Under GDPR, you’re going to have to ask for consent to send out marketing emails, but what about reminder notifications?
In most cases, you’re not going to need consent for reminders. Here’s why and how you can set your Jane account up as a health care provider:
What are reminders under GDPR?
The Information Commissioner’s Office expresses something we’d really like all Jane users to have a look at. When processing data under GDPR:
Care providers…will likely have a very good reason for processing much of the personal data they hold for the purposes of providing medical care.
Reminder notifications fall under “very good reason for processing.” You have a legitimate business reason to send reminder notifications because it helps you deliver and manage the health services you provide:
-
Reminder notifications are covered under your health clinic’s “Legal Basis for Processing Data” (many health clinics will be naming GDPR Article 9(2)h as their legal basis. Read more here: GDPR Consent Language.
-
Reminder notifications are also part of your clinic’s Legitimate Interests - it is common practice for people to rely on reminder notifications to actually show up for health care service appointments. People won’t be surprised that a health clinic offers reminder emails.
-
The processing of personal data in the form of a reminder notification for health care services has minimal privacy impact as defined under GDPR.
Checklist
There are two things to do to make sure you are following GDPR when sending out reminder notifications.
1 - First and foremost, your clinic needs to document the Lawful Basis upon which you are collecting and processing personal and health data. GDPR does not provide a standard on how to document your Lawful Basis so this could be in the form of a binder where you keep all of your policies and privacy information or it could be an electronic document or folder. The key is to ensure that what you record is sufficient to demonstrate that a lawful basis applies and the way you record it is accessible should you ever need to prove compliance with GDPR.
2 - GDPR also requires that you notify your patients of your data collection and use practices. What data do you collect? To what use do you put it? (Here you might explain that you collect email addresses in order to provide appointment reminder notifications). How long are you required by your regulating body to keep that data? Etc.
Have a look here for more info on how to inform your patients: Right to Be Informed
How to set up Jane
Once you’ve done those things, go ahead and set your entire clinic to receive appointment reminder notifications.
First, go to Settings > Reminders and Notifications. Under Notifications, click the top-right box for “Email Notifications.” Also check the boxes for the types of notifications you want to send. And finally, at the bottom there, click that one that says “Set all to Enabled.”
Not quite done yet. Now, make sure you allow your patients to opt-out of reminders if they don’t want them.
Under each reminder, you’ll want to click View:
Once the reminder opens up, make sure you have the reminder “Enabled” and “Patient Selectable.”
Now, by default, patients will receive reminder notifications, and they will have the choice to opt out if that’s what they wish to do.
Note: This information is not intended as legal advice.