Posts tagged " Data Security "

GDPR ISSUES FOR THE ALTERNATIVE MEDICINE SECTOR

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Consent forms, Consultation Forms, GDPR, Holistic Health, Insurance, Paperless, Security No Comment yet

Most of us are way beneath the higher risk threshold but our insurance companies are taking these levels of risk on our behalf and charging us to do so.

I spent some time this weekend chatting to specialist Healthcare Insurance Brokers at the exhibition and they were very pleased to see me. They assured me that the actuaries will sleep better knowing their clients are using iPEGS paperless forms.

Now I like a well-rested actuary as well as the next man, but my objective is to get them to discount insurance for our users. Not only is your risk less, so are theirs, after all.

For most practices, GDPR creates the need for greater investment either in consultant’s fees or in your own valuable time. Ensuring your operational processes are up to the required standards, ensuring websites, forms etc are designed and optimised for the latest protocols.

Large companies may appoint a DPO (data protection officer). However, for most of us DPO is just another hat to hang alongside the, therapist, counsellor, head of HR, finance, marketeer, sales manager and parent hats ti name a few. Being too busy is no defence in law unfortunately. I’ve always believed it’s a clever man who buys his brains. So if we can rely on professionals like iPEGS and save money into the bargain it’s a bonus.

COMPLIANCE INSPIRES TRUST

Compliance isn’t solely an expense, in order to conform to the rules, it helps to inspire trust and confidence in the eyes of our patients.

Companies who seem to cut corners with data protection might well cut corners elsewhere. Most of us are members of a National Hypnotherapy association and have no problems with Hypnotherapy ethical issues. Cutting corners is not in our DNA we understand our ethics and professionalism are all we have. So going digital make sense.

Compliance not only protects the patient, but it also protects your clinic from overstepping the boundaries.

THINGS TO CONSIDER WHEN CONTROLLING DATA

  • Are you or someone on your team trained on data protection?
  • What changes have you made this year to become GDPR compliant?
  • Have you built client consent into your system?

Clients can give consent in various ways, such as email, a contact form on the website, a check-box on your landing page, tick box on the form etc.

Consent records must specify the time and date when consent was given, as well as the exact means that they delivered consent. 

Can you simply and rapidly process data deletion for clients. Is it at the press of a button or will it take hours of work?

Do any 3rd parties have access to your client’s data? Third party access to data is all too common, third parties who might be using the same network or facilities, you need to be aware of any other parties who might have access to the data you’re collecting. This can be a particular problem in mixed therapy practices. Is it kept in a filing cabinet where others have access or a shared network?

WHAT PROTECTIVE MEASURES DO YOU HAVE IN PLACE?

Are there proper security protocols in place that will detect data breaches when they occur? How do you know if your client’s data had been hacked into or copied? The last thing you want is to find out about a data breach from your users and valued client. This is a sure-fire way to lose trust. 

How easy is it to export your data? Is it available at the touch of a button or is it a trip down to the cellar and a root through the filing cabinets?

One component of GDPR is privacy by design. This requires therapists to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a hefty fine. It is a good idea to take a good look at your website if it hasn’t had a design overhaul in the last year or so.

Are your forms easy to find and wipe? Who has copies? Are you holding data on your laptop or PC? Do others have access to these devices?

The concept seems sort of complex, but essentially it refers to the need to have business systems designed with proper security and privacy measures integral. iPEGS paperless forms provides such a system.

If you would like to help improve the management of your client data and in the way you collect it please check out our website www.ipegs.co.uk or contact me directly steve@ipegs.co.uk or call on 01244 955350, I will be pleased to help.

CYBER AND DATA SECURITY RISKS FOR THERAPISTS

July 24th, 2019 Posted by Alternative Medicine, Consent forms, Consultation Forms, Holistic Health, Medical History Form, Paperless, Security No Comment yet

As a therapist, you are subject to strict rules about collecting and retaining data. Against the trend, HMG and your Insurer demands you to take and hold reams of data. Often for many years.

Data such as Consultation Forms, Consent Forms, Medical Histories and Treatment Plans as well as clients contact details.

Not only do you collect this in order to function as a therapist but also in order to insure against subsequent legal claims of negligence.

Just check out what the small print says in your insurance policy. I have taken some notes of the small print in some policies. The blog can be read here.

It is informative, if scary reading.

90% OF THE WORLDS DATA HAS BEEN PRODUCED IN THE LAST TWO YEARS

If you do not Keep Necessary Records, often you are not insured. 

What patient records should I as a Therapist Keep?

In this day and age, almost all of us use computers and doesn’t everyone use a smartphone? 

Unfortunately, many practitioners still stockpile paper in filing cabinets. In the mistaken belief that GDPR only applies to computer data. Like the Sicilian Mafiosi who only communicated by little paper notes. He had smuggled out from his hideout for 20 years. Some of us feel that paper is somehow safer than electronic communications.

Data is data on disc, paper or in the cloud, even in your mobile phone. If you take a client’s phone number and save it on your phone you have just collected personal data. 

So it’s best to keep it safe and easy – using paper forms is neither.

As a 21st Century business manager you probably book your appointments using ‘Booksy’ or a similar system. You run your accounts on ‘Quickbooks’ or ‘Xero’. Unfortunately, many therapists are still keeping patient consent and medical records on your hard drive, or worse, on paper forms.

That’s an awful lot of data, all of which, if it’s not correctly secured and stored makes you vulnerable to an attack by a hacker or experience a data leak.

IT’S A REAL DANGER

According to the government department for Digital, Culture, Media and Sports 2018 survey, over four in ten businesses and nearly two in ten charities experienced a cyber security breach or attack in the last 12 months. No wonder nearly three quarters of businesses (74%) and over half of all charities (53%) say cyber security is a high priority for their management.

The average cost per breach was over three thousand pounds.

Unfortunately today we all produce so much data. With GDPR in place, fines are coming in thick and fast, and with cyber-attacks becoming increasingly sophisticated and expensive, it really is time to get serious about your data.

We have all heard of the ransom that was demanded after malware froze the NHS. You can bet didn’t demand just three grand.

How would you cope if you were locked out of your client’s database? How much would it cost you if you lost your clients contacts?

NOW IS THE TIME TO ACT

There has never been a more important time to make sure that your cyber security is able to keep your data safe. 

Fortunately, you can now buy insurance against these losses.

Cyber and data risks insurance is available to protect and support your business. If you are the victim of malware from a malicious site, subject to an attack by a hacker or suffer a data breach.

If you use a Paperless System such as iPEGS, Consultation Forms, Consent Forms, Medical Histories and Treatment Plans, you can be sure your data is safe.

As the data processor we store and encrypt your data in a secure, state of the art, UK data centre. We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks. We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

If you would like to know more why not email me: steve @ipegs.co.uk or contact me direct on 01244 955350 and we can discuss how iPEGS can help you secure your patients data.

INFORMATION IMPORTANT TO THERAPISTS

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, GDPR, Holistic Health, Hypnotherapy, Medical History Form, Paperless, Security, Sports Therapy, Uncategorized No Comment yet

As a Therapist you collect a lot of information about your clients and their treatment.

In fact, your insurance policy demands it and they can be quite specific. 

Therapists are faced with mountains of paper consent forms, as your client base increases. Paper consent forms are insecure, inefficient and expensive. Storing forms on a hard drive is more efficient, but leaves you at risk from computer crashes, virus and malware.

iPEGS Paperless forms are the perfect solution. You free up valuable space, meaning no more clunky filing cabinets. iPEGS allows you to use your company branding and easily build and edit your forms. Search for your clients using our advanced search feature and manage your electronic forms into folders.

Forms don’t go missing like paper ones, which is vital for future reference or if a claim was to arise. 

Mandatory fields mean you will never receive incomplete forms with important missing information. Going paperless also means you can easily implement the latest GDPR consent requests.

COLLECTING INFORMATON

For Yoga, Pilates, Fitness, Meditation or Mediumship you must record the client’s name and brief details and record the date of the session and any other relevant facts.

Ensure that there is no health reason why clients should not attend class. If in doubt you should ask for their GP’s confirmation that they can safely participate in your class. 

At the start of each class please ask all participants is there any change in their circumstances. Any that could affect their ability to participate in and complete the class safely.

Insurers will be ask you to produce your records of the client/event,In the event of a claim,

GYMS, SHARED PRACTICES

Where therapists work in a gym, sports or leisure centre, or a shared practice often the centre keeps these records.  

You must advise the centre of any unusual events or of any injuries sustained during your class. 

You must ensure that the Centre gives you access to these records. In the event of a claim being made against you.

EXHIBITIONS AND PUBLIC DEMONSTRATIONS

If you give therapy sessions at public events, a great way to increase your client base, the name and brief details of every participant, date of session and therapy being demonstrated and any other relevant facts must be recorded.

iPEGS provides quick and easy way to quickly access and complete consent forms, consultation forms and medical history forms on an iPad, Tablet, Smart Phone or Laptop. This avoids discouraging queues and saves you and the client valuable time. Mandatory fields mean you will never receive incomplete forms missing important information.

After the event you can access and safely store the data on the iPEGS secure web portal. By incorporating marketing permissions on the registration form you can easily follow up and increase your client base by exporting this data from iPEGS.

Remember in the event of a claim you will be asked to produce your records of the client/event.

ONE ON ONE THERAPY

You are required to take consultation records and retain those records, one policy I checked asked for five years, but most require seven years, after the last treatment given. 

In the case of minors, insurers advise that records should be kept for at least 7 years after the minor reaches 18.

The records should as a minimum have the client’s full name, date of consultation and notes on the lifestyle/medical history where appropriate to the treatment being given. 

They should at least include a brief description of the therapy or treatment. 

The therapist must adequately record each and every treatment given to each and every client. 

The record is to include full details of the consultation process, the treatment, the result of the treatment and any aftercare instructions given where appropriate.

Notes need to be added of any adverse reaction to the therapy or treatment either separately or as part of the notes already used.

In the event of a claim you will be asked to produce your records of the client/event. The insured person must adequately record each and every treatment given to each and every client. This is to protect you in the event of a claim being made against you. 

WE CAN HELP

By using the iPEGS Paperless System for your Consultation Forms, Consent Forms, Medical Histories and Treatment Plans. You can be sure that your data is safe. Saved to the cloud there is no risk of a computer breakdown losing all your data. As the data processor we store and encrypt your data in a secure, state of the art, UK data centre.

We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks.

We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

If you would like to know more please email steve @ ipegs.co.uk or contact me directly on 01244 955350.