Information We Hold
We hold clinical information related to the care of patients undertaken by The Footpod podiatry/ chiropody employees and employee information.
The patient data held by The Footpod consists of:
- Name
- Date of birth
- Address
- Telephone number
- GP name
- GP address
- GP telephone number
- Insurance company information
- Prescriptions
- Investigation reports
- Correspondence letters
- Invoicing information
Retaining Information
Written and electronic clinical records related to adults are kept for 8 years after the date of last treatment. Written and electronic clinical records for minors are kept until the individual is 25 years of age or eight years after death, if sooner. These are the same retention periods as set out by the NHS. After the storage period has expired written records are shredded and appropriately disposed of. Electronic records are deleted.
Patients under the care of The Footpod
Records fall in to two categories. Historical records, in written form, are kept in a locked filing cabinet in a locked room and current patient records which are stored electronically on Podware.
Since December 2018, all new patient records have been kept in electronic format. Any paper documents related to a patient are scanned and kept electronically. Any follow up patients seen after December 2017 with historical records in written form have their written records scanned and transferred in to an electronic form. All paper copies of scanned records are securely shredded.
The Footpod Clinic have a data protection agreement in place with Podware which meets GDPR.
Patient consent to store their data electronically on Podware at initial appointment and can revoke their consent at any point when all information can be deleted. Patients can request to see the information held at any point and this can easily be exported and downloaded in an easy to read format.
Poware team has the minimal required level of access to customer information in order to maintain their systems and assist clients appropriately. Podware data is backed up daily. Redundant backups and records are deleted.
The Footpod Clinic consents patients at initial appointment to use Podware to contact patients to remind them of upcoming appointments or information about their treatment. Patients choose to be contacted by SMS and or email and can opt out of this form of communication at any point.
The Footpod Clinic signs patients up to receive marketing information by consent at appointment. Patients can request to be removed from the marketing list at any point.
Credit card payments
PCI DSS assessment compliance has been completed and certificated. Patient information and card numbers are not written down, recorded or communicated.
Communication with Outside Organisations
Currently, communications are via email or letter. Patient data is only shared if required as part of the on going care of the patient. This is usually to other clinical organisations.
If other third parties request information related to the care of a specific patient then permission is sought from the patient before this data is shared. The fot pod does not share any patient related information with any other third party organisations unless requested by the patient.
If information passed on to other organisations by The Footpod is inaccurate then The footpod will inform the other organisation and the patient as soon as the error is identified.
Keeping Our Patients Informed
This data protection policy outlines what data we store, how it is stored, how long it is stored for and how to complain if the individual feels that their data has been managed incorrectly. We have copies of our data protection policy and procedures available online and on request.
Whenever written correspondence is produced related to clinical care of a patient, the patient is copied in to the communication. For children (Under 18 years of age), all correspondence will be sent to their parents. If the child wishes to have a copy of the correspondence themselves then this will be forwarded to them separately.
Patients are also entitled to access their records at any time. If there is an error in their records or they object to the content of their records they are entitled to request that the records are modified or corrected. They are also entitled to ask that their records are erased. They may also limit the way that communications are made, for example, if the patient does not wish a letter to be sent to their GP. All such requests will be respected without charge to the patient. Requests will be dealt with promptly and within a maximum of 1 month.
We keep patient data for the purposes of informing their treatment. We share their medical information with other health care professional. Only key information for contacting and identifying patients is shared with the hospital and clinic sites we use.
Data Breach Procedure
If there is a data breach then the affected patients will be informed. The breach will be investigated and discussed with the data storage or the email server company and the breach will be rectified as soon as possible. The ICO will be informed of any data breach if it results in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.
Responsibility for Data Protection
According to the ICO, due to the size and function of our organisation it isn’t necessary for The footpod to have a nominated data protection officer. However, each member of our team is fully briefed on our data protection policy and procedures and takes responsibility for protecting the data they handle.
If you have any queries about our data protection policy please contact us via email
or post:
The Footpod Clinic. 2A wrightington st, Wigan, WN1 2AZ
We will endeavour to respond to your request promptly.