GDPR Compliance & EXACT
For the UK, Ireland and Netherlands these rules are formulated and managed by the EU-driven General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
Failure to comply with the rules and guidelines in these regulations could put dental practices at risk of prosecution. Patients are also likely to become more educated on what businesses can and cannot legally do with their personal data, so dental practices need to optimise knowledge and procedures around these regulations.
Compliance is not a one-time upgrade but a continuous activity. To effectively meet the GDPR requirements your practice processes need to be continuously amended, tightened and monitored.
It is also advisable to measure compliance so that you have an objective benchmark against which to maintain and improve it.
Note that practitioners may require retraining on amended procedures.
For example, it is advisable to compel practitioner login under unique usernames because allowing them to share usernames negates the effectiveness of the Contact Preferences Audit and User Activity Audit.
Listed below are some of the EXACT features that help your practice achieve GDPR compliance.
For more selective viewing see also https://soeidental.atlassian.net/wiki/spaces/PHS/pages/302186829 .
EXACT terminology is better aligned with GDPR
Business Communications replaces "Newsletters":
Under GDPR "Newsletter" is not a valid category as it could be either marketing or business communications, so historical EXACT consent around "newsletters" is ambiguous. The category "Newsletters" therefore becomes "Business Communications" in line with GDPR terminology. On upgrade to v12.12, your historical patient opt-ins and opt-outs for Newsletters are configured as "unknown", and patients are only sent marketing information if they have specifically opted-in.
Preferences replaces "Permissions":
Preferences to Contact Patient window (previously "Permissions to Contact Patient"):
The Contact Preferences tabs in this window replace the previous "Contact Permissions" tabs.
Preferences button in the Patient file Details Tab (previously "Permissions" button):
Contact Consent replaces "Marketing Consent":
Option to include "patients without recorded consent" in marketing communications
"Without recorded consent" refers to settings for which the patient has made no explicit choice on communications preferences.
In anticipation of GDPR regulations, when you upgrade to EXACT v12.12, the marketing to patients without their recorded consent is disabled by default by means of a field in the Practice Settings window:
However, practices who wish to continue with general marketing before the GDPR regulations need simply tick this checkbox:
User Activity Audit records user actions that potentially breach patient privacy:
Accessible by authorised Software of Excellence only, on request.
To track practice actions relating to GDPR regulations, EXACT keeps a record of user actions that potentially breach patient privacy.
The User Activity Audit logs practitioner actions that in any way touch on or enable viewing of patient data.
GDPR-related procedures by practice role
Creating contact Lists that Facilitate GDPR Compliance
Deleting Aged Data
©2023 Henry Schein One International. All rights reserved.