Search these help files
EXACT features have been amended to make it easier for dental practices to achieve compliance with the GDPR.
GDPR-related procedures by practice role
Creating contact Lists that Facilitate GDPR Compliance
Background
EXACT features can assist dental practices to follow increasingly strict rules around patient data collection and management.
For the UK, Ireland and Netherlands these rules are formulated and managed by the EU-driven General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
Failure to comply with the rules and guidelines in these regulations could put dental practices at risk of prosecution. Patients are also likely to become more educated on what businesses can and cannot legally do with their personal data, so dental practices need to optimise knowledge and procedures around these regulations.
Compliance is not a one-time upgrade but a continuous activity. To effectively meet the GDPR requirements your practice processes need to be continuously amended, tightened and monitored.
It is also advisable to measure compliance so that you have an objective benchmark against which to maintain and improve it.
Note that practitioners may require retraining on amended procedures.
For example, it is advisable to compel practitioner login under unique usernames because allowing them to share usernames negates the effectiveness of the Contact Preferences Audit and User Activity Audit.
Listed below are some of the EXACT features that help your practice achieve GDPR compliance.
For more selective viewing see also GDPR-related procedures by practice role.
EXACT terminology is better aligned with GDPR
Business Communications replaces "Newsletters":
Under GDPR "Newsletter" is not a valid category as it could be either marketing or business communications, so historical EXACT consent around "newsletters" is ambiguous. The category "Newsletters" therefore becomes "Business Communications" in line with GDPR terminology.
On upgrade to v12.12, your historical patient opt-ins and opt-outs for Newsletters are configured as "unknown", and patients are only sent marketing information if they have specifically opted-in.
Preferences replaces "Permissions":
Preferences to Contact Patient window (previously "Permissions to Contact Patient"):
The Contact Preferences tabs in this window replace the previous "Contact Permissions" tabs.
Preferences button in the Patient file Details Tab (previously "Permissions" button):
Contact Consent replaces "Marketing Consent":
Option to include "patients without recorded consent" in marketing communications
"Without recorded consent" refers to settings for which the patient has made no explicit choice on communications preferences.
In anticipation of GDPR regulations, when you upgrade to EXACT v12.12, the marketing to patients without their recorded consent is disabled by default by means of a field in the Practice Settings window:
However, practices who wish to continue with general marketing before the GDPR regulations need simply tick this checkbox:
Collect Contact Consent through both the arrival and departure workflows
EXACT can record, track and report on "Contact Consent" - the permissions given by patients to the practice to legally send them information, including marketing-related information.
Contact Consent is integrated into the Appointment Workflow, where Receptionists can be prompted to collect Contact Consent (Permissions) by means of both the Arrivals Task List and the Departure Task List.
Collect Contact Consent via Clinipad
Contact Consent can be conveniently captured via Clinipad, where a single patient signature checks (ticks) all Opt-in boxes in the Preferences to Contact Patient screen.
Convenient use Clinipad and Print forms directly from the Patient Details screen
Receptionists commonly open the Patient Details screen either when a patient arrives or when a patient leaves.
They can conveniently click the Preferences button to open the Preferences to contact patient window, from where they can send the Communications Consent forms to Clinipad or they can physically print it for patient signature.
Use Clinipad to display the Patient Data Use disclaimer
Clinipad includes a default (but editable) disclaimer on the use of patient data.
By default this is shown to the patient in the Clinipad patient demographic form, but it can be optionally de-activated / hidden.
Configuration:
Record, track and report patient Contact Preferences
Contact Preferences Audit (Administrator-level users only):
EXACT tracks practitioner Contact Preferences actions in the Preferences to Contact Patient window > Contact Preferences Audit tab.
Administrators can view the history of a patient's Opt-ins and Opt-outs:
Changes to contact consents via Clinipad are tracked in the Patient Contacts tab:
Practitioner actions around Contact Preferences are tracked in the Appointment Workflow Compliance Report:
The Appointment Workflow Compliance Report includes a Contact Consent line that provides data on how well the practice records marketing consents:
Practitioner actions around Contact Preferences are tracked in the MPC Reception Workflow Compliance Report:
The MPC Reception Workflow Compliance Report displays the success rate of signed contact consents collected by Reception. This is in order to ensure that contact consents are being effectively collected in the practice, so that the practice can be consistently compliant with GDPR. 
User Activity Audit records user actions that potentially breach patient privacy:
Accessible by authorised Software of Excellence only, on request.
To track practice actions relating to GDPR regulations, EXACT keeps a record of user actions that potentially breach patient privacy.
The User Activity Audit logs practitioner actions that in any way touch on or enable viewing of patient data.
Authorised Software of Excellence personnel can access these audit records on request.
