Information Governance - all about confidentiality

Your information is regarded as highly confidential.
The company is registered with the ICO Information Commissioner's Officer (https://ico.org.uk) and pays yearly subscriptions. 
All information is stored on encrypted devices and email traffic is restricted to consented exchange with the clients (parents and young people).

The company has its own Standard Operating Procedure about Data Handling.
Although unfortunately security breaches are always possible, this company is using only most trusted encryption tools based on current knowledge. 


This company is using the following high level security processes:


VERACRYPT

Local storage of sensitive data on the companies Windows operated devices is protected by VeraCrypt (http://lifehacker.com/windows-encryption-showdown-veracrypt-vs-bitlocker-1777855025). 


APPLE ENCRYPTION

All company Apple devices are encrypted with MAC's own sophisticated encryption algorithm.


TRESORIT

Cloud storage of data is facilitated by Tresorit (http://www.backupreview.com/tresorit-review/). Tresorit has end user encryption which means all information is encrypted at source and then sent to the cloud storage facility. No encryption keys are shared with or stored on the cloud servers.


emails / EGRESS SWITCH

On request emails can be sent to clients (parents and young people) following explicit consent to receive email correspondence. 

In line with stricter confidentiality regulations around the use of email for confidential information this company has moved to written consent from March 2018 onwards. 

After verbal consent you will receive an email asking for your permission to use non-secure email to
[1] send you/your spouse/your partner medical reports and results via non-secure email

[2] send medical information to your GP if necessary

[3] send medical information to other health care providers if required

You have to opt in to use this service.

As alternative the information can be sent by post or encrypted email using Egress Switch (https://www.egress.com/support). You will have to create a free account with Egress Switch in order to receive these encrypted emails. Please be aware medical enquiries via non-secure email will be not be answered unless consent is given.


SECURE SOCKETS LAYER (SSL)

This website is secured by Secure Sockets Layer (SSL) certificates. They are sometimes called digital certificates and are used to establish an encrypted connection between a browser or user's computer and a server or website. The SSL connection protects sensitive data, such as credit card information, exchanged during each visit, which is called a session, from being intercepted from non-authorized parties.

Because of this SSL security some links to external websites, which are not secured by SSL are blocked.


If you like further information about your rights please see the link below:



Who is my information shared with?

(1) The information is first of all shared with the parents (legal guardians) of the child or young person. 
Opting out of receiving the information via non-secure email does not mean you do not receive the information at all but it means you will get this via post or secure email.

There have been cases when a competent teenager has sought medical advice without his/her parents knowledge and there are court rulings that a doctor may not have to share this information with the parents of these young people even if they are not 18 years yet.


(2) My personal assistant will access your child's information in order to prepare reports and any correspondence

My personal assistant will deal with the administrative side of your consultation with me and is your first access point for queries and liaison with me. The personal assistance is a fully qualified medical secretary.


(3) The information will be shared with your GP by post as a standard

Good medical practice for your specialist is to share your consultation with your GP. This is done if you have given us a GP name and address. You have to let us know at the time of the appointment if you do not wish your GP to receive the medical report as the letters may go out within 24 hours of the appointment. It is regarded by the General Medical Council as our duty to inform your GP of the outcome of the consultation. However, I do respect your wishes if in special circumstances you do not wish to do this. Please note that even if you opt out to have the medical information sent via non-secure email to your GP s/he will still get a copy by post unless you have instructed us not to do so at your appointment.

(4) The information will be shared with a professional medical billing company.
Your information will be shared with Mediaccounts (https://mediaccounts.co.uk) for billing purposes.


(5) Your information will be shared with your insurance company.
This is if your consultation is paid through your insurance company and you have provided us with their details.


(6) Your information will be shared with other health professionals if they are involved in your child's care
Your information will be passed on to other health professionals if any diagnostics (blood tests, radiographs etc) are ordered or if your child is referred on to other doctors, therapists or dieticians. Again you can opt out that this is done via non-secure email and the correspondence will be done by post or secure email only. You will always be informed or even get a copy of the correspondence. This is not always the case for blood test requests or radiograph requests but you can receive the report if required.


(7) Reducted information is shared with a professional accountant for tax and income declaration.
Information on payments and billing will be shared with a professional accountant and for this company is with RK Associates based in the UK. No medical information is shared.