Data Protection Code of Practice for Patients

  • See also: Data Protection Code of Practice for Staff/Confidentiality Policy/ 1998 Data Protection act
  • This policy is available to our patients in the waiting rooms
  • Its aim is to allow patients to be confident that the information that we hold about them is secure and used appropriately

What personal data do we hold?

  • Medical / dental condition, personal details, NI number/ address/ telephone
  • Radiographs/ clinical photographs/ study models/ consent
  • Info re treatment and costs/ notes of conversations/ correspondence with other healthcare professionals

How we process the data

  • Retaining records: for 11 yrs or until age of 25 (whichever is longer)
  • Security of information : computer and manual filing systems: not accessible to public and only authorized staff have access
  • Disclosure of information: may need to disclose personal information to others
    • GMP/hospital services/ other health professionals
    • NHS payments authorities/ Benefits Agency if claiming exemption from NHS charges
    • Inland Revenue/Law or court order
    • If any other situations : specific consent will be obtained


  • Patients have a right of access: need a request in writing
  • Fee may be payable £10 for computer records or £50 for manual records
  • Copy of record will be provided within 40 days of request/ fee, together with an explanation of the record if required

Photography/video images and testimonials

  • Photographs of before and after treatment are usually obtained so that treatment outcomes can be monitored: there is a specific section on the treatment consent forms that covers this
  • If we wish to use any video/ photographic images or testimonials on the practice website or for other professional/ promotional  reasons  your specific consent will be obtained