This dental practice is dedicated to ensuring the security of personal data held by the practice. This policy is distributed to all staff with access to personal data at the practice and will be provided to new staff during their induction. If any team member has concerns about the security of personal data within the practice, they should contact the practice manager. All team members must adhere to this policy.

CONFIDENTIALITY

All employment contracts include an obligation to comply with the practice’s confidentiality policy. Access to personal data is restricted to a ‘need to know’ basis only. Access to information is monitored, and security breaches will be promptly addressed by the practice manager. We have procedures in place to regularly review, update, and securely delete personal data when it is no longer needed. For instance, patient records are retained for a minimum of 10 years or until the patient reaches the age of 25 – whichever is longer.

PHYSICAL SECURITY MEASURES

Personal data is only taken from the practice premises in exceptional circumstances and with authorization from the practice manager. If personal data is removed from the premises, it must never be left unattended in a car or public place. Measures have been implemented to safeguard the practice against theft, such as intruder alarms, lockable windows and doors. The practice has a business continuity plan in place in case of a disaster, including procedures to protect and restore personal data.

INFORMATION STORED ON COMPUTER

Appropriate software controls are utilized to protect computerized records, including the use of passwords and encryption. Passwords are only known to those who require access, are regularly changed, and are not written down or kept near the computer. Computerized data is backed up daily and stored off-site in an encrypted format during transit and rest. Staff using practice computers undergo computer training to prevent unintentional deletion or corruption of information. Dental computer systems have a full audit trail feature to prevent data erasure or overwriting, recording details of any amendments made, along with the responsible party and timestamp. Precautions are taken to prevent data loss through the introduction of computer viruses. Data stored on cloud computing facilities is subject to a rigorous service level agreement with our cloud provider to ensure compliance with this policy and secure information.

LOSS OF PATIENT INFORMATION

Any loss, damage to, or unauthorized disclosure of patient information must be promptly reported to the Practice Manager.

Date: 20-08-2019 Review Date: August 2020