Data Protection Policy

What kind of information do I hold and why?

1. I keep hand-written notes of everything divulged to me in a Herbal Medicine Consultation. Herbal prescriptions are also recorded here and there may be copies of relevant emails or medical investigations (E.g. blood test results), or letters to or from other professionals or officials.                                                                                                           

Reason: I use detailed patient notes in order to help assess, diagnose, create a treatment plan, prescribe, advise and monitor progress.  I may have copies of letters to or from the patients’ Doctor or other healthcare practitioner in which I have liaised with them in order to provide safe and effective treatment.  In some cases, I have written letters for a court case at the patients’ request.  Other times I have written a list of ingredients of herbal medicines for customs officials at the patients’ request.  These are stored to refer back to if deemed necessary.

2. Stock sold to a patient, client or customer in the course of providing the service (E.g. medicine, cosmetic ingredients or live plants) is recorded on a digital stock management system. The person’s name and contact details would be on the digital order form and hand-written invoice or receipt.                                                   

Reason: Contact details of someone who has bought stock is recorded on a digital stock management system in order to have full traceability of batches in case of a problem.  In the case of providing medicine to a patient, this is required by law. Invoices/receipts are kept for accounting purposes.

3. I may collect email addresses, postal addresses or phone numbers to contact anyone who is interested in the work I do, for example to send medicine or products in the post.

Reason:  I may collect email addresses for marketing purposes with the express permission of the recipient.  This will be to inform them of any new blog posts, services or offers.  Or I may keep email addresses in order to correspond with someone who has contacted me.  Postal addresses are needed to send medicine or products, or to go there for a Home Visit if they cannot come to my Herbal Clinic.  Phone numbers are kept in order to correspond with patients, clients or customers.

4. I hold contact details for suppliers.                                                          

Reason:  Contact details are kept for suppliers so I can order products or services from them.

Do I share this data with anyone?

I may have an assistant who has access to patient notes in order to help me dispense and pack or post medicine, make up cosmetic formulas or enter the stock used onto the stock management system.  They would only be looking at the relevant information for those tasks and not be reading the rest of the notes.  They would have signed a non-disclosure agreement before beginning the work. An assistant may also have access to contact details in order to pack and post items to customers.

Confidentiality

As a member of the National Institute of Medical Herbalists (NIMH), I comply with a strict Code of Ethics.  This includes complete confidentiality with anything that a patient divulges to me.  If yours is a particularly complicated or unusual case and I feel it necessary to seek advice, your identity will remain anonymous.  The only time I would ever break confidentiality is if I feel that you would be in danger of causing serious harm to yourself or another person. This would only be as a last resort if I was in real fear for someone’s safety. 

How long do I keep patient and client records?

I will securely store your case notes for 7 years after the date of your last consultation, or 7 years after the date of the 18th birthday in the case of a minor, to comply with the terms of my insurance policy. 

How do I keep your data secure?

I keep patient and client notes in a locked filing cabinet in my office/consultation room in my home.  Emails from patients or clients are kept in a separate folder. The email account and computer are both password protected.  No-one else but me has access to my email account.

What rights do patients, clients or customers have regarding the data I hold?

You have a right to be informed of and to request copies of the information I have about you free of charge (for large volumes of notes you may be required to cover printing costs).  You have a right to request that I delete information about you.  Unfortunately, I will not be able to destroy patient or client records until 7 years after the date of your last consultation, or 7 years after the date of the 18th birthday in the case of a minor, to comply with the terms of my insurance policy.