This dental practice holds and maintains information about the business and its patients that is necessary for the efficient running of the practice and the effective provision of dental care. This policy describes the information that must be retained, how it must be stored, archived and disposed of to ensure that the practice complies with the requirements of the Data Protection Act.
The practice Confidentiality policy describes the need for all members of the dental team to keep patient information confidential and practice procedures for handling information about patients. It must be followed at all times. The arrangements for keeping information safe are described in the practice Data security policy, which includes the measures for physical and electronic security.
The practice Data protection code of practice helps patients understand how the practice uses and protects their personal information.
Information about the business and its patients is kept for no longer than required.
All members of the team must protect information held by the practice and store it securely. Information is only accessed on a need-to-know basis: where it is necessary to carry out required tasks; in the delivery of care to patients; or upon the direct instruction of a senior person within the practice.
For records held electronically, access is password protected and restricted to those who, as part of their work duties, require the information. Electronic records are regularly backed-up to cloud storage
Financial information and personnel records are stored securely in the practice managers office.
Where records need to be retained but are no longer required on a day-to-day basis, they are archived. Records will be stored in a way that ensures easy identification and retrieval. The final decision on archiving information is taken by Niamh Egan
Electronic records that need to be retained but are not required on a day-to-day basis are, in the first instance, archived within the IT system. Where electronic storage space is at or near capacity, archived electronic data will be copied onto a suitable electronic format with copies stored securely at the practice premises and off-site.
The practice is assessing systems for reviewing archived information that is no longer required.
Records that are no longer required are disposed of securely by shredding. The services of a professional contractor will be used where necessary; a certificate of confidential destruction is obtained and retained by the practice as evidence of DPA compliance.
Patient study models are disposed of as soon as they are no longer required, and at the latest at the same time as the records associated with the patient are disposed of.
Records held electronically and backups of electronic information are disposed of using the secure deletion option on the practice computer system.
The final decision on disposing of records will be taken by Rob Jukes
Date: 18th January 2018
Review date: January 2019