Data Protection Policy

For a downloadable version of this policy. Please click here.

• This practice will ensure data is kept secured from unauthorised
• There is no discussion of confidential, person identifiable information with, or disclosure to, a third party without explicit agreement of the Registered Manager.
• Transfer of data between cooperating service providers is timely for patient care purposes, sufficient for service provision, restricted to relevant material, and safely transferred.
• Office is compliant with the General Dental Council's publication, 'Standards of the Dental Team (2013)' and 'Principles of Confidentiality'. All team members are trained to know and follow these
• There is advice on assessing a Patients mental capacity in the Mental Capacity Act 2005 - Codes of Practice.
• The team is aware of their responsibilities regarding confidential data and will sign a written statement (contained in their contract of employment) about their responsibilities to maintain data protection at all
• Information Governance Lead (may also be known as a Caldicott Guardian) will manage, audit and record observation of current practices and procedures when dealing with confidential

1.    Procedure

• Treat information about patients as confidential and only use it for the purposes for which it is
• Prevent information from being accidentally revealed and prevent unauthorised access by keeping information secure at all times.
• In exceptional circumstances, it may be justified to make confidential Patient information known without consent if it is in the public interest, for example if requested by police.
• Any breach of confidence will be reported to the relevant professional bodies to be investigated.
• Limited Reasons for disclosure are:

• With the written agreement of the Patient, for insurance purposes or when involved in a complaint
• On referral to another Provider
• In the wider Public Interest, involving serious risk to the public or serious crime
• By Court Order, but only the minimum required to comply

• No records will be left, or used in a manner, where other Patients or visitors can access or read them.
• Suitable arrangements will be consistently in place for the safe destruction of confidential data.
• Information must remain confidential, detailed below are some specific examples of when NOT to disclose:
  • Request from a school about the attendance of a child
  • Request from a parent (unless sure of being Legal Guardian) about the attendance of a child
  • Request from a solicitor for information, or someone acting on behalf of a third party
  • Request from a family member, even a spouse, about the attendance of a Patient, or to discuss treatment

The following procedures must be followed to ensure a confidential and secure environment is maintained:

• There is a safe and private place for confidential discussions with a Patient
• Telephone conversations with, or about, a Patient cannot be overheard in the public areas
• All computers are password protected, and staff must `log out` when not sitting at a computer
• No unencrypted portable device is used to transfer or store data
• All postal contacts with Patients are in a plain sealed envelope

Patients have a right of access to their records. When requested copies must be produced within 40 days of receipt of a written request. A fee for this service may be charged, in line with Data Protection advice.