Posts tagged " GDPR "

Helping HR and Recruitment Specialists to Go Paperless

August 19th, 2019 Posted by HR No Comment yet

HR departments and Recruitment agencies have traditionally been very form heavy, with an extensive amount of sensitive data needed to be gathered from employees, candidates and employers. 

Using iPEGS Remote, you can create bespoke, company branded forms or pick from any of our standard templates, which you can amend and add your logo to. Below is an example candidate registration form for you to view and test.

Example Recruitment Registration Form

Forms can be sent electronically to your candidate, employer or employee via a url link (for example, in an email) which they can access on any device, complete, sign and submit back to you. Or you may wish to complete forms with the person face-to-face using an iPad or tablet.

Due to the changes with GDPR and data legislation companies now have to pay more attention to where this data is stored and how it is collected and used, which makes iPEGS a trusted solution.

As the data processor, we store and encrypt your data in a secure, state of the art, UK data centre. We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks. We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

Why go paperless with iPEGS?

iPEGS advanced signature feature allows you to add multiple signatures to forms which automatically records the time and date of the signature. An optional feature is Face Stamp which takes a picture of the employee for increased authenticity (example image below).

  • Form fields can be made mandatory or optional meaning complete information every time.
  • With image and photo fields you can take a photo or upload supporting documents.
  • It is a low cost, flexible and efficient way of managing your business – paper free.
  • Better experience and increased data security for your clients.
  • Forms will not go missing.
  • Saves on expensive storage systems which take up room. 
  • No more delays in getting important forms back.
  • You are positively looking after the future of our planet as we plant a tree for every new customer.

Are you wanting to go paperless? Speak to a member of the team on 01244 955350 or email sales@ipegs.co.uk

View our pricing here

3 ways beauty salons can easily gather and store sensitive data

August 7th, 2019 Posted by Beauty, Beauty Client Forms, Uncategorized No Comment yet

With legislation regarding client information tightening due to GDPR, as well as the need for beauticians to obtain the necessary client consent before carrying out treatments, many beauty salons are looking at more efficient and cost effective ways to gather and store data. 

Thanks to electronic consent forms, beauty salons are able to safely and professionally obtain, manage and store confidential client information and consent electronically by storing it safely to The Cloud.  Here are 3 ways that iPEGS’ electronic forms can help beauty salons easily gather and store client data.

1.Switch from paper to electronic consent forms

Electronic consent forms are the easiest way to gather client data, whilst gaining consent. Unlike old fashioned paper, pen and clip boards, you can hand your client an iPad or tablet and create a professional and engaging first impression. You can even email your clients a form to fill out in advance of the treatment to speed up the consultation process.

Electronic forms also eliminate the risk of incorrectly filled in fields, illegible handwriting and lost paperwork, while mandatory fields will ensure the form is fully completed. Plus, beauty salon electronic consent forms enable you to stay compliant with the latest GDPR requirements. 

2. Store data in The Cloud

The Cloud is an online space where you can store your data, safely and conveniently, which is why an ever-increasing number of businesses and individuals are turning to it.

Electronic consent forms allow you to easily save and store client data straight to the cloud, and with its advanced security features and low maintenance costs, it’s the smartest way to store your valuable data. It also allows you to access client information from anywhere – which is ideal for mobile beauticians or those who work from third party salons.  

3. Complete forms using electronic devices helps protect client data

Electronic consent forms bring beauty salon owners and their clients, complete peace of mind. The ease at which information can be obtained electronically and then safely stored straight to the Cloud, means that your clients’ sensitive information will remain safe, secure and confidential. Paper forms, on the other hand, leave beauty salon owners vulnerable to theft, loss or damage, not to mention the sheer amount of space they take up being in stored in a filing cabinet.  

Setting up a free trial with iPEGS is easy, and you can trial five forms for free before you choose to buy.  Find out how easy it is for your beauty salon to gather and store sensitive data using iPEGS’ electronic forms. 

GDPR AND ALTERNATIVE THERAPY CONSENT FORMS

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, Electronic signatures, GDPR, Holistic Health, Hypnotherapy, Medical History Form, Paperless, Photography, Sports Therapy, Uncategorized, Web Design No Comment yet

It is now over one year since the GDPR legislation came into effect on the 25th of May 2018, and it’s still a major area of concern to many small and medium-sized endeavours.

The Alternative Medicine sector is no exception as I discovered when we exhibited at the Holistic Medicine Exhibition at the ICC in Birmingham recently. 

Almost everyone I spoke to wanted to know if we could help them with compliance. It was as important as the cost savings of going paperless for them. Convenience for them and their clients is the other main benefit.

Many of them were members of a Professional Hypnotherapy Association. They comply with the hypnotherapy code of ethics they studied as part of Hypnotherapy training. Therefore complying with GDPR is important too.

Fortunately, using paperless forms is a great cure for many GDPR headaches.

Nothing worries us more than the unknown. So I thought I’d write down a few words about how GDPR affects Hypnotherapists.

GDPR IS A SOLUTION NOT JUST A PROBLEM

Many people saw GDPR for alternative practitioners as a problem. By offering more transparency it safeguards consumer rights in our online world. Not a problem but a solution.

However, GDPR was written by highly paid lawyers. It appears designed to be complex to keep them in business. 

So here is my take on it, let’s start from the top, shall we? 

WHAT IS PERSONAL DATA?

Personal data means information relating to an identifiable person. Information including, names, addresses, dates of birth, ethnicity, medical information etc.

If you collect personal data for example, using an iPEGS electronic consent form you are the Controller and we are the Processor. The same is true for Medical history, Treatment plan or in fact any of our forms.

As a controller, you determine the purposes of processing personal data. We as a processor, are responsible for processing the data, storing it securely as well as keeping it accessible and within the law. 

A RECENT SURVEY SHOWED NEARLY 40% OF SMALL BUSINESSES DID NOT UNDERSTAND GDPR REGULATIONS

Most people who use paper forms are both the controller and processor. They hold all the responsibility themselves. 

HANDWRITTEN FORMS ARE DATA TOO

GDPR applies to both automated personal data and to manual filing systems. Handwritten forms are data just as the most sophisticated online form, only more cumbersome. 

You must keep an inventory of all personal data that you process.

If that data is digital with the right provider it is relatively simple to keep within the law. Paper-based data is much harder to manage.

THINGS YOU AS CONTROLLER OF PERSONAL DATA SHOULD CONSIDER

  • You must obtain consent to collect data, even the informed Consent to treatment form. You must receive Informed consent to collect Informed consent.
  • How do you store information? In a filing cabinet, on an excel sheet, or securely encrypted in the cloud?
  • Do you share or transport data and if so, how? Is it in the car as you travel between clients? Scanned, printed out and posted, emailed? All these present risks. If submitted securely to a UK data centre, as with iPEGS forms, for example, those risks disappear. Unlike your data might.
  • Is the information subject to a retention schedule?
  • You must keep client data, usually for 7 years.
  • The type of information you are holding (names, addresses, dates of birth, medical history, etc).
  • Do you collect it as paper forms, electronic forms, etc?
  • Will the information for marketing, research, evidence of permission?
  • Who will share the data?
  • Will there be an effect on the individual concerned and is it likely to cause any individuals to object or complain?

ALTERNATIVE THERAPISTS CLIENT’S RIGHTS UNDER GDPR

  • The right to be aware, of data you hold on them.
  • To have timely access to their personal data.
  • The right to request rectification, without delay.
  • To have personal data deleted.
  • The right to data portability, which allows individuals to obtain and reuse their personal data.
  • The right to object, for example, using their data for direct marketing.

If you lose data and let’s face it losing a paper form is easy to do even in the best run surgeries, this counts as a breach.

GDPR WHAT ARE THE RISKS FOR THE HYPNOTHERAPY PRACTITIONER?

If someone gains unauthorised access to your client’s private information, you have 72 hours to report the data breach to both your customers and any data controllers, if your company is large enough to require a GDPR data controller. Failure to report breaches within this timeframe can lead to heavy fines. 

For most practices, GDPR creates the need for greater investment either in consultant’s fees or in your own valuable time. Ensuring your operational processes are up to the required standards, ensuring websites, forms etc are designed and optimised for the latest protocols.

THINGS TO CONSIDER WHEN CONTROLLING DATA

  • Are you or someone on your team trained on data protection?
  • What changes have you made this year to become GDPR compliant?
  • Have you built client consent into your system ?

Clients can give consent in various ways, such as email, a contact form on the website, a check-box on your landing page, tick box on the form etc.

Consent records must specify the time and date when consent was given, as well as the exact means they delivered consent. 

COMPLIANCE INSPIRES TRUST

Compliance not only protects the patient, but it also protects your surgery from overstepping the boundaries.

Companies who seem to cut corners with data protection might well cut corners elsewhere. Most of us are members of a National Hypnotherapy association and have no problems with Hypnotherapy ethical issues. Cutting corners is not in our DNA we understand Our ethics and professionalism are all we have. So going digital make sense.

Can you simply and rapidly process data deletion for clients. Is it at the press of a button or will it take hours of work?

Do any 3rd parties have access to your client’s data? Third party access to data is all too common, third parties who might be using the same network or facilities, you need to be aware of any other parties who might have access to the data you’re collecting. This can be a particular problem in mixed therapy practices. Is it kept in a filing cabinet where others have access or a shared network?

How easy is it to export your data? Is it available at the touch of a button or is it a trip down to the cellar and a root through the filing cabinets?

PRIVACY BY DESIGN

One component of GDPR is privacy by design. This requires therapists to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a hefty fine. It is a good idea to take a good look at your website if it hasn’t had a design overhaul in the last year or so.

Are your forms easy to find and wipe? Who has copies? Are you holding data on your phone, laptop or PC and do others have access to these devices?

GDPR seems complex, but essentially it refers to the need to have business systems designed with proper security and privacy measures integral. iPEGS paperless forms, for example, is such a system.

If you would like to find out more about how a system such as iPEGS can help you manage your client data, please check out our website www.ipegs.co.uk or contact me directly steve @ipegs.co.uk or call me on 01244 955350, I will be pleased to help.

GDPR ISSUES FOR THE ALTERNATIVE MEDICINE SECTOR

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Consent forms, Consultation Forms, GDPR, Holistic Health, Insurance, Paperless, Security No Comment yet

Most of us are way beneath the higher risk threshold but our insurance companies are taking these levels of risk on our behalf and charging us to do so.

I spent some time this weekend chatting to specialist Healthcare Insurance Brokers at the exhibition and they were very pleased to see me. They assured me that the actuaries will sleep better knowing their clients are using iPEGS paperless forms.

Now I like a well-rested actuary as well as the next man, but my objective is to get them to discount insurance for our users. Not only is your risk less, so are theirs, after all.

For most practices, GDPR creates the need for greater investment either in consultant’s fees or in your own valuable time. Ensuring your operational processes are up to the required standards, ensuring websites, forms etc are designed and optimised for the latest protocols.

Large companies may appoint a DPO (data protection officer). However, for most of us DPO is just another hat to hang alongside the, therapist, counsellor, head of HR, finance, marketeer, sales manager and parent hats ti name a few. Being too busy is no defence in law unfortunately. I’ve always believed it’s a clever man who buys his brains. So if we can rely on professionals like iPEGS and save money into the bargain it’s a bonus.

COMPLIANCE INSPIRES TRUST

Compliance isn’t solely an expense, in order to conform to the rules, it helps to inspire trust and confidence in the eyes of our patients.

Companies who seem to cut corners with data protection might well cut corners elsewhere. Most of us are members of a National Hypnotherapy association and have no problems with Hypnotherapy ethical issues. Cutting corners is not in our DNA we understand our ethics and professionalism are all we have. So going digital make sense.

Compliance not only protects the patient, but it also protects your clinic from overstepping the boundaries.

THINGS TO CONSIDER WHEN CONTROLLING DATA

  • Are you or someone on your team trained on data protection?
  • What changes have you made this year to become GDPR compliant?
  • Have you built client consent into your system?

Clients can give consent in various ways, such as email, a contact form on the website, a check-box on your landing page, tick box on the form etc.

Consent records must specify the time and date when consent was given, as well as the exact means that they delivered consent. 

Can you simply and rapidly process data deletion for clients. Is it at the press of a button or will it take hours of work?

Do any 3rd parties have access to your client’s data? Third party access to data is all too common, third parties who might be using the same network or facilities, you need to be aware of any other parties who might have access to the data you’re collecting. This can be a particular problem in mixed therapy practices. Is it kept in a filing cabinet where others have access or a shared network?

WHAT PROTECTIVE MEASURES DO YOU HAVE IN PLACE?

Are there proper security protocols in place that will detect data breaches when they occur? How do you know if your client’s data had been hacked into or copied? The last thing you want is to find out about a data breach from your users and valued client. This is a sure-fire way to lose trust. 

How easy is it to export your data? Is it available at the touch of a button or is it a trip down to the cellar and a root through the filing cabinets?

One component of GDPR is privacy by design. This requires therapists to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a hefty fine. It is a good idea to take a good look at your website if it hasn’t had a design overhaul in the last year or so.

Are your forms easy to find and wipe? Who has copies? Are you holding data on your laptop or PC? Do others have access to these devices?

The concept seems sort of complex, but essentially it refers to the need to have business systems designed with proper security and privacy measures integral. iPEGS paperless forms provides such a system.

If you would like to help improve the management of your client data and in the way you collect it please check out our website www.ipegs.co.uk or contact me directly steve@ipegs.co.uk or call on 01244 955350, I will be pleased to help.

INFORMATION IMPORTANT TO THERAPISTS

July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, GDPR, Holistic Health, Hypnotherapy, Medical History Form, Paperless, Security, Sports Therapy, Uncategorized No Comment yet

As a Therapist you collect a lot of information about your clients and their treatment.

In fact, your insurance policy demands it and they can be quite specific. 

Therapists are faced with mountains of paper consent forms, as your client base increases. Paper consent forms are insecure, inefficient and expensive. Storing forms on a hard drive is more efficient, but leaves you at risk from computer crashes, virus and malware.

iPEGS Paperless forms are the perfect solution. You free up valuable space, meaning no more clunky filing cabinets. iPEGS allows you to use your company branding and easily build and edit your forms. Search for your clients using our advanced search feature and manage your electronic forms into folders.

Forms don’t go missing like paper ones, which is vital for future reference or if a claim was to arise. 

Mandatory fields mean you will never receive incomplete forms with important missing information. Going paperless also means you can easily implement the latest GDPR consent requests.

COLLECTING INFORMATON

For Yoga, Pilates, Fitness, Meditation or Mediumship you must record the client’s name and brief details and record the date of the session and any other relevant facts.

Ensure that there is no health reason why clients should not attend class. If in doubt you should ask for their GP’s confirmation that they can safely participate in your class. 

At the start of each class please ask all participants is there any change in their circumstances. Any that could affect their ability to participate in and complete the class safely.

Insurers will be ask you to produce your records of the client/event,In the event of a claim,

GYMS, SHARED PRACTICES

Where therapists work in a gym, sports or leisure centre, or a shared practice often the centre keeps these records.  

You must advise the centre of any unusual events or of any injuries sustained during your class. 

You must ensure that the Centre gives you access to these records. In the event of a claim being made against you.

EXHIBITIONS AND PUBLIC DEMONSTRATIONS

If you give therapy sessions at public events, a great way to increase your client base, the name and brief details of every participant, date of session and therapy being demonstrated and any other relevant facts must be recorded.

iPEGS provides quick and easy way to quickly access and complete consent forms, consultation forms and medical history forms on an iPad, Tablet, Smart Phone or Laptop. This avoids discouraging queues and saves you and the client valuable time. Mandatory fields mean you will never receive incomplete forms missing important information.

After the event you can access and safely store the data on the iPEGS secure web portal. By incorporating marketing permissions on the registration form you can easily follow up and increase your client base by exporting this data from iPEGS.

Remember in the event of a claim you will be asked to produce your records of the client/event.

ONE ON ONE THERAPY

You are required to take consultation records and retain those records, one policy I checked asked for five years, but most require seven years, after the last treatment given. 

In the case of minors, insurers advise that records should be kept for at least 7 years after the minor reaches 18.

The records should as a minimum have the client’s full name, date of consultation and notes on the lifestyle/medical history where appropriate to the treatment being given. 

They should at least include a brief description of the therapy or treatment. 

The therapist must adequately record each and every treatment given to each and every client. 

The record is to include full details of the consultation process, the treatment, the result of the treatment and any aftercare instructions given where appropriate.

Notes need to be added of any adverse reaction to the therapy or treatment either separately or as part of the notes already used.

In the event of a claim you will be asked to produce your records of the client/event. The insured person must adequately record each and every treatment given to each and every client. This is to protect you in the event of a claim being made against you. 

WE CAN HELP

By using the iPEGS Paperless System for your Consultation Forms, Consent Forms, Medical Histories and Treatment Plans. You can be sure that your data is safe. Saved to the cloud there is no risk of a computer breakdown losing all your data. As the data processor we store and encrypt your data in a secure, state of the art, UK data centre.

We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks.

We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

If you would like to know more please email steve @ ipegs.co.uk or contact me directly on 01244 955350.