Posts in Clinic app

GDPR AND ALTERNATIVE THERAPY CONSENT FORMS

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, Electronic signatures, GDPR, Holistic Health, Hypnotherapy, Medical History Form, Paperless, Photography, Sports Therapy, Uncategorized, Web Design No Comment yet

It is now over one year since the GDPR legislation came into effect on the 25th of May 2018, and it’s still a major area of concern to many small and medium-sized endeavours.

The Alternative Medicine sector is no exception as I discovered when we exhibited at the Holistic Medicine Exhibition at the ICC in Birmingham recently. 

Almost everyone I spoke to wanted to know if we could help them with compliance. It was as important as the cost savings of going paperless for them. Convenience for them and their clients is the other main benefit.

Many of them were members of a Professional Hypnotherapy Association. They comply with the hypnotherapy code of ethics they studied as part of Hypnotherapy training. Therefore complying with GDPR is important too.

Fortunately, using paperless forms is a great cure for many GDPR headaches.

Nothing worries us more than the unknown. So I thought I’d write down a few words about how GDPR affects Hypnotherapists.

GDPR IS A SOLUTION NOT JUST A PROBLEM

Many people saw GDPR for alternative practitioners as a problem. By offering more transparency it safeguards consumer rights in our online world. Not a problem but a solution.

However, GDPR was written by highly paid lawyers. It appears designed to be complex to keep them in business. 

So here is my take on it, let’s start from the top, shall we? 

WHAT IS PERSONAL DATA?

Personal data means information relating to an identifiable person. Information including, names, addresses, dates of birth, ethnicity, medical information etc.

If you collect personal data for example, using an iPEGS electronic consent form you are the Controller and we are the Processor. The same is true for Medical history, Treatment plan or in fact any of our forms.

As a controller, you determine the purposes of processing personal data. We as a processor, are responsible for processing the data, storing it securely as well as keeping it accessible and within the law. 

A RECENT SURVEY SHOWED NEARLY 40% OF SMALL BUSINESSES DID NOT UNDERSTAND GDPR REGULATIONS

Most people who use paper forms are both the controller and processor. They hold all the responsibility themselves. 

HANDWRITTEN FORMS ARE DATA TOO

GDPR applies to both automated personal data and to manual filing systems. Handwritten forms are data just as the most sophisticated online form, only more cumbersome. 

You must keep an inventory of all personal data that you process.

If that data is digital with the right provider it is relatively simple to keep within the law. Paper-based data is much harder to manage.

THINGS YOU AS CONTROLLER OF PERSONAL DATA SHOULD CONSIDER

  • You must obtain consent to collect data, even the informed Consent to treatment form. You must receive Informed consent to collect Informed consent.
  • How do you store information? In a filing cabinet, on an excel sheet, or securely encrypted in the cloud?
  • Do you share or transport data and if so, how? Is it in the car as you travel between clients? Scanned, printed out and posted, emailed? All these present risks. If submitted securely to a UK data centre, as with iPEGS forms, for example, those risks disappear. Unlike your data might.
  • Is the information subject to a retention schedule?
  • You must keep client data, usually for 7 years.
  • The type of information you are holding (names, addresses, dates of birth, medical history, etc).
  • Do you collect it as paper forms, electronic forms, etc?
  • Will the information for marketing, research, evidence of permission?
  • Who will share the data?
  • Will there be an effect on the individual concerned and is it likely to cause any individuals to object or complain?

ALTERNATIVE THERAPISTS CLIENT’S RIGHTS UNDER GDPR

  • The right to be aware, of data you hold on them.
  • To have timely access to their personal data.
  • The right to request rectification, without delay.
  • To have personal data deleted.
  • The right to data portability, which allows individuals to obtain and reuse their personal data.
  • The right to object, for example, using their data for direct marketing.

If you lose data and let’s face it losing a paper form is easy to do even in the best run surgeries, this counts as a breach.

GDPR WHAT ARE THE RISKS FOR THE HYPNOTHERAPY PRACTITIONER?

If someone gains unauthorised access to your client’s private information, you have 72 hours to report the data breach to both your customers and any data controllers, if your company is large enough to require a GDPR data controller. Failure to report breaches within this timeframe can lead to heavy fines. 

For most practices, GDPR creates the need for greater investment either in consultant’s fees or in your own valuable time. Ensuring your operational processes are up to the required standards, ensuring websites, forms etc are designed and optimised for the latest protocols.

THINGS TO CONSIDER WHEN CONTROLLING DATA

  • Are you or someone on your team trained on data protection?
  • What changes have you made this year to become GDPR compliant?
  • Have you built client consent into your system ?

Clients can give consent in various ways, such as email, a contact form on the website, a check-box on your landing page, tick box on the form etc.

Consent records must specify the time and date when consent was given, as well as the exact means they delivered consent. 

COMPLIANCE INSPIRES TRUST

Compliance not only protects the patient, but it also protects your surgery from overstepping the boundaries.

Companies who seem to cut corners with data protection might well cut corners elsewhere. Most of us are members of a National Hypnotherapy association and have no problems with Hypnotherapy ethical issues. Cutting corners is not in our DNA we understand Our ethics and professionalism are all we have. So going digital make sense.

Can you simply and rapidly process data deletion for clients. Is it at the press of a button or will it take hours of work?

Do any 3rd parties have access to your client’s data? Third party access to data is all too common, third parties who might be using the same network or facilities, you need to be aware of any other parties who might have access to the data you’re collecting. This can be a particular problem in mixed therapy practices. Is it kept in a filing cabinet where others have access or a shared network?

How easy is it to export your data? Is it available at the touch of a button or is it a trip down to the cellar and a root through the filing cabinets?

PRIVACY BY DESIGN

One component of GDPR is privacy by design. This requires therapists to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a hefty fine. It is a good idea to take a good look at your website if it hasn’t had a design overhaul in the last year or so.

Are your forms easy to find and wipe? Who has copies? Are you holding data on your phone, laptop or PC and do others have access to these devices?

GDPR seems complex, but essentially it refers to the need to have business systems designed with proper security and privacy measures integral. iPEGS paperless forms, for example, is such a system.

If you would like to find out more about how a system such as iPEGS can help you manage your client data, please check out our website www.ipegs.co.uk or contact me directly steve @ipegs.co.uk or call me on 01244 955350, I will be pleased to help.

WHAT SHOULD I KNOW ABOUT MANAGING MY ALTERNATIVE THERAPY SITE

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, Electronic signatures, Holistic Health, Hypnotherapy, marketing, Medical History Form, Paperless, Sports Therapy, Uncategorized, Web Design No Comment yet

MANAGING MAGIC COOKIES ON MY ALTERNATIVE THERAPY WEBSITE

Managing your alternative therapy website is part of iPEGS series of blogs on marketing your Alternative Therapy Practice. A covert plan to force our clients to use more paperless new client forms, informed consent forms etc.

As a modern business owner, as well as a healer, there are many hats we have to wear. Unfortunately ‘Webmaster’ is just one of them.

Most of us are not running big corporations, but small practices, or are even individual traders, so it is often up to us alone to get things right. 

Websites for therapists are now as important as our shop window. There are many affordable websites for therapists, which are easy to manage. There are even some free websites for therapists that can work for us. The best websites for therapists, give you a lot of control not only of content but the system behind the content.

We might not have built our own website, but it is most likely that we manage it. We write the content, run ad campaigns to promote it, send out newsletters and use our web presence to build our patient base. It’s how we increase the numbers of visits on our therapist’s website and promote our therapy business.

Just as we manage the data that we collect from our new client forms, or medical histories and get informed consent to treat our patients. 

Whether we collect this information using modern paperless forms or on paper stored in filing cabinets, even collected on our computer directly from our website, it still has to be managed.

As part of the iPEGS team, I have written a lot about GDPR and data collection for therapists and the new regulations. GDPR is one of the many reasons our clients decide to go paperless with iPEGS. 

KEEPING UP WITH THE RULES

This week I have been reading the ICO’S (Information Commissioner’s Office) latest newsletter and found out quite a bit of interest and might keep our clients out of trouble.

A lot of us use Facebook and Twitter and other social media to drive traffic to our main site. To do this and monitor our progress we use cookies.

COOKIES AND THERAPY

There was a time when a cookie was something we indulged in with a cup of coffee. The first web cookies were called Magic Cookies in 1994.

Nowadays they are a vital part of our online activities. Just like using client’s data and GDPR, the rules are changing, and we have to keep up.

In this new, post-GDPR era, rules are changing about how we can use cookies. More importantly how our clients reject them.

These magic Cookies have been around for 25 years, but are still a mystery to most of us. We have written a short blog explaining the term cookies if you wish to read it.  

IT’S ALL ABOUT INFORMED CONSENT

The rules that regulate Cookies are the Privacy and Electronic Communications Regulations, not GDPR but PECR. Just what I needed another Acronym to write about. However, it’s still all about informed consent .

You can read the full regs on their site.

Here are a few things that you might find interesting…

Until recently if someone came on our site, unless they said otherwise, they accepted our use of cookies. 

Now our visitor must take positive action to consent to non-essential cookies.

Essential cookies are only those that are strictly necessary to fulfil your client’s requirements. They are, for instance essential for your shopping cart, or for clients to log in.

Non-essential may seem essential to you, but the client is number one in this new digital era.

Even cookies that are helpful to make the client’s navigation of our website easier, need your client’s informed consent.

Your website must clearly tell our user what cookies are set and what they do, including third party cookies.

Pre ticked boxes or sliders cannot be set to on. Except for essential cookies, our user must take the decision to apply them. 

Non-essential cookies cannot be set into our home page or landing page. 

Analytics cookies need consent. They tell us if that ad campaign working? Did that mail shot work? How many hits did we get last week, where were they from, which pages did the client visit?

These cookies might seem essential to us as the website owner. However, if we don’t have analytics running, our user can still use our site. Therefore they are not essential to our reader. We need consent.

FORCING OUR CLIENT’S DECISIONS

‘Well if the client doesn’t want to let us use our very reasonable cookies, we can just block the page access right’?

Probably not. Phrases like ‘by continuing to use this website you agree to our use of cookies’. Smacks of walking into a bank holding a gun. Then asking the teller for a donation to your holiday fund. It is not a valid request for consent.

It’s all about your user’s needs and their prior consent to use the information we glean from their visit. Which is not that different from when you explain the treatment you propose and ask for patients informed consent really. We wouldn’t consider treating people without consent, would we?

It feels like the ICO wants me to stop using cookies altogether’. Well not really, without cookies the web would come to a grinding halt. 

There have however been a lot of abuses of user’s information and the pendulum is swinging back to personal choice. Which is not a bad thing. We have all, I’m sure, felt a little sore about how our data has been bought and sold in the marketplace by faceless multinationals. 

Cookie compliance is an area of expansion for the ICO in the future. I sometimes wonder if it is also about protecting the huge corporations. Those who now own the internet from new competition, but maybe I am just a little paranoid.

BEING NICE AND SAYING PLEASE

That said it’s really just about being nice and asking permission. Most people are understanding and if you take time to explain why you need permission, will give it.

It would be worth your while having a look at your site and checking if you are up to date on your cookie policies. If someone else manages your website, talk to them about how your cookies are set and if they need to make changes on your behalf.

At iPEGS paperless forms, we are all about making life easier for our clients and helping them save time and money. If you are still using paper forms, stored in filing cabinets or on your computer. We can definitely help you save both. Why not check out our website and see how we can help? If you found this article useful please let me know.

By using the iPEGS Paperless System for your Consultation Forms, Consent Forms, Medical Histories and Treatment Plans you can be sure that your data is safe. As the data processor we store and encrypt your data in a secure, state of the art, UK data centre. We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks. We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

If you would like to know more, please email me: steve @ipegs.co.uk or you can call me directly on 01244 955350 and we can discuss how iPEGS can help improve your data security and client’s experience.

MANAGING CLIENT’S DATA FOR THERAPISTS

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, GDPR, Hypnotherapy, marketing, Medical History Form, Paperless, Sports Therapy, Uncategorized, Web Design No Comment yet

HOW DO I AS A THERAPIST PERMANENTLY REMOVE CLIENT’S DATA FROM MY OLD DEVICES?

As a Therapist you store sensitive client information on your desktop computer, laptop, tablet or even smart phone.

One of the key moments where data becomes vulnerable is when you dispose of old IT equipment. 

You cannot just copy and then dump data, there is a duty of care for the total life cycle of the equipment including disposal.

Client information such as Informed consent forms, Medical histories, Treatment plans, or other Consultation Forms, as well as contact details, are at the core of your business. It is protected by GDPR law and frankly not something you want to go astray. Make sure that you have it safely, on the cloud, or alternatively stored securely.


MY CLIENT’S DATA IS IN THE CLOUD. HOW DO I DELETE THIS SECURELY?

If you are using iPEGS paperless forms, securely deleting data from the cloud is simple. You need no special software, reformatting, resetting, or specialist IT security consultants. You can delete data on request permanently and at the push of a button. As clients are able to request this from you as data collector.

If you use another provider you should contact them for advice on how to securely delete this data.

MY DATA IS ON MY DEVICE, NOT ON THE CLOUD

If you store your data off cloud, at first glance deleting files, formatting or factory resetting hardware should do the trick. Unfortunately that is not always the case.

The delete file button does not really erase files, it just takes them out of sight. Anyone with a little knowledge can easily recover these files.

If you have client’s phone numbers, email addresses on your phone, and who doesn’t, disposal is a huge responsibility. 

DONATING OLD PHONES OR TABLETS

If you have ever sold or passed a mobile phone or tablet on, what happened to all the data that was on the device?  Even activating the factory reset on mobile phones and tablets isn’t always the end of it. 

You may think you are doing the right thing by donating your old phone to organisations like Oxfam or Fonebank but without the proper precautions, you could put client’s data at risk.

YOU MUST BE SURE THAT ALL PREVIOUS DATA IS UNRECOVERABLE BY THIRD PARTIES 

Where is my client’s data? 

Desktop and laptop computers store data on an internal hard drive. Most of us are familiar with that. Don’t forget that you may also have client’s data stored on USB drives, USB sticks or even CDs.

Some Mobile phones and Tablets have internal SD cards not dissimilar to the ones you can buy to add memory or save photo’s. 

DELETE OR DESTROY?

When you delete your data it may no longer be easily available. However traces of data remain in places that aren’t always apparent.

If you move an item to the recycle bin or perform ‘quick format’ on your hard drive or a factory reset of your device, you may consider it deleting data but it isn’t complete.

For a home computer, this is generally an adequate method for removing your personal data in most situations.

Formatting your device, recreates the data structures and file system.

You can delete data by reformatting, unfortunately, it could still be recovered easily.

HOW DO I MAKE SURE MY DATA CAN NEVER BE RESTORED, EVEN BY PROFESSIONALS? 

Data Destruction

Employ an IT security specialist.

There are many companies which will securely delete data for you from a range of devices. These organisations will destroy or overwrite data on your behalf. 

Companies such as Secure IT Services Ltd for example, use InfoSec Standard No: 5 Approved Blancco programme as do other companies in the sector. This is the gold standard but is costly.  

They are able to return, reuse or recycle your device after they have securely deleted your data.

Before you send a device to be wiped, it is wise to restore it to factory settings. When your machine is returned, you should confirm your data has been removed securely

All this takes time and money but is the most effective method of removing data .

OVERWRITING PROGRAMMES

Using an overwriting programme can be cheaper and you can continue to use the device once the process is complete. 

Overwriting large hard drives takes time and this may need to be done multiple times. However it may be impossible to remove all data from the device.

Where do I find overwriting software?

You can find programmes which offer secure deletion of data easily. Some are free to download however, you should make sure this comes from a reputable source and check user reviews against the claims that it makes.

USE A SLEDGEHAMMER

You may well decide that it is cheaper and less hassle just to destroy the hardware. Even this is not as simple as it may appear at first glance.

The client data may well be the only thing that you really want to remove, not to buy a new computer.

If you take a sledgehammer to your device, you can’t just sweep up the yard and dump it into the bin. The debris from mobile phones tablets, and the batteries particularly raise extra health, safety and environmental concerns.

You can try restoring factory settings.

Many devices offer a function to ‘Restore to factory settings.’ This will return the device to the state in which you bought it. This mostly applies to tablets and smartphones.

Included in the reset process must be a secure wiping stage. Not all devices include this process. You should check with the device manufacturer .

THERE MUST BE AN EASIER WAY?

If having read this you feel that it might be wiser to, stick to therapy and not take up IT security as a part time job then why not look at our website and see how iPEGS can help you manage your forms and data.

By using the iPEGS Paperless System for your Consultation Forms, Consent Forms, Medical Histories and Treatment Plans, you can be sure that your data is safe. As the data processor, we store and encrypt your data in a secure, state of the art UK data centre. We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks. We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

I’m interested how do I get started?

If you would like to know more simply email me directly: steve @ipegs.co.uk or call me on 01244 955350.

INFORMATION IMPORTANT TO THERAPISTS

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, GDPR, Holistic Health, Hypnotherapy, Medical History Form, Paperless, Security, Sports Therapy, Uncategorized No Comment yet

As a Therapist you collect a lot of information about your clients and their treatment.

In fact, your insurance policy demands it and they can be quite specific. 

Therapists are faced with mountains of paper consent forms, as your client base increases. Paper consent forms are insecure, inefficient and expensive. Storing forms on a hard drive is more efficient, but leaves you at risk from computer crashes, virus and malware.

iPEGS Paperless forms are the perfect solution. You free up valuable space, meaning no more clunky filing cabinets. iPEGS allows you to use your company branding and easily build and edit your forms. Search for your clients using our advanced search feature and manage your electronic forms into folders.

Forms don’t go missing like paper ones, which is vital for future reference or if a claim was to arise. 

Mandatory fields mean you will never receive incomplete forms with important missing information. Going paperless also means you can easily implement the latest GDPR consent requests.

COLLECTING INFORMATON

For Yoga, Pilates, Fitness, Meditation or Mediumship you must record the client’s name and brief details and record the date of the session and any other relevant facts.

Ensure that there is no health reason why clients should not attend class. If in doubt you should ask for their GP’s confirmation that they can safely participate in your class. 

At the start of each class please ask all participants is there any change in their circumstances. Any that could affect their ability to participate in and complete the class safely.

Insurers will be ask you to produce your records of the client/event,In the event of a claim,

GYMS, SHARED PRACTICES

Where therapists work in a gym, sports or leisure centre, or a shared practice often the centre keeps these records.  

You must advise the centre of any unusual events or of any injuries sustained during your class. 

You must ensure that the Centre gives you access to these records. In the event of a claim being made against you.

EXHIBITIONS AND PUBLIC DEMONSTRATIONS

If you give therapy sessions at public events, a great way to increase your client base, the name and brief details of every participant, date of session and therapy being demonstrated and any other relevant facts must be recorded.

iPEGS provides quick and easy way to quickly access and complete consent forms, consultation forms and medical history forms on an iPad, Tablet, Smart Phone or Laptop. This avoids discouraging queues and saves you and the client valuable time. Mandatory fields mean you will never receive incomplete forms missing important information.

After the event you can access and safely store the data on the iPEGS secure web portal. By incorporating marketing permissions on the registration form you can easily follow up and increase your client base by exporting this data from iPEGS.

Remember in the event of a claim you will be asked to produce your records of the client/event.

ONE ON ONE THERAPY

You are required to take consultation records and retain those records, one policy I checked asked for five years, but most require seven years, after the last treatment given. 

In the case of minors, insurers advise that records should be kept for at least 7 years after the minor reaches 18.

The records should as a minimum have the client’s full name, date of consultation and notes on the lifestyle/medical history where appropriate to the treatment being given. 

They should at least include a brief description of the therapy or treatment. 

The therapist must adequately record each and every treatment given to each and every client. 

The record is to include full details of the consultation process, the treatment, the result of the treatment and any aftercare instructions given where appropriate.

Notes need to be added of any adverse reaction to the therapy or treatment either separately or as part of the notes already used.

In the event of a claim you will be asked to produce your records of the client/event. The insured person must adequately record each and every treatment given to each and every client. This is to protect you in the event of a claim being made against you. 

WE CAN HELP

By using the iPEGS Paperless System for your Consultation Forms, Consent Forms, Medical Histories and Treatment Plans. You can be sure that your data is safe. Saved to the cloud there is no risk of a computer breakdown losing all your data. As the data processor we store and encrypt your data in a secure, state of the art, UK data centre.

We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks.

We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

If you would like to know more please email steve @ ipegs.co.uk or contact me directly on 01244 955350.

How Dental Practices Can Go Paperless

June 25th, 2019 Posted by Clinic app, Consultation Forms, Dental Practise, Electronic signatures, News, Paperless No Comment yet

 

A trip to the dentist is something that cannot be avoided. Dental practices see vast amounts of patients each day resulting in printing huge amounts of paper based documents for patients to complete, sign and to then be manually inputted into their system. For some practices, once this form has been completed it is then scanned onto a management system and then shredded which is an unproductive, costly and a time consuming process.

We provide a solution to this problem, enabling patients to fill in medical history forms and sign treatment plans digitally through the iPEGS app using an iPAD or tablet. This document can then be converted to a pdf, excel, word, csv or an xml document and stored onto your patients record or emailed directly to the customer or healthcare professional.

Our practice surveys allow businesses to understand and improve on the service and environment that they offer for their clients. This allows management teams to analyse this data through the advanced reporting feature.

iPEGS will allow you to access a range of branded and customised electronic forms for your patients to complete and sign at the surgery using an iPAD or any device. You can also send the form electronically to your patients to complete and sign prior to their appointment via iPEGS Remote. Once completed, this can then be stored on your computer, CRM system or saved on the iPEGS portal for reference.

If you are interested in finding out how iPEGS can work within your business then please call us on01244 955350 or email us at info@ipegs.co.uk.

Send & receive urgent consent forms with iPEGS Remote

December 9th, 2016 Posted by Clinic app No Comment yet

The iPEGS Remote mobile app allows businesses to immediately send customised consent forms to their clients who will be alerted regarding the form and receive this through the MiPEGS app on their smart phone to complete, sign and send back. We have many clients who use the iPEGS Remote app in an emergency situation.

Veterinary surgeons frequently need consent from owners to be able to operate on their animal in unforeseen circumstances. iPEGS Remote provides a solution for them, allowing forms to be sent and accessed by the client remotely wherever they may be in the world.

Receive, sign and submit……….

            

The app is available for android and IOS and can be downloaded from the App Store or Google Play. If a client does not have a smartphone to download the iPEGS Remote app then consent forms can still be sent as a web form and completed signed and submitted back on any device.

If you have a need to send forms directly to your clients, patients or customers to be accessed promptly and sent back in real time then speak to us. We will be able to help you build and brand your digital forms ready to send and receive. To open an account, or for a demo then please contact us at info@ipegs.co.uk or contact us directly on 01244 955350.

For digital form filling in a client face to face situation you can use our iPEGS app which stores multiple digital forms that can be accessed, completed, signed, saved or submitted using the app on an iPAD or tablet downloadable from the App Store or Google Play. The iPEGS app is extremely valuable in a surgery environment and vets use the app for all their form filling requirements which saves time, money on printing costs and improves productivity.