1. Appoint a Data Protection Officer
This is a person at the clinic who is appointed by the data controller to monitor and make sure that the clinic complies with the GDPR and the regulations that have been made at the clinic.
For example, the task of the Data Protection Officer is to report to the Public Authority, and to act as contact person for personal data incidents at the clinic.
2. Conduct risk analysis
The Data Protection Regulation requires the clinic to carry out a risk analysis of the systems containing personal data. This can be systems such as journal systems, work phones, e-mails and also social media which may contain personal data.
3. Keep track of situations where data is processed
At a dentist’s office, you encounter situations every day where personal data is processed and it may not always be as easy to know or remember when processing the data. Below you will find a list of common situations where data is being processed:
– Scheduling an appointment through the website
– Documents to the Social Insurance Office (Försäkringskassan)
– Social Media
– Personnel issues
– Disclosure of information to other authorities
4. Referral Management
In Sweden, many referrals within dental care are sent out today. And it is therefore extremely important to keep track of how these are sent as they often contain sensitive personal information. As much has happened on the security front, there are now safe and effective solutions for sending sensitive information in a secure way, such as Boneprox.
Do NOT send sensitive information by using the following methods:
– Industry groups or forums such as for example. Facebook
– File sharing platforms that have not been created for sending sensitive information
5. Make sure the clinic understands the roles of GDPR
GDPR also involves some new defined roles within the business that it may be good to keep an eye on.- “The data subject” who is an individual, resides in the European Union, whose personal data is to be protected. In the case of the clinic, this can be both the patient and the staff at the clinic.
– “Data Controller” – who is a clinic, institution, company or a person who processes personal data, e.g. dental clinic.
– the “Data Protection Officer” who is a person at the clinic appointed by the data controller responsible for monitoring and that the clinic complies with the GDPR and the regulations that have been made at the clinic.
– “Personal Data Processor” – This can be an organisation that processes personal data on behalf of the data controller. For example, if the clinic has an IT partner who handles the personal data.
If your clinic wants more information on how to safely send sensitive information – don’t hesitate to contact Boneprox, which specializes in GDPR secure referral management. Contact us here!