o zone login
  1. You are at:
  2. Home
  3. Standards
  4. Guidance for osteopaths
  5. Data protection

Data protection

When patients give you their personal information, they expect you to keep it securely and use it appropriately. The Information Commissioner’s Office (ICO) is the body that ensures compliance with the Data Protection Act in the UK.

The Information Commissioner

The ICO’s role includes registering people and organisations that process personal data, acting to improve their behaviour, and handling concerns about data management.

It has the power to issue fines of up to £500,000 for breaches of data security. The ICO provides advice and guidance to help organisations and people who run their own businesses, such as osteopathic practices, to comply with data protection requirements.

General Data Protection Regulation

The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 and will mean some changes to existing requirements. Keep an eye on the ICO website for up-to-date information about any changes necessary. See https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

Data controllers

People and organisations who process personal information are data controllers and must register with the Information Commissioner’s Office, so you need to establish who the data controller is for your patient records.

To find out if you are a data controller and how to register see https://ico.org.uk/for-organisations

Retention of patient records

Osteopathic Practice Standard D6 (3) says that you should keep patient records:

  • for a minimum of eight years after their last consultation;
  • if the patient is a child, until their 25th birthday.

Further guidance

The ICO also provides guidance on:


What do the Osteopathic Practice Standards say about data protection?

Standard D6: Respect your patients’ rights to privacy and confidentiality

Guidance: D6(5): You must comply with the law on data protection.

Further information about data protection

For more information about complying with data protection law, visit the Information Commissioner’s Office (ICO) website or phone the ICO helpline on 0303 123 1113 or 01625 545745.