Consent under GDPR refers to one thing: COLLECTING AND PROCESSING DATA. We recommend reading our document on this: GDPR Consent Rules. But to sum up, most clinics using Jane aren’t going to need consent to collect and process data. Instead, they will be documenting Article 6(f) and Article 9(1) of GDPR as the Legal Basis upon which they collect and process data.
What does “process data” mean to GDPR?
Article 4 of GDPR defines processing as follows:
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Documenting a Legal Basis
Here’s an example of language a clinic might use:
The Village UK, located in London, England, fully complies with the European Union’s General Data Protection Regulation (GDPR) Article 6(f) and Article 9(1). Lawful collection and processing (including the distribution of email and text message appointment confirmations and reminders) of personal health data of natural persons who are EU residents is only carried out where necessary for medical and health appointment confirmation, evaluation, diagnosis, and treatment purposes. All data collection and processing occurs for the legitimate medical and health interests pursued by The Village UK, the data controller. Personal data collected and processed includes but is not limited to full name, address, contact information, family relations, medical information, diagnosis, and other items as required by the General Chiropractic Council and laid out in The Chiropractors Act 1994.
You can read Articles 6 & 9 yourself, if you like:
And of course, along with that documentation, clinics will take the necessary steps to match clinic policies to that declaration of compliance with GDPR. And clinics are going to be training staff on appropriate, GDPR-compliant behaviours when collecting and processing data.
Consent to Receive Marketing Emails
For best practices under GDPR, we recommend the following settings in your Jane account:
1 - Make electronic reminders Patient Selectable
With Owner access to your Jane account, go to Settings > Reminders & Notifications. Under Notifications, go ahead and “Set all to Disabled”, and don’t forget to click the “Update Notifications Settings” button:
2 - Allow patients to opt themselves in to marketing emails
With Owner access to your Jane account, go to Settings > Online Booking and scroll down to the section called “Display Preferences.” At the bottom, select “Select All to Opted Out” and click “Save”.
3 - Use generic treatment names
And you’ll want to pay attention to the names you give your treatment names because Jane includes the type of treatment in certain communications via email & text.
With Owner access to your Jane account, go to Settings > Treatments & Classes. When you set up your new treatments, in the name field, we recommend using the most generic name or treatment title that fits your purposes:
For more related help docs: Read our Guide on email notifications for more information on clinic-level changes.
On reminders read: Email & SMS Reminders
Consent for Treatment
Consent for treatment will be handled differently depending on what health care service you offer. In Jane, consent forms are completely customizable to your needs, and are built from Chart Templates. If you don’t want to build the forms from scratch, you can start with our Chart Template Library, chose a form that looks similar to what you need, and then make any necessary adjustments.
This information is merely a general summary. It is not intended to be nor should it be interpreted as legal advice.