What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) and to replace the existing EU Data Protection Directive on May 25, 2018. It is intended to enhance and harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.

Who Does GDPR apply to?

The GDPR applies to all organisations operating in the EU or processing "personal data" of EU residents. It defines personal data as any information relating to an identified or identified natural person


Rehab My Patient & the GDPR

We at Rehab My Patient believe that the protection of our customers and their patients’ data is fundamental so we have prepared and become compliant with the General Data Protection Regulation (GDPR). Our team and some security experts have strengthened our security policies and raised awareness about data protection. We have also made sure that our customers were informed in a timely manner, before May 2018. As the deadline for GDPR gets closer, we remain GDPR ready and complaint to protect the data of our subscribers and their patients.

What Can You Do?

DATA PROCESSING ADDENDUM

If you have determined that you qualify as a data controller under the GDPR, and need a data processing agreement (DPA) in place with your qualifying vendors, we want to help make things easy for you. Our GDPR compliant DPA is available for download and signature. Login and go to: www.rehabmypatient.com/settings/gdpr where you will find the DPA.

PATIENT CONSENT

If you determine you are a data controller, you will need to get the consent of your patient to enter their information into RMP. We have made it easy for you to do this, by adding a “Patient Consent” tick-box when adding your patient’s details.

FAQs

  1. Where can I find out more information about GDPR?

Go to https://www.rehabmypatient.com/gdpr and read the information, or login and go to the Settings and click GDPR.

  1. Have you done a GDPR compliance report?

RMP has commissioned a GDPR compliance report from an external organisation, who found RMP to be GDPR compliant. The report can be found here.

  1. What has RMP got to do with GDPR?

We at Rehab My Patient believe that the protection of our customers and their patients’ data is fundamental so we have prepared and become compliant with the General Data Protection Regulation (GDPR). Our team and some security experts have strengthened our security policies and raised awareness about data protection. We have also made sure that our customers were informed in a timely manner, before May 2018. As the deadline for GDPR gets closer, we remain GDPR ready and complaint to protect the data of our subscribers and their patients.

  1. What can you, as the subscriber, do?

If you have determined that you qualify as a data controller under the GDPR, and need a data processing agreement (DPA) in place with your qualifying vendors, we want to help make things easy for you. Our GDPR compliant DPA is available for download and signature. Login and go to: www.rehabmypatient.com/settings/gdpr where you will find the DPA.

Once you have electronically signed (or downloaded, scanned and physically signed) our DPA, re-upload it to the site.

  1. What is your privacy policy?

We have a GDPR compliant privacy policy that you can read here. It explains how we process your data.

  1. Do I need to get patient consent?

If you determine you are a data controller, you will need to get the consent of your patient to enter their information into RMP. We have made it easy for you to do this, by adding a “Patient Consent” tick-box when adding your patient’s details.

  1. Do you store cookies?

Yes we store cookies, some of which are necessary for the running of the RMP site. Details can be found in our Privacy Policy.

  1. Which Third party cookies do you use?

Google Analytics

We use Google Analytics to collect anonymized data about visitors to this site. We use this data to improve visitor experience, and to help us make the site better and attract more visitors. Google Analytics records:

  • The website the visitor came from to get to this site.
  • The kind of computer they are using (Windows, Mac, etc. as well as information like screen resolution, web browser etc.)
  • The visitors general location (eg: London, United Kingdom)
  • Where the visitor clicked on the site and how long they stayed for.

In using Google Analytics, we are bound by Google Analytics Terms of Service

You can opt out of Google’s advertising tracking cookie or use a browser plugin to opt out of all Google Analytics tracking software.

Cloudflare

We use Cloudflare to help us optimize and protect the RMP site. Cloudflare may place a cookie in your browser to help it provide its services. You can read more about this here - Cloudflare Privacy & Security Policy

YouTube cookies

We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.

Read more at YouTube’s embedding videos information page.

  1. Where do you store data?

RMP uses a third party hosting company for data storage called Digital Ocean, who are GDPR compliant. We store data in a Digital Ocean data center in London, UK. RMP has signed a DPA with Digital Ocean.

  1. What is Legitimate Interest?

As part of the new GDPR guidelines, there is a section about legitimate interest. This is an important section for therapists who collect data for the benefit of their patients. While GDPR will be widely used to reduce marketing emails or sharing of personal data for marketing purposes, there are times when taking patient data for their own benefit is acceptable with the patient’s consent. If you wish to prescribe an exercise plan to a patient to help them get better, and that is why they have come to see you, then you would be covered under legitimate interest.