No patient data (the data or records created as a result of consultations or treatment) is actually stored at the clinic.
The remaining patient data (emails, texts, other forms of instant messaging) are also stored remotely by the third parties that provide this service (Apple, Google, Facebook etc.).
The above services are all accessed from the clinic location, using Apple devices. All security options (including strong passwords, rapid logout/timeout options and encryption) are used to ensure patient data is protected from the adverse consequences of device theft or loss.
Communication with patients by phone, email, sms or other means is only initiated by the clinic when permission is granted by the patient (normally during a consultation) and for the purpose of providing or continuing with osteopathic health care. This consent can be withdrawn at any time by emailing email@example.com.
Financial records pertaining to card payments are handled in accordance and compliance with PCI-DSS standards. No card data used by the clinic to process a card payment is subsequently stored either locally at the clinic or remotely at other sites.