This week marks the first birthday of the introduction of GDPR, and whilst it’s safe to say many of us won’t be celebrating the landmark with cake and balloons, it’s more important than ever to stay up to date with the evolution of the regulation. Could you afford a fine for an accidental breach and have you done everything possible to ensure your clinic remains compliant for the year ahead?

The introduction of GDPR last year was a learning curve for the MSK industry. With so many patient records and sensitive personal information being held, it’s important you continue to protect both yourself and your patients from any potential breach. So, what have we learned in the last 12 months? Do you have a full grip with compliance requirements for data collection and processing? Have there been any fines in our industry? And the golden question, what will Brexit mean for GDPR?

Changes to GDPR

Over the next few blogs we’ll be providing some oversight of notable changes to GDPR since the initial rollout, notable fines in the industry and how you can best position yourself. The following changes released by the ICO may make a difference to the way you run your clinic:

• Children: Children over the age of 13 now have the same rights as adults under GDPR. This means a child can exercise their own right as long as they are competent to do so which means your privacy notice should be written in clear and plain language to accommodate this change.
• Consent: Consent is now deemed invalid if you have any doubts over the individual’s consent, you don’t have clear records to demonstrate that they have consented, there was no genuine free choice on opt-in, consent was a pre-condition of service or a consent request was vague or unclear.
• Unstructured paper records: GDPR does not cover information, which is not, or is not intended to be part of a “filing system”. To avoid falling short on this, practitioners should be looking to digitalise all patient records on a GDPR compliance practice management system.

Tune in to our next blog post where we’ll be covering changes to the Data Protection Impact Assessment (DPIA) and discussing how it affects the way you process sensitive data as well as answering the question of ‘what does Brexit mean for GDPR?’.

Improve your compliance with TM3

If you’d like to know more about how TM3 can help with GDPR compliance, get in touch with one of our experts to discuss the needs of your practice.