Purpose for processing data

Physiotherapists have a professional and legal obligation to keep an accurate record of their interaction with patients.

All record keeping is governed by the Data Protection Act 2018. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Being able to make and maintain records is a requirement of the Health and Care Professions Council (HCPC) registration and Chartered Society of Physiotherapy (CSP) membership

How we get the personal information and why we have it

We are legally bound by the guidelines of the CSP and collect the following data from you to provide physiotherapy/healthcare services:

• Personal contact data – name, address, email, phone
• Sensitive personal data – such as medical details including past medical history
• Photography – on some occasions we may wish to photograph/video you with your permission to enhance your treatment

Most of the personal information we process is provided to us directly by you but we may also receive personal information indirectly.

We collect this information to ensure we are carrying out safe, risk-assessed treatment

We act as data controllers in common with the organisations below when we work in conjunction with them to treat you medically:

  1. Your nominated Insurance company
  2. NHS eg GP, Consultant or other therapist or medical practitioner
  3. Other nominated health professionals

When we use this information when contacting other health professionals, we will always ask your permission before doing this. When information is passed on via email, this will be in a password-protected encrypted email

Please note that we may, in some cases, need to disclose details provided by you to police/other enforcement agencies to assist with investigations when required to do so, by law.

How we store your personal information 

Your information is securely stored on a password-protected laptop. Written information will be stored within a password protected file. 

When you fill out any paperwork, it will be scanned and added to the password protected file before it is then shredded.

Retention Policy

Initially therapy records will be retained for eight years from the last treatment date for adults and up to the age of 25 years old for children (under 18) in order to meet professional healthcare record management guidance as set out by the Chartered Society of Physiotherapy. However we will keep medical records indefinitely unless you ask us to destroy them, in which case, they will be destroyed immediately. Please contact us in writing/email to do so.

Your data protection rights

Your rights under GDPR

• The right to be informed

• The right of access

• The right to rectification

• The right to erasure

• The right to restrict processing

• The right to data portability

• The right to object

If you have any questions about the protection of your data, please e-mail with the email address you have been given

We will make every effort to respond to any query in a satisfactory way.

If you are not satisfied within 30 days, you have the right to complain to the Information Commissioners Office (ICO)
ICO Wycliffe House, Water Lane, Wilmslow, SK9 5AF Telephone +44 (0) 303 123 1113 or email: https://ico.org.uk/global/contact-us/email/