Privacy Policy - Version 4/2018 Review Date 09/2019

Smith & Varley Opticians
Browetts Opticians
Privacy Policy

This Policy describes the data that we hold about patients, how we hold it, how we
protect it, how we use and process it (including what patients need to be provided
with) and how we transfer it (if necessary).

There are certain legislative requirements for every organisation to hold information.
Information about this is provided below.

The Practice complies with the eight data protection principles under the Data
Protection Act 1998 and GDPR 2018 in its processing of personal data in that such
data is:

* Fairly and lawfully processed
* Processed for limited purposes
* Adequate, relevant and not excessive
* Accurate and up to date
* Not kept for longer than is necessary
* Processed in line with patients rights
* Secure
* Not transferred to other countries without adequate protection

The Practice is registered with the Information Commissioner.
* Registration Number Z113108X
* Security Number 10707673

The Practice has an up to date Freedom of Information Act statement and this is
available to patients.

A Practice Policy notice on handling patient data is available to patients.

Clive Beech is responsible for procedures relating to confidentiality and data
management.

Patient consent to hold Data
All patients are required to sign a GDPR consent form, which explains, briefly, the
data we hold and how we use it. In the case of a child, a parent or guardian should
sign on their behalf. This form is to be kept in the patients record.

What information we hold and how we hold it
Patient records are held in three formats.

* Written paper records for contact lens fittings, aftercares, visual fields and
other correspondence
* Printed copies of electronic records of eye examinations and spectacle
dispensing
* Electronic records of eye examinations and spectacle dispensing
* Recall dates and letters are managed electronically within the Practice
Management Software (PMS)

How we protect this information
* All practice staff have a confidentiality clause written into their contracts
* All personal information contained on practice records, whether paper or
electronic, is considered confidential
* No personal information is discussed with anyone other than the patient or
their legal guardian (except where Gillick competency applies) without the
patients permission
* Care is taken that records are not seen by other people in the practice
* All staff are aware of the importance of ensuring and maintaining the
confidentiality of patients’ personal data and that such data must be processed
and stored in a secure manner
* All electronic data is protected by double back up onto separate, encrypted
memory sticks
* When computers are replaced, old unit hard drives are securely destroyed
* Records are retained for periods as agreed by the optical bodies (appendix 1)
* Confidential paper information requiring disposal is securely shredded
* We have an IT security policy regarding specific access to electronic
information (appendix 2)
* If the need arises to transfer information we have procedures in place that
include consent and secure transfer
* Any suspected breaches of security or loss of information are reported
immediately to and are dealt with appropriately by Clive Beech
* Paper records are kept secure and away from access by the public

How we use and process the information we hold
To discharge our legal and contractual duties:

* Patients are given a copy of their spectacle prescription immediately following
their sight test
* If a patient is referred, they are given a written statement that they are being
referred, with a reason and a copy of the referral letter
* Patients are given a copy of their contact lens specification on completion of
the fitting process
* Where a patient has diabetes or glaucoma, the GP is informed of the result of
the sight test
* Information may also be passed to appropriate organisations where we are
legally required to do so
* Staff assisting in the provision of GOS are appropriately trained, and
supervised for the tasks that they undertake
* Patient records may be transferred to another appropriate organisation should
the business be sold or passed on for any reason. This transfer will only be
made to an organisation that has the same Privacy Policy.

We may also use information we hold about patients to remind them when they are
due for check ups and we may send eye care and eyewear information.

How we transfer personal data
We always transfer personal information (data) in a secure manner.
We seek permission before transferring personal information except in some cases
where it is to another healthcare professional responsible for patient care and who
needs that information to assist in providing patient care or where we are legally not
required to do so.