PRIVACY POLICY
This Privacy Policy was produced on 25 May 2018 when the law changed with regard to how organisations and small businesses have to protect your ‘data’ (personal details and records). This is called the General Data Protection Regulation or GDPR (Europe) and The Data Protection Act 2018 (UK). The following summary highlights how GDPR is being implemented, by explaining why confidential information is held and how this is protected
- It is assumed that by engaging with this counselling psychology service you are consenting to records being kept. Keeping records is an essential component of healthcare. They help guide the process of therapy and form the basis of any reports needed
- Confidentiality is maintained at all times (i.e. your information is not shared) unless there are exceptional circumstances such as risk to yourself or others, when other services such as your GP or police may be contacted without your consent, as this is a professional obligation; see The British Psychological Society, Generic Professional Practice Guidelines
- Consultation notes and questionnaires will be held for varying lengths of time depending on the content (and then carefully disposed of). E.g. some records may be held indefinitely if there were any issues of concern that could lead to police investigation in the future. Mental health records are subject to special legislation - adult records are kept for 8 years after the last contact with the service
- All information recorded on paper will be securely stored in a locked filing cabinet and if this has to be transported outside of the office, great care will be taken in other premises and likewise locked in a filing cabinet
- Confidential digital information will be stored in a secure cloud service offering high levels of security
- Confidential information sent via the internet will be encrypted and password protected, with the password sent separately by text
- Letters sent by surface mail e.g. to GP’s, will be clearly marked Confidential
- All electronic devices (e.g. computer, laptop and phone) and used to access stored information will themselves be password protected
- Right of access called a ‘subject access request’ or SAR can be made for copies of letters but there may be an administration charge if all records are requested, as these may be ‘excessive’. These will be provided within 1 calendar month of the request being made.
- In the event of death or incapacity of the therapist, arrangements have been made for records to be held by a named professional colleague who will continue with the above obligations.
- This Privacy Notice will be subject to review, as needed or annually by 25 May.
- This service is registered with the Information Commissioner’s Office.