The fees are explained here– SME’s fees range from £40 – £60 per annum
7. Decide who will be responsible for Data Protection within your organisation – it must be someone!
The ICO use a number of factors to decide what fines (or other actions) to take against organisations. In fact, when submitting Data Breach information to the ICO, organisations must answer questions about staff training and the operational measures that were in place to prevent breaches.
=> Put the essential operational measures in place now to avoid issues in the future.
What else happened? Well, on the same day, the UK introduced the UK Data Protection Act 2018 (DPA) which replaced the previous Data Protection Act 1998, and you will be assured to know that the core of the EU GDPR remains within our new 2018 Act (together with other UK specific provisions).
But have you done everything to ensure that you are compliant with the new data protection regulations? Here at Designated Medical, we aim to support you in all areas of your administration, so we’re delighted to introduce a new series of guest blogs from Karen Heaton, founder of Data Protection 4 Business, to guide you through the recent changes and what these mean in pragmatic terms, for your organisation or private medical practice.
GDPR and data protection for healthcare – Karen Heaton, Data Protection 4 Business
Sitting comfortably? Good. Then let’s begin.
Increased penalties 2 – 4% of global annual turnover, cessation of processing or, in severe cases, instigation of criminal proceedings. But you knew that already, right? We will take a look at the key risks which may give rise to high penalties.
Consent Additional conditions for obtaining and maintaining consent are now law. We all received sackfuls of emails from companies requesting our permission to remain on their marketing distribution list in the first half of 2018. But was this necessary? Well, that depends on your organisation and what data processing you undertake. We will look at examples of where consent is obviously required and where possibly not.
Data Breach notifications In certain instances, the relevant authority must be informed (in the UK, this is the Information Commissioners Office (ICO)). And within 72 hours of becoming aware. But what exactly constitutes a data breach that must be reported? Whose responsibility is it to report it? We will look at examples of breaches and discuss how to assess them.
Right to access (SAR) Data subject can request a free copy of personal data relating to them that your practice or organisation holds. For private medical practices, how does this compare with the Access to Medical Records Act 1988? For other organisations, what can or can’t I disclose? We will look at examples for both of these.
Accountability There is now a requirement to be able to demonstrate how your organisation or practice is compliant with GDPR and the DPA. This sounds simple, but what does it really mean? If ever audited or investigated, what would you show them? We will look at essential examples of what you should have in place to meet this requirement.
Data Protection Officers (DPO) Are you legally required to have a DPO? Probably not, unless you regularly and systematically monitor data subjects on a large scale. Or you are a local authority. But you do still need someone in your practice or organisation who is responsible for ensuring your business is compliant with GDPR and DPA. We will look at the various activities and tasks your nominated person needs to take care of.
No-deal Brexit? We are tracking the implications of No Deal on the Brexit negotiations and will round off 2018 with our best guidance on how you may need to prepare for this, still unlikely, scenario.
Today’s fact: The ICO reported that there was a 31% increase in the number of Cyber security incidents reported in Jan – Mar 2018 compared to previous year. => Make sure your internet security is up to date!
When I joined Designated Medical I had the undisputed pleasure of ditching the daily Cambridge London commute to become a virtual Business Development Manager with the aim of helping consultants establish and grow their private practice, as we say in our recruitment advert “What’s Not To Like?”
The invitation by Oxford & Cambridge Medical Management Courses for Designated Medical to sponsor and speak at their March course in Cambridge was a commute that I reckoned I could manage, but who knows with Cambridge traffic 😉.
Medical Management Course Not to be Missed
For Senior Registrars (ST6-7) and new consultants this is a packed 2-day medical management course not to be missed. Not only is the content excellent but the venue at St Catherine’s College Cambridge and the intimate nature of the course sets it apart. Best of all there’s lots of time to get to know your colleagues and interact. Dinner is in the Senior Combination Room with stunning views over the College’s Main Court and of course, grace in Latin!
The course is the brainchild of Urologists Oliver Wiseman from the Cambridge Urology Partnership and Ben Turney from Oxford Urology Associates both with recent experience of setting up successful private practice groups. This is a combination that really works and the course content is perfectly tailored to prepare senior trainees and new consultants for the non-clinical components of consultant life.
The course covers;
a medicolegal workshop
a management workshop
a private practice workshop.
Spread over 2 days there is plenty of time for discussions and debates with the organisers and the invited speakers. So that the delegates get a real taste of senior management and private practice.
There is also the opportunity to meet industry experts and really get to grips with issues. Topics such as personal taxation, the legal aspects of patient consent, medical indemnity, the importance of timely billing and collection for private practice. In addition, the pivotal role of the private medical secretary. That special relationship that can build a thriving private practice.
Grow your Private Practice
I talked about how to ‘Establish and Grow your Private Practice by providing a high class service to patients’. My favourite slide is ’60 and counting’. It’s so much more that answering the phone and booking theatre and clinic appointments!
So, a big thanks to Ben and Olly for inviting Designated Medical to be part of the course and for those of you who would like to know more, check out the next course this year at –https://www.oxbridgecourses.com/courses/