Retention Policy

Scope

This policy applies to all medical records and personal data held by Panacea Skin Solutions Ltd, including patient records, employee records, and any other records containing personal data. This policy applies to all medical records and personal data held by Panacea Skin Solutions Ltd, including patient records, employee records, and any other records containing personal data.

Definitions

• “Personal data” means any information relating to a living individual who can be identified from that information.
• “Medical record” means any document or electronic record that contains information about a patient’s medical history, diagnosis, treatment, or care.
• “Retention period” means the length of time that personal data or medical records are retained before they are destroyed or erased.

Retention Periods

The following retention periods apply to the different types of medical records held by Panacea Skin Solutions Ltd:

Patient Records – will be kept for 10 years after the date of the last consultation. Longer retention periods may be required for specific types of records such as those related to cancer diagnosis or treatment.
Employee records – will be kept for 6 years after the termination date of their employment. Longer retention periods may be required for specific types of records, such as those related to pension schemes or employee liability insurance.
Other records containing personal data – will be kept for 6 years after the purpose for which they were collected has been fulfilled.

Retention Procedures

1. Identifying retention periods: the retention period for each type of document will be identified and documented by Panacea Skin Solutions Ltd.
2. Record review: Panacea Skin Solutions Ltd will regularly review medical records and personal data to ensure that they are accurate, up-to-date, and relevant.
3. Destroying or erasing records: medical records and personal data will be destroyed or erased in accordance with the retention period specified above. Paper records used for the purpose of accessibility will be destroyed (if appropriate) at the earliest opportunity, once it has been scanned and saved as an electronic record.
4. Disposal methods: medical records and personal data will be destroyed or erased securely using methods approved by Panacea Skin Solutions Ltd, such as shredding, incineration, or digital deletion.
5. Data breach notification: in the event of a data breach involving medical records or personal data, Panacea Skin Solutions Ltd will notify affected individuals and regulatory authorities as required by law.

Data Security

1. Access Control: Access to medical records and personal data will be restricted to authorised personnel only.
2. Encryption: Medical records and personal data will be encrypted when stored electronically.
3. Physical Security: Medical records and personal data (if kept physically) will be stored in a secure facility with controlled access.

Compliance with GDPR

Panacea Skin Solutions Ltd will comply with the principles of GDPR when retaining and processing medical records and personal data, including:

• Fairness and transparency
• Purpose limitation
• Data minimalisation
• Accuracy
• Confidentiality
• Integrity
• Accountability

Review and Revision

This policy will be reviewed and revised annually or as needed to ensure compliance with changes in law, regulations, or best practice.