com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'html' is unknown.

GDPR-related procedures by practice role

These procedures integrate into the practice through EXACT's standard Appointment Workflow:

Patient

For more details see: Contact Consentarchived & Preferences - Contact / Marketing Consent

  • Patients can record their contact consent via Clinipad & Patient Portal.

  • Patients can see via text Patient Data Use disclaimer in Clinipad or in a physical printout how their personal data will be used.

  • Patients can request that practitioners unsubscribe them from any or all communications that require their preference Opt-in

Receptionist

Arrival & Departure

  • When the patient arrives at Reception the Receptionist responds to the Arrival Task List prompt to secure the patent's signed Contact Consent by printed form or by Clinipad electronic form.

  • On patient departure through Reception the Receptionist responds to the Departure Task List prompt to secure the patent's signed contact consent (by printed form or by Clinipad electronic form), to help the practice to be compliant with GDPR when sending communications to the patient.

     

At any time (not constrained to the workflow)

  • The Receptionist can customise the text for the Clinipad Patient Data Use disclaimer.

     

Monitoring and reporting features:

To aid GDPR compliance, practice management are advised to track practitioner actions in relation to opting patients In or Out of communications, securing consents at arrival and departure, and in any way viewing or accessing patient private data.

Management tools to this end include:

  • Appointment Workflow Compliance Report,

  • Contact Preferences Audit


See: Preferences - Contact / Marketing Consent

Clinician

Clinician EXACT procedures are not typically affected by GDPR.


Practice Manager

  • By default on upgrade to v12.12, the setting to Market to patients without recorded consent is disabled to help with GDPR compliance.

    The Practice Manager can override the default setting (Configure, Practice Settings) and start marketing to patients without their recorded consent but this is not recommended.

     

  • You can enable or disable the prompt for collection of signed Contact Consent from Configure, Appointment Book, Arrival Options:

  • The Practice Manager can customise or oversee customisation of the text for the Clinipad Patient Data Use disclaimer from Configure, Appointment Book, Arrival Options.

  • By means of the MPC Reception Workflow Compliance Report or by means of the Appointment Workflow Compliance Report, the Practice Manager can view the success rate of signed contact consents collected by Reception.

    This is in order to ensure that contact consents are being effectively collected in the practice, to help the practice to be compliant with GDPR.

     

  • The Practice Manager can view the Contact Preferences Audit to view the history of a patient's Opt-ins and Opt-outs.

    (EXACT tracks practitioner Contact Preferences actions in the Preferences to Contact Patient window > Contact Preferences Audit tab)

  • By means of the Contact Consent Query the Practice Manager can differentiate patients who have given contact consent from patients who have not given contact consent.

    The practice can then structure queries to automatically send different templates to patients with and to patients without contact consent, while remaining GDPR compliant.

     

     

  • Configuration.

    The Practice Manager may need to manage the following configurations relating to GDPR:

    Preferences to contact patient

    Configuring arrival procedures for Contact Consent

    Configuring Contact Consent with Clinipad

    Editing the Receptionist prompt for Contact Preferences

    Excluding Unknown-status patients from business communications

    Creating a Contact Consent Query

     

GDPR Data Controller (possibly the Practice Manager)

GDPR Data Controllers may need to use any of the above-listed Practice Manager procedures in performance of their duties.

Practice Owner

  • The Practice Owner optionally customises the GDPR textual content presented to patients so that it best reflects the corporate image of the practice.

  • The Practice owner optionally oversees the application of EXACT features to help with GDPR compliance.

©2023 Henry Schein One International. All rights reserved.