Michael Sultan outlines the importance of effective data protection to dental practices
I am sure we all remember the recent blunder between the NHS and Google, whereby 1.6 million patient records were illegally shared. Through the development of a new, and undeniably helpful, app, the NHS unwittingly divulged sensitive patient data to a third-party company.
Not only was this incredibly embarrassing for the NHS, it represented a massive breach of patient trust and protection – and now serves as a modern-day parable regarding the importance of effective data protection.
This is particularly pertinent to us because changes in General Data Protection Regulation (GDPR) are imminent, necessitating a great change in the way dental professionals handle patient data.
This is familiar territory for us as healthcare professionals. We are accustomed to handling sensitive data while maintaining professional confidentiality, but GDPR encompasses much more than these aspects of our profession. The world has changed a great deal in the last few decades – and at the vanguard of those changes is the internet and social media.
Creating an online presence has brought many positive changes to UK dentistry, but has also created potentially dangerous gaps in data and reputational protection. GDPR seeks to address these changes and make sure that everyone is protected in the modern age.
The amount of sensitive information that daily passes through our practices is most likely not very high, but each bit poses a distinct risk if not handled correctly. Unfortunately thanks to online or cloud-based data storage and communication, such risks might become exacerbated.
GDPR lays out a series of obligations we must follow requiring changes to the way we undertake many aspects of daily practice, from data handling to marketing. GDPR also promotes data transparency, meaning we must be in the position to provide patients with access to how and why their data is being used.
They must also be able to remove their information completely from our systems, upon request, which will have an impact on how we store data and, particularly, use contact information. Sending out appointment reminders, newsletters or emails will have to be significantly more controlled, at the risk of serious penalties.
There’s no denying that this creates more work for our practices. Every member of staff will need to become well versed on the requirements of GDPR; and the practice will have to be more tightly controlled to ensure there are no breaches. But despite this, GDPR is an incredibly important piece of legislation, and will go a long way towards protecting our patients and, ultimately, ourselves.
It is important to remember that we, as healthcare professionals, have a duty of care to our patients, and this does not stop with their teeth. When a patient comes into our practice, we are obligated to protect them completely – not just with respect to their oral and general health, but in every way we deal with them; from handling their data to protecting their privacy. This is a fundamental step towards building trust between patient and practice, and if GDPR helps us do this better we should embrace it wholeheartedly, even if it means more work for us and our teams.
Dr Michael Sultan leads EndoCare, one of the UK’s most trusted specialist and referral endodontic practices. For more information call 020 7224 0999 or visit www.endocare.co.uk
Photo by Markus Spiske on Unsplash