Privacy Policy

Clinic Terms & Conditions

Contract of Care

Accepting the clinic’s contract of care and understanding the clinic’s privacy policy are essential to us fulfilling our obligations to you and is a non-negotiable condition of receiving care at the clinic.

Please bookmark this page or print it out as a record of the agreement you have made with the clinic.

We aim to give everyone a prompt and efficient service, gaining results as quickly as possible. This service is only possible if you can keep to your treatment plan, ensuring we can get you better as fast as we can.

Your best outcome is dependent on maintaining your ideal treatment plan. If you need to reschedule an appointment, you must allow us 48 hours notice to organise to care for someone else in that time.
If you are unable to do so, you will be liable for the full cost as a late notice fee (on some occasions the clinic may waive this fee at the practitioner’s or clinic director’s discretion).

To ensure we can give everyone the best possible care, by making an appointment:

        

  •  You understand that in the event of not attending or having to cancel an appointment, you will be charged the full fee unless:

  • You give at least 48 hours notice of cancellation.     

  • You understand that the osteopath will ask fairly detailed questions regarding your health; past and present, to build up an accurate picture of the complaint you are suffering.

  • You understand that after this, the osteopath will need to carry out a physical examination and assessment which may, in some cases require the removal of some outer clothing. This will enable the osteopath to accurately determine the condition and cause.

  • You understand that you may be required to perform simple movements for the osteopath to properly assess and understand the condition.

  • You understand that once your condition has been properly assessed, the osteopath will need to perform a hands-on treatment to enable the condition to resolve or physically move your body into positions to assist you learning new body movements.

  • You understand and consent to these examination, assessment and treatment procedures.

  • You have understood the possible treatment reaction(s).

  • You understand your Name, Address, Telephone number and certain personal details will be held on record in whatever format Huddersfield Osteopath requires, and that Huddersfield Osteopath may use these details to contact you or for internal audit / research.

  • You understand that Huddersfield Osteopath will not give, sell or otherwise disclose any of this information to any third party without your prior consent.

  • You have fully understood and consent to the contract of care that Huddersfield Osteopath operates under and that booking an appointment confirms your consent or consent on behalf of a minor in your care.

  • You understand that you need to keep a record of this agreement as your record of accepting the contract of care.

Clinic Data Protection & Privacy Policy & Procedure

Appointed person with responsibility for data protection:        Henna Javed

Registered with the Information Commissioners Office

Clinic Data Protection Policy

Information Held

The following information is collected: Patient name, address, date of birth, email address, phone numbers, GP details, past medical history, family medical history and case history for treatment carried out at clinic. All information is given by the patient or their carer, parent or legal guardian.

Data Collection

Information collected is sufficient for the purpose of making informed clinical decisions.
Data is collected verbally on the phone by practitioners to book appointments and take contact details. Medical information is collected by osteopaths verbally at a face to face appointment.
Patient contact details and appointments are stored on the ‘cliniko’ practice management software. Patient clinical records are electronic.

Data Storage

Information is stored on ‘cliniko’ – A cloud-based software package who’s data storage servers are either in the EEA or countries that have PNR bilateral agreements with adequate protection for the personal data in question.

Data disposal (minimum 8 years, 25 years of age for children)

Records cannot be deleted before statutory requirements for data retention – 8 years or up to 25 years of age for children
Notes are archived after 1 year. They are then securely stored at the business premises.
Notes are destroyed by shredding/incineration after 8 years or 25 years of age for children.
Electronic records are deleted from the system after 8 years or 25 years of age for children

Consent

Patient data is also used for appointment reminder text messages, a newsletter and marketing which patients opt in to with a tick box on their first visit. We check patients still want to receive communications on a regular basis and all communication carries an option to unsubscribe.
We process your data using the lawful basis of consent for marketing, and fulfilment of contract and legitimate interest for processing your medical record and sending you health information and exercises relating to your condition. Your medical record is processed as Special Category Data under Article 9 2(h) of the GDPR.
Parents must give consent for communication with children under 16 years.

Data Sharing

Information is only shared with other persons with patient’s express permission. This would usually be with other health professionals. Patient information is never passed on to other practitioners, persons or companies.
Data would extremely rarely be shared without consent if there was a legal order or in cases of serious safety risks.

Data Checks

Every year we perform checks on 25% of our patient’s data records to make sure they are accurate.
And Every year we check all active patient data is correct.

Security

Access to paper records is restricted to only practitioners and admin staff who have signed a confidentiality agreement.
All electronic data is password protected and access to information is restricted. Systems are kept updated and antivirus security systems are in place and updated.
We recommend to users that their passwords are changed yearly.
Data breaches will be detected by observing signs of unauthorised entry to storage areas, monitoring communications or becoming aware of a security breach (e.g. a virus or unauthorised log on or change to permissions) on the computer system. Data breaches will be investigated and reported to the Information Commissioner’s Office within 72 hours by the appointed person.
Patients will be informed if we believe a data breach has occurred.
Patients may contact the Information Commissioner’s Office if they believe a data breach has occurred. Information Commissioner’s Office: 0303 123 1113

Subject Access Requests

All staff know that subject access requests must be responded to within a month and no charge can be made.
Data is only released on receipt of a signed request from patients or in exceptional circumstances. Any data sharing is detailed in the patient record.

Patient Rights

Patient’s and anyone we hold data about have some rights under GDPR: You can request to: see your data at any time, move your data to another practice, correct any inaccuracies, prevent marketing. You may request for details to be deleted but due to our legal obligation we cannot delete your health record but we can remove you from our contact list.

Complaints

Patients or staff may raise any complaints about data processing with our Data Controller who may be contacted at: huddersfieldosteopaths@gmail.com

You may also contact the Information Commissioner’s Office Directly on: 0303 123 1113

Name: Henna Javed

Position: Principal Osteopath & Owner
Practice: Huddersfield Osteopath

Date: 3/10/25
Review Date: 03/10/2029