Dental practices confused over data protection, says report

  • Date: 12 October 2015

CONFUSION exists over when a dentist is required to register with the Information Commissioners Office (ICO) in compliance with the Data Protection Act, according to a recent report.

The ICO visited 21 dental practices across the UK and conducted an online survey in order to understand the information risks and challenges that dentists face. It found there was confusion over data protection requirements, with some dentists registering with the ICO when it is not necessary and others not registering as required.

The report also found that dentists do not always have written contracts with external suppliers containing appropriate clauses about information security, particularly with IT contractors. The ICO also found that some practices utilising new technologies, such as mobile and personal devices, were not appropriately controlling associated risks.

There was also a lack of clarity in some practices over retention policies (to determine when records, both physical and electronic, should be destroyed). Retention periods were not always clear, and not generally applied to electronic records.

Investigators found that overall dentists are "not always engaged with sources of best practice and new guidance in relation to information governance".

The report states: "Dentists operate within a number of different complex structures, including individual practices, partnerships, expense-sharing arrangements, limited liability companies and dental corporates. This has led to some confusion about the circumstances in which a dentist is (or is not) a data controller, responsible under the DPA for patient data, and also for registration with the ICO."

It encourages practices to visit the ICO website where there is a self-assessment tool and also specific dental practitioner FAQs. You can also phone their registration helpline at 0303 123 1113.

Link: Information Governance in Dental Practices

This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.

Save this article

Save this article to a list of favourite articles which members can access in their account.

Save to library

Related Content

Statutory duty of candour

GDPR an overview

GDPR for dental practitioners and practice managers

For registration, or any login issues, please visit our login page.