Over the last six months Ocuco have spent much time consulting with customers and Data Protection experts, understanding their interpretation of the new regulation and have created a version of Acuitas 2 that assists with the compliance process.
Acuitas 2 now consolidates all information on communications, consent and data processing into one screen. Called the Data Processing tab, this screen is designed to ease the extra burden on staff and the business in compliance with the regulations.
The Data Processing Screen:
Traffic light display of consent making it easy to see status at a glance indicating consent as Agreed, To Be Completed/Expired or Rejected.
Print Data Processing Agreement for patient to Sign, scan and email to the patient OR capture electronic signature.
Record the details of the who might be giving consent on behalf of the patient.
Record date of consent and when it expires.
This area allows the capture of consent based on each reason for communicating; Recall, Surveys and Marketing. Each area has configurable text which can be used to script the questions and ensure that staff are giving a clear and consistent message. It also includes the text to describe any third-party processing if applicable.
The preferred channel of communication for Recall and other activities can be recorded here also.
Communication Channel Preferences:
The patient can opt-in or out of each method of communication – Letter, Email or SMS. If they opt-in the mobile number and email address are alongside for quick validation or addition.
Configuration of the Data Processing Screen :
Acuitas 2 now provides the admin user with the ability to set up templates and texts required to comply. Having these built into the software is not a requirement but Ocuco have invested in this development in our continued commitment to continuous improvement and adding value.
Configuration covers the following topics all which are part of making compliance easier for the practice owner:
Deletion or removal from processing can be carried out by Ocuco Support.
Should a patient request information on what data is stored and how it is used, the Acuitas 2 user can print or show patient on screen a Data Processing Agreement and can also capture written or electronic signature if required.
Should patients request access to the data stored on them, this can easily be provided in printed report format or an HTML file. Subject Access Request templates can be built into the letter templates in Acuitas 2.
All data can be edited and mistakes / incomplete information rectified as needed. Acuitas 2 also has an audit trail which records changes.
Patients can easily be removed from recall or marketing so that they will not appear in any lists. For those who remain, it is also possible to choose which media channel they prefer, email, letter and SMS.
Should patients request access to the data stored on them, this can easily be provided in electronic HTML format.
The patients right to object can be upheld by removing them from all processing. Practice owners should review their legal basis for processing, i.e. ongoing legal case etc. and understand the circumstances under which they remove the patient from processing.
Acuitas 2 does not do any automated processing for marketing. If you were making decisions based on profiling your patients, then the patient has the right to be excluded from this by removing consent for marketing.
Compliance is also met in the following areas.
When an eye exam is complete, the data being stored is relevant and necessary to the performance of the contract with the patient. Consent for non-contractual operations such as marketing can be recorded directly into the practice management system or documented and scanned into the patient records.
Acuitas 2 has inbuilt security rules covering both patient records and application access, passwords and PIN authentication with use and role-based access to functions and screens. Acuitas 2 utilises Oracle database for its strength of security.
Ocuco offer Secure validated Online Oracle Database Backups. This service not only backs up your Acuitas 2 database but also verifies that it is restorable in line with GDPR.
Enhancements to compliance in Acuitas
Ocuco offers both on premise and hosted implementations.
Hosting offers an extra layer of security and also means that a backup is not required on premise as it is carried out at the data centre.
Fees depend on the number of users so please email firstname.lastname@example.org for more information.
Ocuco can also offer database encryption to further enhance compliance.
Fees depend on the size of the database and if there are images, scans etc… so please email email@example.com for more information.
Ocuco can offer on premise customer an offsite backup option which also validates restoration. Why wait until disaster strikes to find out the backup is not going to give back the data. To purchase Online BackUp click here.
Marketing Opt In Flag Reset
Acuitas has a flag for marketing which could be set to default on or off. Some users may have set this to ‘On’ by default. GDPR requires that this is defaulted to ‘Off’. Should you wish Ocuco to reset all patient’s marketing flags to ‘Off’ please email firstname.lastname@example.org.