Open menu

WriteUpp – Access Requests for GDPR (Desktop v2.05.24)

Depending on your view on GDPR you will be delighted to know that today’s update is our penultimate GDPR-related release. It includes the Access Request functionality that we’ve been talking about for some time along with a host of other improvements and bug fixes.

Before we get started on what’s in the v2.05.24 release here’s a couple of useful documents in case you’re not familiar with GDPR and/or unfamiliar with the Access Request, which is a fundamental part of GDPR:

GDPR: A Practical Guide

GDPR: Don’t Underestimate the Access Request

If you want to catch up on any of our other GDPR articles or features please take a look at the GDPR section of the WriteUpp Blog.

New Feature(s)

Access Requests

If you’ve not read the article above here’s the one line implication of GDPR Article 15:

“Any one of your clients has the right at any time to be provided with EVERY scrap of data that you hold about them within 30 days of their initial request”

But don’t worry, we’ve got your back!

In this release we’ve provided you with a neat tool to manage the process and respond to an Access Request in seconds.

To take a look at the Access Request tool, just click on Main Menu->Tools. Here you’ll see the new Tools->Access Request user interface and then click on Access Requests to drop into the tool.

Tools-AccessRequest-1024x653

If you would like to know (in detail) how to deal with an Access Request in WriteUpp please take a look at the Help Centre article below:

How do I handle an Access Request?

Security Log

You now have a security log, which in the first instance will provide you with a record of deleted patients. The log shows an anonymised log of the records that have been deleted, which references the client’s anonymised name, WUID and DoB. It also logs when the record was deleted and who deleted it.

To access the Security Log just click on Main Menu->Tools->Security Log

Improvements

GDPR-Ready Legals

As we head towards the GDPR deadline on 25th May 2018 we have rolled out an updated Privacy Policy and revised Terms of Service. The highlights are covered below:

  • The new Privacy Policy uses the terms “Data Controller” and “Data Processor”. It is important to understand what this terminology means as our relationship with you involves operating in both roles.
  • We are your “Data Controller” in your capacity as a customer of WriteUpp. In simple terms this means that when you interact with us as our customer you provide us with certain personal information about you, your practice and your team (not your patients) and we control that data.
  • We are also your “Data Processor” when you enter patient data into WriteUpp and use our service. In this circumstance, you are the Data Controller and as such you control the data and we act as your Data Processor.
  • In our Privacy Policy we distinguish clearly between data that you provide to us as our customer and patient data that you enter into WriteUpp.
  • It is important to note that much of the Privacy Policy relates to our role as a Data Controller, where we hold personal information about you, your practice and your staff (but not your patients). Where clauses relate to our role as your Data Processor (and Patient Data) we have endeavoured to make this clear so that there is no confusion or ambiguity.
  • In relation to our role as your Data Processor, the new Privacy Policy confirms, amongst other things:
    • we have in place appropriate technical and organisational measures (underpinned by our award of ISO27001:2013), to protect against unauthorised or unlawful processing of Patient Data and against accidental loss or destruction of, or damage to, Patient Data
    • that Patient data is NOT transferred outside of the EU/EEA
    • that we will NOT transfer Patient Data to our group or subsidiaries
    • that we will only process Patient Data in accordance with the conditions for processing set out within it
  • It confirms what you should do in the event that you have any questions or complaints
  • It provides you with our contact details

Enhanced Outbound Email

This improvement relates specifically to messages that are sent via the email service provided in WriteUpp. If you are using your own email server (via SMTP) these changes do not relate to you.

Previously, if you used the email service in WriteUpp messages appeared from “WriteUpp Team”  in the recipient’s inbox which was potentially confusing, as below:

IMG_0025

Now they appear like this:

IMG_0028

Where “From” is the name of your clinic as it’s specified in Settings->Organisation, see below:

In addition, replies to messages sent using the email service in WriteUpp went to a NO-REPLY inbox. Now, they are routed through to your practice email address, also specified in Settings->Organisation.

IMG_0026

IMPORTANT: Please note that replies to your outbound messages are not added to the Messages tab of the Patient Summary.

ISO27001:2013

Not strictly an improvement as such, but we couldn’t resist!

You now have the added peace of mind that we have been awarded ISO27001:2013.

27537-copy-cert-pathway-software-uk-ltd-27001-060418

If you would like to know more about this award and what it means to you check out our blog post below:

We’re ISO27001:2013 Registered

Activity Feed/Latest Activity Enhancements

Both feeds now include the following events:

  • Invoice creation
  • Consent(s)

Left-Hand Diary Panel

If you have multiple users and you use the left-hand diary panel to select which users you want to see in your diary it now persists rather than disappearing each time you select a new user/diary.

New Currencies

Welcome to our new users in South Africa! We’ve added the South African Rand (ZAR) into our list of supported currencies.

Bug Fixes

  • Resolved various small issues with consent forms
  • Resolved print issues with the diary list view
  • Resolved DoB issues
  • Addressed issues with attachments when using Safari 11.x
  • Fixed “Forgotten Password” problem on Android version of the mobile app

Let Me Know When New Articles Are Posted

* indicates required
  • Jim Lucas

    Hi Bob, I just wanted to say thank you for all the work you and your team have been doing on the GDPR. It is very much appreciated. You’ve made the process much clearer and the fact that you communicate the changes gives me comfort and security that I can continue to use Write Upp long into the future. Its a great program for my healthcare clinic and I highly recommend it to any practitioner who is looking to simplify their practice management. I don’t know where I’d be without it…

    • http://www.writeupp.com Bob Bond

      Thanks Jim. We firmly believe in GDPR and we know how daunting it can be so I’m glad we’ve managed to make life a bit easier. Thanks again for taking the time to drop us a line. Bob