General Data Protection Regulation (GDPR)
Introduction[edit | edit source]
The General Data Protection Regulation (GDPR) is a European Union (EU) data protection law that provides a set of rules on how personal data should be gathered and handled. Any business that collects, keeps and analyses data sourced from EU citizens should follow the GDPR guidelines.
The main aim of the GDPR is to make sure that patients own their data at all times and use it for purposes for which they have given direct informed consent.
How does this relate to physiotherapy practice?[edit | edit source]
All patient information should be collected and used appropriately and according to the requirements of the GDPR to protect personal and sensitive data. This may require organisational and technical security measures to protect patient data in clinical records against unauthorised disclosure or processing.
The same applies to digital physiotherapy services, such as telehealth services. Third parties may be used to process or store patient data for e.g. assessment and exercise programmes software or electronic medical records. These third parties should process and store the data in their systems according to GDPR requirements.
Resources[edit | edit source]
Data Ethics and GDPR - Chartered Society of Physiotherapy, UK