First piece of advice? Don’t panic! GDPR is simply an update of the previous Data Protection Act so if you’re running a half decent practice, you are more than likely fulfilling many of the requirements already. So move GDPR a little further up your “To Do” list and crack on. It’s really not nearly as frightening or complicated as people might have you believe.
Who are we and what have we done? We run a tight knit traditional practice (2 practising GP’s and a Practice Manager) out of King Edward VII’s Hospital just off Harley Street. We also offer a secure online web portal for our patients, called GPatHome, which has become an integral part of our day to day practice. This is due to the fact that more and more of our patients wish to consult with us remotely. This might be because they live abroad for all or part of the year, they travel for work or they simply don’t have time to leave the office. But interestingly, given the number of online medical resources and apps on the market, they don’t want to use something they don’t trust. They want to communicate with their own GP.
How do we deal with this demand safely? Well..our registered patients can use GPatHome, ensuring that all clinical information is secure and that, from a practice perspective we are renumerated for our time (it’s a paid for service) The demand from patients for remote consultations has always been there but in the past it has been difficult to monetise as patients didn’t feel that “a quick email” warranted payment! Our system offers transparency (everything documented by both doctor and patient remains on the portal) thus we also feel safe from a medico-legal perspective. This transparency provides security for both patient and practitioner; as such it’s become very popular with our patients and is a simple way for us to stay safe online.
Whether you interact online like us or not, whether you’re a GP, Physio, or any healthcare professional, a sole practitioner, part of a small team or medium enterprise; we’re all in the same boat. And with the aim to keep us all steadily afloat I’ve compiled a short tip list that I hope will help.
- Involve all of your team in discussions about data in your practice. I’m the nominated DPO but I’m not doing it on my own- my business partner and practice manager have contributed at every stage
- Mapping data flow sounds complicated but it so isn’t- ask yourself what personal data you hold on people? Where is the data held? How securely is it held? What data leaves the business and in what form e.g. are admin emails encrypted? Even if they contain no clinical information whatsoever but they contain personal data such as name, address or date of birth, they need to be sent securely.
- Review your processes at least annually
- And breathe!!
Obviously, the preparation for larger organisations will be more complicated but for the little guys, this is a good start!