GDPR update for the week of 23/04


#1

It’s a month until the GDPR compliance regulations kick into gear and we’re well on the way to becoming compliant! Here’s an update on what we’ve done, what we’re doing, and what’s on the cards for the upcoming month!

Cliniko as a processor of data

When it comes to your patients’ data, Cliniko is a processor of the data in your account, while you are the controller of that data. As a processor of data we will assist you to fulfil your needs as a controller, for example, by providing tools that can help you stay compliant with your patients’ requests!

Here’s an update on changes that we’ve already released to help you with your compliance:

  • You can now permanently delete a person completely from your Cliniko account, addressing the Right to Erasure/Right to be Forgotten. This is important for people who don’t have a legal requirement to retain records, or if that legal requirement has lapsed.
  • You can manage your patients’ consent to your Privacy Policy in Cliniko now. This will allow you to ensure that your patients in Cliniko have the right documents signed off!
  • In the Online Bookings portal, we’ve added details on how we store information in Cliniko and now require consent from your patients when making a booking. This change will help us in our quest to serve Online Bookings in the EEA zone legally.
  • Changed our bulk SMS function to distinguish between marketing messages and need-to-know messages.

Thankfully, we have a lot of things in place already to help with other rights, such as the Right to Object (since you’re allowed to edit marketing statuses in Cliniko), and Right to Rectification (as you can change any incorrect details in any Cliniko area!).

To improve on what we have available right now, the following changes are in progress:

  • A one-stop page to give you all (I mean, ALL!) information for a single patient. This will cover the Right to Access and Right to Portability tenets of GDPR.
  • Removing all currently “soft” deleted patient-related items in Cliniko. Previously, we just hid a deleted patient from being seen and used. We will be “hard” deleting soon!
  • Removing the patient name from the “history” in your browser, to help with preventing any possible data leakage from your account.
  • And, more to come!

The final piece of the puzzle, for our needs as a processor, will be to enter into a DPA with each and every account using Cliniko in the EEA zone. That document is with our lawyers right now, getting reviewed again, and we’ll be launching that one in the next month, too!

Cliniko as a controller of data

Cliniko is also a controller of data: your information that you provide to us! This can include, but is not limited to, your email address, phone number, business details, and more. As a controller of data, we have similar responsibilities to you as you do to your patients. This means that we’re working on making sure we are compliant in this area, too!

Some of the tools to help us comply with this include:

  • Full account deletion when requested of us.
  • Improved our tagging of EEA zone accounts, so that we can communicate with you in a more direct fashion (which will help us deliver this article as a message to you within your account soon!).
  • Improved and formalised our back-of-house policies, in regards to our employees and our policies surrounding the use of data in Cliniko and our related tools.

The most important things that we have in progress are our new Privacy Policy and Terms of Service documents. Those ones are also with our legal team now, and then we’ll be getting the revised versions in your hands as soon as we can. You’ll be hearing more about this within the next month!

Moving forward

We’ll be announcing our new updates when they get released right here, in the Updates & Changes area of our Community.

We’ll also be communicating to you directly when we have our new Privacy Policy, Terms of Service, and DPAs for you to consent to and sign off on!

As usual, you can always ask us for clarifications, or more information, via the Help → Chat With Us option within your Cliniko account.


Cliniko This Week - GDPR Updates, Scheduler Role Changes, and more
#2

Marketing indicator for Bulk SMS
#3

Hi

It strikes me the privacy policy that is agreed to when patients book online is more geared toward the cliniko user than the patient.

Could we have an option to link to our own clinic’s privacy policy instead / as well???


#4

You can add your own terms from Settings → Appointments → Online Bookings. There’s an option there for “Terms of service” which we’ll display here (alongside our privacy policy).

We’re in the process of updating our privacy policy so that it can be more clear. That’s still with the lawyers!


#5

Brilliant implementation of a link to my policy, thanks!!


#6

Hey @alexgreen, how did you find that so fast?