Data Protection Code of Practice  


We will keep your records safely 

This practice complies with the Data Protection Act (1998). This means that we will ensure that your information is processed fairly and lawfully. 

What personal information do we hold? 

Patient clinical and health data and correspondence: -  

·         Name, D.O.B, gender, address, telephone numbers, NHS exemption details, emergency contacts and Email.

·         Clinical records made by dentists and other dental care professionals involved with your care and treatment.

·         X-Rays, clinical photographs and study models.

·         Medical and dental histories

·         Treatment plans and consent

·         Notes of conversations with you about your care

·         Dates of appointments

·         Details of any complaints you have made and how these complaints are dealt with

·         Correspondence with other health professionals or institutions

·         Details of fees we have charger you, the amounts you have paid and type of payments


Why do we hold this information?  

We need to keep accurate personal data about patients in order to provide you with safe and appropriate dental care.  We also need to process personal data about you if we are providing care under NHS arrangements and to ensure the proper management and administration of the NHS. 

Retaining information 

We are required to retain your dental records, X rays and study models while you are a patient of this practice and after you cease to be a patient, for at least eleven years, or for children until age 25, whichever is the longer. Full details can be seen in our Data Retention Schedule.



Your information is held in the practice’s computer system.  The information is only accessible to authorised team members and Care Quality Commission Inspectors.  Our computer system has been secured with audit trails and information is regularly backed up to ensure it is not lost. Our systems have individual log in’s with password protection, which are regularly changed.  

We may need to disclose your information

In order to provide proper and safe dental care to: 

We can only share data if it is done securely and it is necessary to do so.

1.      Patient data may be shared with other healthcare professionals who need to be involved in your care

·         If we refer you to a specialist

·         Dental laboratory

·         Your Doctor

·         NHS payment authorities

·         Denplan or Practice plan of which you are a member

·         Dental software companies

·         The department of work and pensions and its agencies, where you are claiming exemption or remission from NHS charges.

·         The Police  

2.      Patient Data may also be shared with our text reminder service to remind patients of appointments and recalls.

3.      Patient data may also be stored for back-up purposes with our computer software suppliers Upland Systems of Buxton who also store it securely

4.      Patient data may also be shared with Debt collection agencies for recovery of bad debts.

5.      Employment data will be shared with government agencies such as

·         HMRC

·         Accountant

·         Payroll

·         Pensions

·         DBS checking service

·         GDC and other professional bodies


We will only disclose your information on a need to know basis and will limit any information that we share to the minimum necessary. 

In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care.  In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure. 

Reviewed by Michelle Smith Practice Manager September 2019 Next Review Due: September 2020