cloud based 16 bit encrypted software management system (Dentally) which staff members log into whilst working at the practice. Dentally Log in requires 2 step verification, user passwords and this software is stored on Amazon servers within the UK.
Your digital radiographs are stored within dentally using Vixwin software and copies are backed up to our own server at the practice. Historical physical radiographs are stored in patient record cards and filed at the practice in a locked room for which, only staff has access.
Study models are all stored on site.
Clinical record cards are stored securely at the practice and only staff members have access to them.
A copy of a patient’s medical history is kept in their record card and a copy is scanned into dentally.
The security measures we take
When we are given personal information, we take steps to ensure that it’s treated securely. For the most part, information is stored electronically.
We take advantage of every security measure offered to us by office 365, Outlook, Windows, Dentally and use 2 step verification and encryption, where possible for all emails and windows log in’s.
We have recently updated our server, our passwords and log in details on every computer in the practice.
Non-sensitive details (email address and contact details etc) are stored on the practice management software package and on our server.
Sensitive details will never be shared or transmitted over the internet without encryption or without the knowledge of the person who owns them.
Accuracy and Access of Information
The accuracy of information is important to us. We ask all users of our service to update us If they change their address, phone number or to tell us if any of the other information we hold is inaccurate or out of date.
We ‘archive’ inactive patients after 4 years – this means we remove your notes from our office and put them in storage and will cease to contact you. We are obliged to hold all dental records for 11 years in accordance with our statutory obligations. After this time we will delete you from our systems.
If a patient would like copies of their information we will respond to any request within 30 days of receiving it.
Every Patient has a choice about whether or not they wish to receive information from us.
If they do not want to receive communications from us about our services, then they can use the unsubscribe link in each email communication or contact us to be removed.
If there is anything in this policy that you do not understand or would like further information please do not hesitate to contact Joanne Maher or one of the partners at the practice.