Doctors, GP’s and healthcare surgeries are often taken for granted. They are expected to be able to answer all sorts of questions about patients’ ailments on demand whilst supplying a first class, caring service in the process. Patients’ personal data should be treated the same way as doctors, nurses, physiotherapists and reception staff use it on a daily basis. Healthcare practices are often very busy and overloaded. This Means that sometimes significant changes to the law such as the GDPR can often get missed. Here at GDPR Systems, we have developed a GDPR solution for healthcare, a GDPR solution for doctors, a GDPR solution for mental health and physical health practices in the UK that recognises and addresses this.
The types of personal data used in all healthcare practices tend to fall into two levels with the GDPR. Basic personal information such as name, address, date of birth etc is fairly standard. Special category personal information that doctors have access to and regularly use is confidential medical information. Most of all, this information includes patients’ current medical status and their whole medical history, both physical and mental.
Often this highly sensitive personal data is transferred to other healthcare providers in order to provide the patient with the best way of making them better.
In fact, even internally, doctors’ notes (often on paper) need to be transferred from their office to the storage system often located behind the admin staff within the practice.
Safe storage of this personal data is also critical – how are the paper files kept safe at night? How often are sensitive documents kept in doctors’ desk drawers? Who has access to this data?
This sensitivity of data and the need to transfer coupled with the unique storage requirements means that under the GDPR it is crucial that ALL doctors surgeries MUST be able to demonstrate easily how they are meeting the requirements of the GDPR.
Our GDPR solution for healthcare enables doctors to easily demonstrate what personal data they hold, where and how it is stored and where they transfer it to. Finally, doctors can apply their lawful basis for using the personal information which is so critical to the smooth running of any doctor’s surgery.
This will make your GDPR life a lot, lot more relaxed.
GDPR for Healthcare offers you?
- A simple to use place to list all of your storage devices, computers, smartphones (Breachable Assets).
- The ability to document how you have made your patient and employee personal data safe.
- Assign levels of responsibility to all relevant staff members.
- A clear indication of where the weaknesses in your systems lie.
- Including up to date legal policies and procedures.
- Produce easily viewable evidence of the safety of your personal data.
The GDPR Ready Minimum Legal Documentation Healthcare providers will Require?
Included in the GDPR for Healthcare portal are the relevant policies and procedures documents. The GDPR documents are exclusively customised to your healthcare practice from within the GDPR healthcare solution portal. The documents are as easy to understand as possible and are combined into four comprehensive documents including the following;
- Data retention policy
- Consent Policy
- Data retention procedure
- Subject access request procedure
- Data destruction policy
- Breach management policy
- Breach management procedure
- Data destruction procedure
Who is GDPR for Healthcare for?
Any size healthcare practice regardless of whether you are a single person physio or a multi-million-pound healthcare practice. Up-to 20 assets for a small to medium sized healthcare practice.