Regulatory Bodies

As registered Dental Professionals we are governed by the General Dental Council http://www.gdc-uk.org/


Our practice is regularly inspected by external bodies to ensure that our standards meet or exceed those required. A link to our most recent, highly successful CQC inspection can be followed here.

 Data Security Policy

 

 

1. General

 

Keyworth Dental Practice takes seriously its obligations, both in law and against professional standards, to maintain a high standard of security around all data which it holds and processes, and particularly personal and special (health) data (as defined in the Data Protection Act 2018 and the General Data Protection Regulation (EU)).

All issues related to Information Security shall be reported to the information Security Officer without delay.

 

Mark Roberts is designated as the Information Security Officer for the Practice

 

2.Access to Personal Data – Digital

 

All employees and contractors with access to personal data held by the practice must adhere to the following requirements:

  1. A personal log-in and secure password (as approved by the practice) must be used on each occasion that digital data is accessed
  2. Under no circumstances shall the password be divulged to any other person nor shall it be written down or stored on any device
  3. Passwords must be changed annually
  4. No personal data shall be accessed or processed in any way other than for the purposes it was obtained as set out in the practice’s Privacy Statement
  5. All computers and other devices must be locked to a secure screen-saver mode when not in active use
  6. Computers and other devices shall not be used so as to permit any unauthorised viewing or processing of personal data
  7. No personal data shall be copied, downloaded or transmitted to any device or storage medium other than those authorised by the Information Security Officer
  8. No applications, programs or other functionality shall be downloaded or placed on any practice computer or device other than those authorised by the Information Security Officer
  9. Extreme care shall be taken when opening any file attachment originating outside the practice and in any case of doubt the Information Security Officer shall be advised before so doing
  10. No information about practice systems, log-in or other technical details may be provided to any person without the authority of the Information Security Officer
  11. No device or computer may be connected to the practice internet router or any server without the prior consent of the Information Security Officer

 

3.Environmental Security

 

All employees and contractors of the practice must adhere to the following requirements to ensure that the practice maintains security around personal data:

  1. All patient records, radiographs, correspondence and other items which can identify an individual person shall be kept in a secure location which is locked or suitably protected from unauthorised access as approved by the Information Security Officer
  2. The practice premises must be securely locked against unauthorised entry when closed and any alarms must be set and checked by those authorised to do so
  3. All desks and work surfaces shall be cleared of material which could identify an individual person when not in use including telephone and other notes
  4. Incoming telephone recording messages shall be cleared and deleted from the system once they have been actioned
  5. No material which can identify an individual person shall be left in such a position that it can be viewed by unauthorised people

 

4.Internet and External Security

 

The practice applies suitable security programs to all systems so as to prevent the introduction of malware or allow unauthorised access, including but not limited to firewalls and anti-virus software as approved by the Information Security Officer and/or the Technical Support Adviser.  All software, including the above, will be regularly updated as required.

 

 

 

Penetration testing of the computer, security and telephone systems may take place at intervals and may not be advised in advance to staff and contractors who should therefore maintain vigilance at all times

 

5.Data Back-up

 

All personal data will be backed-up on a daily basis using personnel, processes and devices as approved by the Information Security Officer.  Back-ups will be audited and confirmed as effective on a regular basis.

 

6.Off-site Data and Security

 

Where the information Security Officer has authorised that any personal or other data may be taken or transferred off-site (outside the practice location):

  1. All such authorisations shall be written and a record kept
  2. Authorised data and devices shall be used only for the purposes and period authorised
  3. The requirements in Clause 2 of this Policy will apply to all such instances
  4. Any loss or damage to devices or data must be immediately reported to the Information Security Officer and a Data Breach notification template prepared
  5. Devices and data must be secured and out of sight to unauthorised persons whilst in transit and shall be kept in a locked environment when not in use

 

7.Financial Data

 

When digital payments are taken from patients or other parties at the practice, all staff or contractors will:

  1. Ensure that the requirements of the EFTPOS (Electronic Funds Transfer – Point of Sale) device/s and systems supplier are followed at all times
  2. Ensure that PCI (Payment Card Industry) best practice guidance is followed
  3. Take all precautions against fraud or misuse of payment cards
  4. In particular ensure that no payment card details are written down

 

8.Internet and E-mail Use

 

All staff and contractors will follow the practice rules for use of the internet and e-mails and adhere in particular to any requirements or restrictions on:

  1. Personal internet browsing
  2. Sending or receiving personal e-mails
  3. The encryption of authorised practice e-mails containing patient or other personal data

 

9.Destruction of Data

 

Data shall only be destroyed with the explicit written consent of the Information Security Officer and using methodology which is secure and approved. Paper data such as notes, jotters which contain personal information will be shredded on the premises or using an authorised contractor.

 

Devices to be de-commissioned will have all data securely removed from them. It is acknowledged that routine formatting or factory re-setting will not suffice.

 

10.Other

 

All staff and contractors shall at all times take utmost care and diligence in protecting all data, including personal and health-related data, within the practice.

 

The practice undertakes to regularly train and update staff on the processing of data held, whether digital or otherwise in order to assure the competence of all users and maintain awareness of data protection and information security.

 

All and any concerns about the security of data held by the practice, however apparently slight, shall be brought at once to the attention of the Information Security Officer and it shall be the policy of the practice that any such information shall be positively and constructively received to encourage prompt and vigilant awareness of the importance.

 

Any breach of the terms of this policy may lead to disciplinary action against staff or contractors and repeated or serious breaches may be regarded as serious misconduct resulting in termination of employment or engagement.

Complaints 

 

In this practice we take complaints very seriously indeed and try to ensure that all our patients are pleased with their experience of our service.  When patients complain, they are dealt with courteously and promptly so that the matter is resolved as quickly as possible. 

 

We aim to acknowledge each complaint within 2 days in person or by telephone if possible.  We will provide a written response within 10 days of the first communication. If a written response is required, it should include a summary of the complaint, an explanation of events from the viewpoint of the practice, an apology where appropriate and details of what has been done to prevent a recurrence of the problem within the practice, if necessary.

 

Our aim is to react to complaints in the way in which we would want our complaint about a service to be handled.  We learn from every mistake that we make and we respond to customers’ concerns in a caring and sensitive way.

 

If patients are not satisfied with the result of our procedure then a complaint may be made to: 

 

 

  • Denplans Complaints Handling and Risk Management Department

                   Telephone: 0800 169 7220

 

 

As registered Dental Professionals we are governed by the General Dental Council http://www.gdc-uk.org/


Our practice is regularly inspected by external bodies to ensure that our standards meet or exceed those required. A link to our most recent, highly successful CQC inspection can be followed here.

Making an appointment:

Tel:0115 9375828

 

You can also use our contact form.

Address

Keyworth Dental Practice

 

18a The Square

Nottingham

NG12 5JT

Print Print | Sitemap
Updated January 2018. Created by J J Harvey