1 - We never store and process patient data for marketing. Only to assist with clinical service delivery.
2 - Patients have the right to withdraw or withhold consent at any given time without affecting their access to services.
3 - As part of gaining patient consent, we gain agreement with whom information and reports are shared with before any treatment is progressed.
4 - We have removed all unnecessary patient data from our invoicing and management information reports.
5 - Any data sharing we do undertake is kept to an absolute minimum, through anonymisation and pseudonymisation.
6 - We have a secure Client Relations Portal, which can only be accessed by authorized personnel using their unique username and password to download commercial proposals and management information.
7 - Well established information security principles in place, in accordance with our ISO27001 Accredited status .
8 - We have a Data Protection Officer in place who is responsible for the management of a robust audit process,.
9 - All IPRS Health staff have been trained in privacy, confidentiality, consent and have received updated training on GDPR.
10 - Anyone has the right to access their data at any time they wish with a simple request.
11 - We have updated our IT Framework privacy policies, website security and password policies.
12 - Everyone will have to opt-in to receive marketing. The option is there to opt-out anytime thereafter.