GDPR - re-permissioning


Can you let me know if there is anything planned for the data we already hold (email, mobile numbers) for patients.

In the past these have been added as the patient is added to the database but with GDPR looming it appears that we need to be looking at re-permissioning.

The new regulation requires that we need to collect affirmative consent that is “freely given, specific, informed and unambiguous” to be compliant. For consent to be valid under GDPR, a customer must actively confirm their consent, such as ticking an unchecked opt-in box.


Hey Cosic,

We are planning on having a field on the Patient Details page for documenting Consent. This means that you’ll be able to track exactly who has and has not consented to your policies within Cliniko.

As for completing the actual task of re-permissioning, I would recommend contacting your professional association (and/or your lawyer) so that they can help you develop a method to get the right permissions from your patients.

Let me know if you have any more questions,


I wonder if you could implement something similar to what WriteUpp is doing:

It would be helpful if the whole process is fairly automated for clinicians rather than just a simple field to document consent.



It’s not currently in our plans. I can see how containing the policy within Cliniko and facilitating the gathering of consent could be useful, so I’ll investigate it further.

Even though not the best news, I’d say realistically you could not expect us to have this in place in the near future.