Press the ▶️ button on the video above to watch Dr Cath explain how you being GDPR compliant is just so important being a clinician, and how Private Practice Ninja can take care of all of the GDPR compliance work for you. Completely.
Watch the video – then you can also click this link to book a free in-depth phone consultation today.
Many people think that becoming GDPR compliant is just about getting a Privacy Notice together and using email encryption. But there’s far more to it than that.
Every Private Practice is different, and no one size fits all.
To use an analogy, every house and its household is different to the next house – different rooms, furnishings, people coming and going, and there will be different financial arrangements, e.g. mortgage versus renting etc.
Your Private Practice is unique from everyone else’s. You may be using different patient management systems, storing data in different places, working on different hardware and transmitting data in different ways to different people.
This is what becoming GDPR compliant looks like in terms of the process we use for our clients.
We book a phone call or meet to face to face.
We’ll be asking you questions to examine several things – so that we can build what’s known as a ‘data flow audit’. It’s a detailed inventory of where and how all of your patient related data is stored, and the lawful basis for processing that data.
We’ll be asking you questions such as:
Do you have a patient management system?
Do you use email – if so, what system
Are you storing any patient related data on your computer?
Do you store any patient data in ‘the cloud’ (such as DropBox/Microsoft OneDrive/Google Docs).
Is your laptop or desk top computer encrypted? How do you communicate information with patients and other clinicians?
Do you use Whatsapp or social media to communicate with or about patients?
Do you currently have any GDPR agreements in place with people who handle your patient’s data (e.g. your patient management provider)
Do you use a dictaphone /USB sticks/ smartphones in your Private Practice?
Do you use any patient education software such as ‘Physiotec’?
Do you and your team work in a physically secure area – are your computers locked away when you’re out of the office.
If you’re using other people’s computers (e.g. in a private physio or hospital environment), are they providing the safeguards to ensure that when you’re using them, your patients’ data is secure?
Do you use anti-virus and / or anti-malware software on your computers?
Are you backing up any patient related data that you store on your computer and systems? If so, how often, and to where? Bear in mind you should, at a minimum, back up to one location that is local to you, and one location in the Cloud. An example of the secure cloud backup solution we deploy for clients is iDrive. It's good value for money and effective.
Depending on what’s been uncovered from our Q and A session, will determine what areas you are or aren’t GDPR compliant in.
We’ll then send you a GDPR Compliance Project Proposal, explaining what needs to be done to get you GDPR compliant. But you don't have to do much.. We’ll manage this process end to end, with occasional phone conversations as we progress through the compliance project.
At the end of this process you will have:
A full set of GDPR documentation that comprises the following:
- Private Practice Privacy Notice
- Data Flow Audit
- Data Breach Policy
- Data Breach Log
- Information Security Policy
- Subject Access Request (SAR) Policy
GDPR compliant, modern and secure email system, including migration of your email from your existing provider
Automatic email encryption and decryption
The knowledge that your computers are safe and secure, as the GDPR requires.
Robust data backup strategy
Training in how to revoke access to emails sent in error
Training in how to handle a data breach
You can be safe in the knowledge that your systems and processes for handling patient data are GDPR compliant and that third parties that handle your patients’ data are also GDPR compliant.
You’ll know what to do if an email is sent in error, if a data breach occurs, of if a patient makes a subject access request for their data.
At Ninja, we have a unique blend of skills. We understand the pressures of Private Practice life (because we work in Private Practice), we have the GDPR expertise, and most importantly, the technical skills to be able get you GDPR fit. Whilst other organisations might be able to advise you on what being compliant requires, they may not be able to guide you how to get there or give you the practical assistance to get there.
What does it cost to become GDPR compliant?
The investment for most clinicians for their GDPR Compliance Project is approximately £1800-£2000.
We understand that this is a significant investment, and if required we are very happy to offer a payment plan. We usually split the payment into 25% paid up front, followed by four further monthly payments to clear the balance.
- The project cost is scoped to be £1840 (no VAT)
- We agree to start the project on the 1st February, and you pay 25% upfront (£460)
- We aim to deliver the project within 3 – 4 weeks
- You’ll make 4 further monthly payments of £345
(To put this into context, a monthly payment for most Consultants in Private Practice would equate to the revenue generated by just two extra patients.)
We know it’s a complicated area, and many Clinicians we have helped tell us that it’s be huge relief to have someone take care of it all for them, so that they can get on with treating patients.
If you need to get your GDPR compliance in order, please book a free phone consultation using our booking system (link below), and let’s have a chat, typically 30 minutes.
Regardless of how you choose to proceed, you’ll take away some valuable GDPR advice, on us : )
Now it's time for you to grow your Private Practice.