Confidentiality is important.
You may have read or heard about GDPR - the General Data Protection Regulation. This page outlines what this means to my practice and the ethical standards I adhere to. Please don't be put off by the 'wordiness'. It is intended to reassure you that I will honour and respect what you tell me in confidence. I also offer a contract which we both sign our agreement in how we work together.
Privacy Policy and Data Retention Statement-Effective from 25th May 2018.
I aim to be fully compliant with current GPDR legislation and to let you know how I use and protect the data you’ve given me. GDPR replaces the previous Data Protection Act. I wish to be transparent with regard to the processes I have in place. Identifiable information, if shared, will only be used in accordance with this privacy statement. I follow guidance from my governing bodies (Center for Counselling and Psychotherapy Education; United Kingdon Council for Psychotherapy; British Association for Counselling and Psychotherapy) and my insurers (Holistic Health Insurance).
This is a primary concern and is separate to other terms and conditions and the contract we signed when we started woking together. I hope to offer you choice and control. I will never use any of your data for writing, publishing, research or training purposes without your permission.
As a private practitioner, I’m considered the data processor and controller in my practice. ‘Data Processing’ means obtaining, recording or holding information. The definition is very wide, and some of what I do involves data processing in this sense to a degree. I hold responsibility should there be a breach. You have a right to see what information I hold about you should you wish to. You have a right to change any information which you consider to be incorrect. You can also ask me to delete all/any of the information that I hold. There are however some details I need to keep due to legal and professional obligations.
I keep dates and times of our sesions in a paper diary, including cancellations and attendance as I am required to record the number of sessions I offer annually for registration with my professional bodies.
I issue paper receipts as I am required to maintain seven years of financial records for HMRC.
I keep your first name and phone number in my mobile phone’s ‘contact list’ in case I need to contact you and so I can recognise your number if you contact me and respond appropriately. Your e-mail address is in my ‘safe contacts’ list so e-mail messages from you are not screened out as spam. My e-mail is synced to my phone. I only contact you in response to you or concerning appointments. When we discontinue working I will delete your number and e-mail address. I do not engage generally through detailed texts, e-mail or any social media.
I also keep your first name and phone number in my paper diary in case I need to contact you and my mobile phone is not accessible or operative.
During the first session I gather essential information such as next of kin, GP, address, date of birth and medication. This is securely stored in hard copy. No one but me can access this information. However, I am obliged by CCPE and UKCP to have a 'clinical will’, so that in the event of an accident which prevents me from working, I have appointed a fellow professional to manage the situation on my behalf. This is arranged for your welfare as my client and every step is taken to ensure GDPR standards are met. They work within the same framework as I do and will access the above details in order to contact you to inform you of the circumstances and provide any support you might need.
Supervision.
CCPE, UKCP and BACP all require me to have ongoing supervision to support and ensure my practice is ethical. Supervision is subject to the same confidential framework to which I try to adhere.
Data Storage.
I make process notes for supervision purposes and dispose of them by shredding when finished. I keep content notes of what topics we have explored in sessions along with any documents or letters you have given me. From today’s date I will print out and then delete any relevant e-mail communications and transcribe and then delete any relevant text messages. These sources might be useful as a reminder of possible topics to pick up on in later sessions. As a therapist who occasionally uses creative interventions, any drawing or art done in session is your property which I will store safely if you want me to unless you instruct me otherwise. My e-mail is password protected. My phone is passnumber protected. I hold the above hard copies in a locked cabinet for seven years after we have ended.
In the event of a complaint.
Please contact me directly. And if we cannot resolve this you could then contact the Information Commissioner Office ( ICO). I am registered with them and my reference is ZA279980. https://ico.org.uk/concerns/handling/ or Guidance for GDPR Compliance.
Agreement.
We have a contract which we discuss and both sign in the first couple of sessions. It outlines confidentiality and the rare and extreme occasions when I must break confidentiality in order to remain ethical and true to my duty of care for clients. We will regularly review our work together to check that our relationship, and if the way I keep confidentiality changes, I will share that with you.