Dental practices handle a substantial amount of personal data relating to their staff and patients. This includes names, date of birth, contact details (such as addresses, telephone numbers, emails), bank accounts, financial data and dental records. Medical records in particular are classified as sensitive personal data as they contain information about the patient's health, treatment plans and medical history. Ensuring appropriate security measures is paramount for guarding against the risk of loss or theft from unauthorised access resulting in identity theft or fraud. The Data Protection Act 2018 and General Data Protection Regulation (GDPR) requires you to protect the personal data you hold, by ensuring you have the appropriate security measures in place. This is known as the security principle or the integrity and confidentiality principle of the GDPR. Any breach of personal data is likely to result in serious consequences for your practice including distress, loss of trust and confidence of the persons concerned; breach of your confidentiality obligations, increased insurance premiums and a possible investigation by the Information Commissioners Officer (ICO).
The GDPR requires you to implement 'technical and organisational measures to ensure a level of security appropriate to the risk'. You therefore need to undertake risk assessments so that you know what your risks are and how severe the threat is. We recommend that you carry out regular risk analysis at least annually to identify any issues with your security measures and take appropriate action to protect your dental practice from any data breaches before they can arise. You should assess the risk to all of your practice processes which collect, store, use and dispose of patient data including both manual and electronic records, dental equipment e.g. images from dental X-rays and video footage from CCTV.
This is a preview of subscription content, access via your institution