Posts tagged " Acupuncture "

GDPR AND ALTERNATIVE THERAPY CONSENT FORMS

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, Electronic signatures, GDPR, Holistic Health, Hypnotherapy, Medical History Form, Paperless, Photography, Sports Therapy, Uncategorized, Web Design No Comment yet

It is now over one year since the GDPR legislation came into effect on the 25th of May 2018, and it’s still a major area of concern to many small and medium-sized endeavours.

The Alternative Medicine sector is no exception as I discovered when we exhibited at the Holistic Medicine Exhibition at the ICC in Birmingham recently. 

Almost everyone I spoke to wanted to know if we could help them with compliance. It was as important as the cost savings of going paperless for them. Convenience for them and their clients is the other main benefit.

Many of them were members of a Professional Hypnotherapy Association. They comply with the hypnotherapy code of ethics they studied as part of Hypnotherapy training. Therefore complying with GDPR is important too.

Fortunately, using paperless forms is a great cure for many GDPR headaches.

Nothing worries us more than the unknown. So I thought I’d write down a few words about how GDPR affects Hypnotherapists.

GDPR IS A SOLUTION NOT JUST A PROBLEM

Many people saw GDPR for alternative practitioners as a problem. By offering more transparency it safeguards consumer rights in our online world. Not a problem but a solution.

However, GDPR was written by highly paid lawyers. It appears designed to be complex to keep them in business. 

So here is my take on it, let’s start from the top, shall we? 

WHAT IS PERSONAL DATA?

Personal data means information relating to an identifiable person. Information including, names, addresses, dates of birth, ethnicity, medical information etc.

If you collect personal data for example, using an iPEGS electronic consent form you are the Controller and we are the Processor. The same is true for Medical history, Treatment plan or in fact any of our forms.

As a controller, you determine the purposes of processing personal data. We as a processor, are responsible for processing the data, storing it securely as well as keeping it accessible and within the law. 

A RECENT SURVEY SHOWED NEARLY 40% OF SMALL BUSINESSES DID NOT UNDERSTAND GDPR REGULATIONS

Most people who use paper forms are both the controller and processor. They hold all the responsibility themselves. 

HANDWRITTEN FORMS ARE DATA TOO

GDPR applies to both automated personal data and to manual filing systems. Handwritten forms are data just as the most sophisticated online form, only more cumbersome. 

You must keep an inventory of all personal data that you process.

If that data is digital with the right provider it is relatively simple to keep within the law. Paper-based data is much harder to manage.

THINGS YOU AS CONTROLLER OF PERSONAL DATA SHOULD CONSIDER

  • You must obtain consent to collect data, even the informed Consent to treatment form. You must receive Informed consent to collect Informed consent.
  • How do you store information? In a filing cabinet, on an excel sheet, or securely encrypted in the cloud?
  • Do you share or transport data and if so, how? Is it in the car as you travel between clients? Scanned, printed out and posted, emailed? All these present risks. If submitted securely to a UK data centre, as with iPEGS forms, for example, those risks disappear. Unlike your data might.
  • Is the information subject to a retention schedule?
  • You must keep client data, usually for 7 years.
  • The type of information you are holding (names, addresses, dates of birth, medical history, etc).
  • Do you collect it as paper forms, electronic forms, etc?
  • Will the information for marketing, research, evidence of permission?
  • Who will share the data?
  • Will there be an effect on the individual concerned and is it likely to cause any individuals to object or complain?

ALTERNATIVE THERAPISTS CLIENT’S RIGHTS UNDER GDPR

  • The right to be aware, of data you hold on them.
  • To have timely access to their personal data.
  • The right to request rectification, without delay.
  • To have personal data deleted.
  • The right to data portability, which allows individuals to obtain and reuse their personal data.
  • The right to object, for example, using their data for direct marketing.

If you lose data and let’s face it losing a paper form is easy to do even in the best run surgeries, this counts as a breach.

GDPR WHAT ARE THE RISKS FOR THE HYPNOTHERAPY PRACTITIONER?

If someone gains unauthorised access to your client’s private information, you have 72 hours to report the data breach to both your customers and any data controllers, if your company is large enough to require a GDPR data controller. Failure to report breaches within this timeframe can lead to heavy fines. 

For most practices, GDPR creates the need for greater investment either in consultant’s fees or in your own valuable time. Ensuring your operational processes are up to the required standards, ensuring websites, forms etc are designed and optimised for the latest protocols.

THINGS TO CONSIDER WHEN CONTROLLING DATA

  • Are you or someone on your team trained on data protection?
  • What changes have you made this year to become GDPR compliant?
  • Have you built client consent into your system ?

Clients can give consent in various ways, such as email, a contact form on the website, a check-box on your landing page, tick box on the form etc.

Consent records must specify the time and date when consent was given, as well as the exact means they delivered consent. 

COMPLIANCE INSPIRES TRUST

Compliance not only protects the patient, but it also protects your surgery from overstepping the boundaries.

Companies who seem to cut corners with data protection might well cut corners elsewhere. Most of us are members of a National Hypnotherapy association and have no problems with Hypnotherapy ethical issues. Cutting corners is not in our DNA we understand Our ethics and professionalism are all we have. So going digital make sense.

Can you simply and rapidly process data deletion for clients. Is it at the press of a button or will it take hours of work?

Do any 3rd parties have access to your client’s data? Third party access to data is all too common, third parties who might be using the same network or facilities, you need to be aware of any other parties who might have access to the data you’re collecting. This can be a particular problem in mixed therapy practices. Is it kept in a filing cabinet where others have access or a shared network?

How easy is it to export your data? Is it available at the touch of a button or is it a trip down to the cellar and a root through the filing cabinets?

PRIVACY BY DESIGN

One component of GDPR is privacy by design. This requires therapists to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a hefty fine. It is a good idea to take a good look at your website if it hasn’t had a design overhaul in the last year or so.

Are your forms easy to find and wipe? Who has copies? Are you holding data on your phone, laptop or PC and do others have access to these devices?

GDPR seems complex, but essentially it refers to the need to have business systems designed with proper security and privacy measures integral. iPEGS paperless forms, for example, is such a system.

If you would like to find out more about how a system such as iPEGS can help you manage your client data, please check out our website www.ipegs.co.uk or contact me directly steve @ipegs.co.uk or call me on 01244 955350, I will be pleased to help.

GDPR ISSUES FOR THE ALTERNATIVE MEDICINE SECTOR

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Consent forms, Consultation Forms, GDPR, Holistic Health, Insurance, Paperless, Security No Comment yet

Most of us are way beneath the higher risk threshold but our insurance companies are taking these levels of risk on our behalf and charging us to do so.

I spent some time this weekend chatting to specialist Healthcare Insurance Brokers at the exhibition and they were very pleased to see me. They assured me that the actuaries will sleep better knowing their clients are using iPEGS paperless forms.

Now I like a well-rested actuary as well as the next man, but my objective is to get them to discount insurance for our users. Not only is your risk less, so are theirs, after all.

For most practices, GDPR creates the need for greater investment either in consultant’s fees or in your own valuable time. Ensuring your operational processes are up to the required standards, ensuring websites, forms etc are designed and optimised for the latest protocols.

Large companies may appoint a DPO (data protection officer). However, for most of us DPO is just another hat to hang alongside the, therapist, counsellor, head of HR, finance, marketeer, sales manager and parent hats ti name a few. Being too busy is no defence in law unfortunately. I’ve always believed it’s a clever man who buys his brains. So if we can rely on professionals like iPEGS and save money into the bargain it’s a bonus.

COMPLIANCE INSPIRES TRUST

Compliance isn’t solely an expense, in order to conform to the rules, it helps to inspire trust and confidence in the eyes of our patients.

Companies who seem to cut corners with data protection might well cut corners elsewhere. Most of us are members of a National Hypnotherapy association and have no problems with Hypnotherapy ethical issues. Cutting corners is not in our DNA we understand our ethics and professionalism are all we have. So going digital make sense.

Compliance not only protects the patient, but it also protects your clinic from overstepping the boundaries.

THINGS TO CONSIDER WHEN CONTROLLING DATA

  • Are you or someone on your team trained on data protection?
  • What changes have you made this year to become GDPR compliant?
  • Have you built client consent into your system?

Clients can give consent in various ways, such as email, a contact form on the website, a check-box on your landing page, tick box on the form etc.

Consent records must specify the time and date when consent was given, as well as the exact means that they delivered consent. 

Can you simply and rapidly process data deletion for clients. Is it at the press of a button or will it take hours of work?

Do any 3rd parties have access to your client’s data? Third party access to data is all too common, third parties who might be using the same network or facilities, you need to be aware of any other parties who might have access to the data you’re collecting. This can be a particular problem in mixed therapy practices. Is it kept in a filing cabinet where others have access or a shared network?

WHAT PROTECTIVE MEASURES DO YOU HAVE IN PLACE?

Are there proper security protocols in place that will detect data breaches when they occur? How do you know if your client’s data had been hacked into or copied? The last thing you want is to find out about a data breach from your users and valued client. This is a sure-fire way to lose trust. 

How easy is it to export your data? Is it available at the touch of a button or is it a trip down to the cellar and a root through the filing cabinets?

One component of GDPR is privacy by design. This requires therapists to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a hefty fine. It is a good idea to take a good look at your website if it hasn’t had a design overhaul in the last year or so.

Are your forms easy to find and wipe? Who has copies? Are you holding data on your laptop or PC? Do others have access to these devices?

The concept seems sort of complex, but essentially it refers to the need to have business systems designed with proper security and privacy measures integral. iPEGS paperless forms provides such a system.

If you would like to help improve the management of your client data and in the way you collect it please check out our website www.ipegs.co.uk or contact me directly steve@ipegs.co.uk or call on 01244 955350, I will be pleased to help.

Acupuncture Consent Forms and Medical History Forms

March 11th, 2019 Posted by Acupuncture, Alternative Medicine, Consent forms, Consultation Forms, Medical History Form, Paperless No Comment yet

Medical History and Consent Forms in Acupuncture

As an Acupuncturist, you carry a huge responsibility for the welfare of your clients, many of whom have been suffering ill health for years. Often you are the last port of call, after mainstream medicine has failed to provide relief from a chronic condition.

Taking a thorough medical history of each new patient is your first step in providing for a patient’s needs, firstly you need to ensure that acupuncture is the appropriate treatment for your client. People often have an unclear idea of what acupuncture can do, after all acupuncture is not a miracle cure for anything, it is a science.

In obtaining their medical history, there is a need to gain a thorough understanding of a patient’s main complaint and general health and lifestyle. This involves asking questions about current symptoms as well as medical history, such things as sleeping patterns, appetite and digestion, emotional wellbeing. Women must be asked about their menstrual cycle and any past pregnancies and childbirth. The use of pharmaceutical products must be considered in detail, side effects are often hard to distinguish from the ailment. Some patients have suffered chronic conditions for years before considering acupuncture and have tried a series of treatments that have failed, so this medical history is a vital tool for achieving a successful outcome.

Getting that history can be a long and exhaustive process, you need to know as much about past treatments as possible and that can take time to remember.

Using an electronic consent form that can be sent in advance to the client, can gain a depth of information that is hard to get in a first consultation. All this information needs to be recorded and considered thoroughly before a treatment plan can be agreed and put into place.

By using iPEGS Remote paperless forms you can send out the questionnaire a week before the first appointment. It is totally secure and can be customised to suit the patient. They can fill in the history and return it using any connected device, be it smart phone, P.C. or tablet.

People are so accustomed to using communications technology these days, filling in a form at home in their own time can be so much less stressful than in a busy surgery, with limited time.

As for the practitioner you are receiving a fuller history in anticipation of your first consultation, even having time to consult with colleagues, if necessary. There can be a due date set for the form to be returned for just that purpose, with reminders embedded in the process. Once the form is sent, it is automatically filed, unlike paper forms there is no possibility of it being mislaid. It is a permanent record of your patient’s history and current condition.

Once you have had the opportunity to study this and meet your patient, you can explain your findings to them and ensure that they understand. Informing them clearly of the nature and purpose of any proposed treatment you gain their consent to treatment. This of course needs to be recorded.

Although consent may in the past have been taken as implied by a patient’s actions in turning up and lying on the treatment couch, explicit consent is now considered essential.

The law states that, consent must be given by a legally competent person, in some cases the next-of-kin. It must be given voluntarily and must be informed.

You must be able to prove you have sought explicit consent and ensure that the patient has understood what you propose to do. This is particularly important where treatment may involve sensitive areas of the body. It may be construed as an assault to examine or even prepare to treat someone without consent.

You cannot delegate the obtaining of consent to a receptionist or unqualified assistant. Informed consent requires that you as the practitioner (or an appropriately qualified colleague) have explained the procedure, been available to answer questions and able to satisfy yourself that the patient understands what they have been told. So it is up to you the practitioner not only to personally supervise treatment but also consent to treatment.

Having proof of consent is of course part of your duty of care not only to your patient but also for your practice.

So an acupuncture consent form must be signed very early on in the treatment process, again this consent form can be digital, secure and paperless. Using the iPEGS paperless forms, consent can be rapidly given, directly on to a tablet or even a mobile phone, even including a photo for confirmation. Instantaneously becoming a matter of record.

By using a iPEGS digital consent form, you can customise the form in real time, making changes without having to wait on printers, receptionists etc, time saved can be used in treating the patient, which after all is the object of the process.

Storing these Forms is also more complex than you might imagine.

You may well know you are legally required to keep patient records for a minimum of seven years. In the case of minors’ records must be kept until the patient reaches the age of twenty-five (seven years after reaching eighteen). Did you know that this applies even when you have referred the patient on, or you have left the practice where you administered the treatment?

There is also a legal requirement to retain original records which applies in the buying and selling of a practice and even with a patient’s consent, you must only pass on copies of the records, not the original notes?

Making copies of thousands of paper records is a mammoth task, digitally using iPEGS it can be done in a fraction of the time. You may not envisage selling the practice, but you will want to retire sometime.

You must also ensure that patients are kept fully informed and offered appropriate choices about their continuing care and the safe-keeping and location of their original records. Knowing that they are secured gives peace of mind to you and your patient. Doing this with thousands of separate paper documents is literally a forest of wasted time and space.

Patient records must be kept secure and confidential at all times. The UK data protection regime is set out in the DPA 2018 which replaces the Data Protection Act 1998, and came into effect on 25 May 2018, along with the GDPR (which also forms part of UK law). The law applies to any ‘processing of personal data’, and will catch most businesses and organisations, whatever their size and the law provides stronger protection for more sensitive information such as health related data.

Wouldn’t it be useful to get fuller more reliable patient histories?

Can you really afford to take risks with your patient’s records?

Can you afford the space and time that paper forms take up?

Wouldn’t it be simpler and more efficient to go digital and paperless, like many of your colleagues in the health sector are now doing?

Would you prefer not to have the worry of a disgruntled patient with a lost consent form?

If your answer is yes to any or all of the above, or if you are not sure, then why not get in touch, and let iPEGS take you through the process of going paperless.

We are all busy, but sometimes we have to invest time to save it, for our patients and our practice.

Just follow the links on this page and you can be up and running digitally in less than the time of an average consult. If you feel that you have questions you need answered that are not covered on the site, why not book in a call at a time that suits you best? You can do this via the link below and let us walk you through how iPEGS can help improve your processes:

https://calendly.com/ipegs/15-minute-phone-call/

For  more information please click here or feel free to drop me an email: steve @ ipegs.co.uk