This document outlines our data protection policy, terms and conditions of care.
- This version is 1.1 dated 11thJune 2018
- Policy prepared by Rachel Scott (Data Protection Officer)
Why this policy exists
This data protection policy ensures EIABC, Ltd:
- Complies with data protection law and follow good practice
- Protects the rights of staff, customers and partners
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
Data protection law
The UK Data Protection Legislation is underpinned by eight important principles.
These say that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Not be held for any longer than necessary
- Processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection
This policy applies to:
- The offices of EIABC Ltd t/a Pain and Posture Wellness Centre (PPWC)
- All staff and volunteers of EIABC Ltd
- All contractors, suppliers and other people working on behalf of EIABC Ltd
It applies to all data that the company holds relating to identifiable individuals. This can include:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- …plus, any other information relating to individuals
Data protection risks
This policy helps to protect EIABC Ltd, its clients, and contractors, from some very real data security risks, including:
- Breaches of confidentiality. For instance, information being given out inappropriately.
- Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
- Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.
General staff guidelines
- The only people able to access data covered by this policy should be those who need it for their work.
- Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
- EIABC Ltd will provide training to all employees to help them understand their responsibilities when handling data.
- Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
- In particular, strongpasswords must be used, and they should never be shared.
- Personal data should not be disclosed to unauthorised people, either within the company or externally.
- Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
- Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.
We acquire data regarding clients, prospects and 3rd party data sources from:
- Onboarding a new client
- Updating existing client details
- Form completions on our website.
- Inbound emails
- Business cards
- Supplier invoices
- Word of mouth
- By creating backups
- By Health Questionnaires
- Individuals may be part of an image we have used for our website or in office
Data Storage Details
For each client we:
- setup a new record on our Clinic Management System (PracticeHub)
- add the client details into Office 365 for tracking appointment purposes
- create a paper client file.
- create a paper accounting record.
- Use PracticeHub & Gmail to send treatment appropriate emails (non- marketing)
- create a new file stored in Dropbox for Patient Photographs
- Email using Google Suite
- Receive Client health questionnaires & Office Policy documents via PracticeHub
We use Kashflow for our accounting. Kashflow is a cloud-based service. No accounting information is stored on local devices.
This data is stored on our company email servers which utilise Office 365 and Gmail. These emails are synchronised across devices, office computers, tablets owned by the business, and iPhones owned by the business.
We physically keep the cards in our filing cabinet
All incoming invoices, whether paper or electronic, are printed and stored in a secure filing cabinet at our office premises. We need to keep a hard copy for our end of year accounts. The filing cabinet is locked outside business hours.
Word of Mouth
Any information noted down from word of mouth is entered into the appropriate system.
All our DATA is stored in the cloud and as such there is no local physical backup
These are saved to the client’s file in Cliniko via Cliniqapps.
We hold client information in one spreadsheet to manage appointment tracking. This spreadsheet is password protected.
All the photographs we take during your care are stored in Dropbox.
For clinical purposes they may be shared among colleagues to improve your care here.
How We Secure Our Data
All computers, tablets and iPhones in the business have strong passwords, fingerprint recognition, or 6-digit PINs.
All paper storage is contained in filing cabinets that are locked when no one is in the office.
All passwords we use are a minimum of 9 characters and alpha numeric.
All company working data is stored in the Following: -
Dropbox – Password protected
Google Suite- Password protected
Office 365- Password Protected
PracticeHub – Password protected (individual passwords)
Kashflow – Password protected
All our Data is stored in the Cloud so no need for a local physical Back Up procedure
Customer and Supplier Accounting Information
We use Kashflow in the cloud for our accounting. Kashflow is password protected. We also use Cliniko in the cloud for invoicing patients, this is Password protected.
Emails, including form fills from our website, come into our Gmail account and are stored in Gmail. All accounts are password protected as are the computers running the email client. We store long term information in Gmail folders. We run Google Suite to ensure our office software is up to date and secure. This is a cloud service, so all emails are synchronised with the Google Suite servers.
Our software platforms
How we use your data
We store data to ensure our business can perform it services for its clients. These guidelines should always be followed when handling personal data:
- When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
- Personal data should not be shared informally. There may be times when it is necessary to communicate effectively with other experts in order toprovide the best care.
- Data must be encrypted before being transferred electronically.
- Personal data should never be transferred outside of the European Economic Area without a DPA (Data Protection Agreement) in place.
Stripe Payment System
Stripe stores the patient's card details. Stripe encrypts all payment information. No details are stored in PracticeHub and the patient's card details are not accessible in any way. When we attempt to charge a patient, PracticeHub pulls this information from Stripe. The patient can request for their payment details to be deleted at any time.
We will report any unlawful data breach of information we are holding to all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. We will provide the following information:
- What kind of data was stolen
- How many individuals this affected
- How many data records were compromised
- How we were alerted to the breach
- Who was responsible for the breach
Administering Subject Access Request (SAR)
Upon receipt of a SAR request from anyone whom which we store data about, we will respond with confirmation of the data we hold, send them a copy of that data, and inform them on how we have used that data. We will do this within 1 month of the request. We will not make any charge for this service.
Right to Data Portability
Beyond a traditional S.A.R, you have the right to access your data and have it provided in a way that makes it easier for a computer to read, such as via a spreadsheet. You can also request for your data to be transferred directly to another system for free.
Right to Erasure
Because we are a healthcare company we cannot erase any records pertaining to treatment for a period of 8 years.
Privacy by default
The strictest privacy settings automatically apply to any new patient. Personal information is only kept for time necessary. In our case this period is 8 years once treatment has occurred.
The data controller is EIABC Ltd, a UK Private Limited Company with company number: SC439759
Whose registered office is: 50 Grahams Road
And whose operating office is: The Clinic you attended first
Data Protection Officer: Rachel Scott
Director, EIABC Ltd : Richard Phelps
The following outlines our terms and conditions of care
Thank you for choosing our wellness centre. It is our experience that proper communication promotes a relaxed atmosphere, which in turn promotes healing. Please read and understand the following, and then tick the box.
Our Purpose in Practice
The care in our office is unique and distinct in healthcare, and we emphasise the inherent recuperative power of your body to heal itself, without the use of drugs or surgery. We focus on the relationship between structure (primarily the skeleton and posture) and function (which is controlled by the nervous system), and how that relationship affects the preservation and restoration of your health. Nutrition, exercise, and supporting the body while sitting, sleeping and standing all play a part in the care you receive in this office and help to ensure maximum benefit. As such the practitioner will discuss some or all these things. We recognise the value and responsibility of working in co-operation with other health-care practitioners when it is in the best interest of the patient and may discuss referral options if needed.
Type of Care
Although the practitioners working in Pain & Posture Wellness Centre may hold differing certifications (Chiropractic, Osteomyolgy, Physiotherapy, etc), all practitioners practice in accordance with the Advanced Biostructural Correction™ (ABC™) protocol. The focus of ABC™ is on the things that have gone out of place or ‘stuck’ in a way that the body cannot correct it on its own. It needs some type of outside assistance. The two main concerns addressed in this office are the meninges (protective coverings around the brain and spinal cord) and bones throughout the body that have gone out of position in such a way that there exist no muscles to retrieve them. As these things are corrected, the body will undergo a series of changes known as ‘Unwinding.’ In this Unwinding process, it is important that you understand that throughout it, your body will be improving mechanically. This is especially important as your body unlocks old injuries and must revisit them in order to get them corrected. At that point, you might temporarily feel more symptoms which will improve as care continues.
Your primary practitioner has his/her own specific practice hours. If you are unable to stick to a care plan schedule that works within those hours, please feel free to see another practitioner in our centre in lieu of or in addition to your regular practitioner. Since all are doing ABC™ the continuity of care will be maintained. Our general business hours are from 9-12:30, and 2:30-6:30 Monday to Friday, and 9-12 Saturday.
The first 3 visits
Visit 1: You will undergo a consultation and examination. (This takes approximately 1 hour.) The main objectives here are:
- To rule out any pathology that is outside our scope of care, and to refer where appropriate
- To make sure that your body will be able to handle the treatments we provide
- To get a baseline of your body’s condition
- To establish what is underlying your current condition
Visit 2: You will discuss what was uncovered in the last visit with a report of findings. You will experience the first full treatment (if applicable) (This takes approximately 30 minutes).
Visit 3: You will receive the second full treatment and discuss your goals and objectives and the appropriate care pan to meet those goals (This takes approximately 30 minutes).
Beyond the first 3 visits
Once the primary workup has been completed, each visit will take between 5-10 minutes on average. There are occasions where more time is required, and as appropriate, that will be scheduled in (e.g. longer visits to make sure you are on the right track to your goals).
The practitioner has recommended a specific course of care for you, designed to produce the most specific, predictable change possible. Each adjustment in the process is critical in attaining your health goals. Your appointments will be mapped in advance as far as possible to save time on each visit. If you need to change an appointment, please give as much notice as possible (24 hours’ notice is ideal). All missed appointments need to be made up as soon as possible to maintain the corrective process. Any missed appointments, without prior notification may be charged at the normal adjustment fee.
Research and Development
We believe very strongly in furthering our standards of care and developing body work methods through research. In our office, we do participate in research activities and may include data from your case in our trials. All data is used anonymously and in compliance with the Data Protection Act 1998. Should you wish your data be excluded from this anonymous research, please advise us.
Ongoing Education and Holidays
Periodically, our team attends seminars and conferences to further their experience and education, and your practitioner may also on occasion take a holiday. In such cases, we will find the best locum practitioners available to care for you during those times. Likewise, if you are heading away on a holiday, please let us know as soon as possible (two or more weeks in advance preferably) so we can adjust your schedule of care accordingly. Also, we may be able to recommend a practitioner to continue with your care at your holiday location.
This is a referral-based practice. Our practice members refer others to us for care as they value the improvements in their health while under care. We are grateful for the trust placed in us when a referral is made, and we will always do our best to make your referral welcome. We work hard with them to help them achieve their health goals. If there is someone you know whom you would like to invite to our practice, please let us know.
In order to provide you with the best quality of care at the most affordable price, we encourage patients to take advantage of our care packages. However, if you or your practitioner decides to halt care for whatever reason, you will qualify for a refund of the unused portion of your fees.
Your refund amount is based on the number of adjustments you received, calculated at our regular adjustment fee, which is subtracted from the original care package fee less a £20 processing fee. This is the difference that is then refunded to you. This process can take up to 14 days and a written request is required from you. All care packages are valid for use by you, or refund, for a period of 18 months from the date of purchase. After this time remaining adjustment credit will lapse and be non-refundable, except with prior written agreement.
PPWC will not be liable in contract, tort, or otherwise for any economic loss (including, without limitation, loss of profit), or for any other special, indirect or consequential loss or damage arising out of, or in connection with, its provision of any goods and/or services to the practice member.
It is the practice member’s responsibility to ensure that they provide PPWC with up to date health details prior to each treatment. PPWC will not be liable for any damage that occurs as a result of the practice member’s failure to disclose such details.
The practice member agrees to comply with all instructions and/or recommendations given to them by their practitioner regarding their responsibilities towards self-care. (One of the largest results of not following the recommendations is that the practice member will be more symptomatic in going through the forward phase of the Unwinding process.)
Nothing in these terms of business shall exclude or limit the liability of PPWC for death or any personal injury resulting from the practitioner’s negligence.
We pride ourselves on our high-quality service. If you’re not satisfied, we’re not satisfied. Any time you wish to highlight an area in which we can improve our service, please let us know as we welcome your comments. We aim to provide as high a standard of care as possible.
We would hope that with good communication and professional care you would not have cause to complain. If you do, our complaints procedure provides for four possible stages as follows:
- Please initially raise your complaint with the practitioner that is caring for you. Many formal complaints made against practitioners stem from misunderstandings or inadequate communication. We would wish to avoid this, and we stress that we take complaints very seriously. Please raise the complaint when it arises and do not let days or weeks pass by. Hopefully we will be able to address your concerns. We will document your complaint and provide you with a letter stating the outcome and, if the complaint is substantiated, an apology and what steps we propose to take to remedy the situation (e.g. we can consider waiving fees or an ex gratia payment).
- If you are not satisfied with the outcome of your complaint to your practitioner, or if you feel it would be inappropriate to complain to him/her directly due to the nature of the complaint, we would ask that you set this out in writing to us and address the complaint to the Managing Director at 50 Grahams Road, Falkirk, FK1 1HN, or please call 07853119936. The Managing Director will initially investigate your complaint, meet with your practitioner and you, if you wish, and work on resolving the issue(s). This will be documented.
- If your practitioner is registered as a chiropractor and you are still dissatisfied, we have a complaints procedure as part of our membership of the United Chiropractic Association. Please contact “The Manager” at firstname.lastname@example.org– Tel: 01752658785, Fax: 01752658786. Their role is to investigate, and if the complaint is upheld, to propose a remedy. They have a limited role in proposing a remedy that can include ex gratia payment, reduction or waiving of fees or other proposals for remedying your complaint. By our membership of the UCA we agree to be bound by their recommendations in relation to your complaint.
- The final step will vary depending on the association your practitioner is registered with. For Chiropractors send the complaint to the General Chiropractic Council, Tel: 02077135155. For Osteomyologists send the complaint to the Association of Osteomyologyists, Tel: 02085041462. This is a very serious step. These are our regulatory bodies. Part of their function is to investigate allegations of unacceptable professional conduct. They will discern whether it is necessary to take disciplinary proceedings against a practitioner. In that case formal proceedings will be conducted in a similar setting to a court of law, which may or may not require you to be in London for the proceedings. The Professional Conduct Committee of the GCC will hear evidence on oath before making a finding and deciding on the correct disposal of the complaint. They do not have the power to award any compensation.
Remember that your health can deteriorate over years and years. Therefore, correction and healing take time. However, if you are not satisfied with your body’s response to care, please make an appointment to discuss this with your practitioner – we want you to get the most from your ABC™ care.