Information Management Policy.

Purpose

This policy outlines how {Chapter One Dental} manages patient and staff information to ensure confidentiality, integrity, and lawful processing in accordance with legal and ethical obligations.

Scope

This policy applies to all practice staff, including employees, contractors, temporary staff, and trainees who have access to personal or sensitive information.

Legal and Regulatory Framework

This policy complies with:

  • UK General Data Protection Regulation (UK GDPR) 

  • Data Protection Act 2018 

  • Human Rights Act 1998 

  • Common Law Duty of Confidentiality 

  • Caldicott Principles 

  • General Dental Council (GDC) Standards 

  • Freedom of Information (Scotland) Act 2002 (if applicable) 

Data Protection

We are committed to processing all personal data in accordance with the UK GDPR’s seven principles:

  • Lawfulness, fairness, and transparency

  • Purpose limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality (security) 

  • Accountability

Data Subject Rights are respected and include:

  • The right to access their personal data 

  • The right to rectification 

  • The right to erasure (where applicable) 

  • The right to restrict processing 

  • The right to data portability 

  • The right to object 

  • Rights in relation to automated decision-making 

Privacy Notices for Patients, including Children are available in the waiting room and on the practice website.

A privacy notice for staff is available <in staff area>.

The table below outlines key responsibilities within our practice.

Table outlining responsibilities for data protection, including review of information management policy, subject access requests, staff training, data controller, and compliance, with names Dr Ashley Chisholm from Chapter One Dental Clinic, Edinburgh

Caldicott Guardian

  • A Caldicott Guardian is appointed to oversee the protection and appropriate sharing of patient-identifiable information. 

  • The Caldicott Guardian for {Chapter One Dental} is: < Ashley Chisholm > 

The Guardian ensures adherence to the eight Caldicott Principles, which govern how personal data should be handled in health and social care settings.

 

Confidentiality

  • All staff have a duty to maintain the confidentiality of personal and sensitive information obtained through their work. 

  • Confidentiality applies to information about patients, staff, and the business operations of the practice. 

  • Information is only shared on a need-to-know basis and in accordance with legal or regulatory requirements. 

  • All staff contracts and agreements have a clause regarding confidentiality of personal data, or a separate confidentiality agreement is signed.

Information Security

  • Electronic records are stored securely with access controls, passwords, and encrypted backups. 

  • Paper records are held in locked cabinets in secure areas. 

  • Access to data is limited to authorised personnel only. 

  • Data is disposed of securely when no longer needed (e.g., shredding paper records, wiping electronic data). 

  • The business contingency plan includes details on procedures for protecting and restoring personal data in the event of an incident.

Staff Responsibilities

  • All staff must complete regular training on data protection, confidentiality, and information governance. 

  • Breaches of confidentiality or data protection policies may result in disciplinary action, and potentially criminal proceedings.

Data Breach Management

  • All suspected or confirmed breaches of data must be reported immediately to the Ashley Chisholm or data protection officer. 

  • Serious breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours, as required. 

Data Sharing and Third Parties

  • Data is only shared with third parties (e.g., NHS bodies, referral services) when legally permitted and with appropriate safeguards in place. 

  • Contracts with processors (e.g., IT providers) include clauses ensuring GDPR compliance. 

  • Patients are informed about any information that is to be shared and why.

  • Information is only shared with consent from the patient.

  • There may be some circumstances where information can be shared without consent such as where information is required by the police to prevent or detect crime, when requested by a coroner, or in response to a court order. The Ashley Chisholm and/or the DPO is responsible for making decisions on sharing data in these situations.

Our Treatments

  • A woman with a shaved head smiling and laughing, with eyes closed, against a yellow background.

    General Dentistry

    Chapter One promises exceptional dental care that combines professional excellence, innovative technology, and a warm welcome.

  • A woman with curly blonde hair, smiling, laughing, wearing a light gray hoodie, holding the collar with both hands, against a blue background.

    Composite Bonding

    Composite bonding is minimally invasive, delivering immediate improvements with no downtime.

  • Close-up of a young man with freckles, smiling, wearing a gray sweatshirt, with an outdoor background and blurred sky.

    Invisalign

    Invisalign is a discreet and innovative way to straighten your teeth, offering a better alternative to traditional braces.

  • Two children, a boy and a girl, hugging each other on a dirt path in a field with autumn-colored trees in the background during sunset.

    Family Care

    We’re passionate about creating positive dental experiences, building strong oral health habits early, and keeping little ones engaged in their dental care.

  • A smiling man with gray hair wearing a white shirt standing outdoors near a tree, with sunlight filtering through the branches.

    Implants

    Using CBCT and guided placement technology, we deliver unparalleled accuracy and comfort at every step.

Treatments at chapter one