Client-Server

Data Protection and Privacy

No patient data (the data or records created as a result of consultations or treatment) is actually stored at the clinic.

The bulk of patient data is managed and stored remotely by https://www.rushcliff.com/ who themselves outsource storage and data security to professional third-party hosting providers.

The remaining patient data (emails, texts, other forms of instant messaging) is also stored remotely by the third parties that provide this service (Apple, Google, Facebook etc.).

The above services are all accessed from the clinic location, using Apple devices. All security options (incluing strong passwords, rapid logout/timeout options and encryption) are used to ensure patient data is protected from the adverse consequences of device theft or loss.

Communication with patients by phone, email, sms or other means is only initiated by the clinic when permission is granted by the patient (normally during a consultation) and for the purpose of providing or continuing with osteopathic health care. This consent can be withdrawn at any time by emailing info@sunningdaleosteopaths.co.uk.

Financial records pertaining to card payments are handled in accordance and compliance with PCI-DSS standards. No card data used by the clinic to process a card payment is subsequently stored either locally at the clinic or remotely at other sites.