All information discussed in sessions is confidential. There are exceptional circumstances when it may be necessary to talk to someone if there are concerns about your or someone else’s safety, to make sure that everybody is safe.
Personal and sensitive information is held securely, in accordance with GDPR (General Data Protection Regulation).
The new EU General Data Protection Regulation (GDPR), coming into force on 25th May 2018, is the new law on data protection and privacy for all individuals within the European Union. The primary aim of the law is to give more control to citizens and residents over their personal data. GDPR will replace the 1995 Data Protection Directive.
How will GDPR affect you?
GDPR will apply to any organisation/company/individual that manipulates information about any persons. It will require minimum standards around secure storage of personal information, the right to access personal information held about you, the right to have your personal information deleted and how your data is transported, where applicable.
For more information on GDPR, please follow the links below:
Below I summarise how GDPR will affect you and information I hold about you in the therapy context:
What information do I request?
As part of the therapy I offer, I require personal information to aid me understand the difficulties, diagnoses and factors that affect the problem and circumstances that bring you to therapy. This information is important in order to provide best possible care. I also hold demographic information, including address and contact details for communication purposes. In addition, I hold details of your next of kin and GP in case of emergencies.
What use will I do of your information?
Your personal information will be used for clinical purposes ONLY, as part of the therapy service I offer to you. The information will not be shared with third parties. Should a request for your information be made by a third party (GP, Local Authority, Court), you will be informed and your consent sought. I may be required by Law to disclose information about risk to yourself or others if I feel that either yourself or others are not safe. I will do my best to discuss any need for disclosure with you, unless the disclosure places you or others at further risk.
As part of my professional registration, I am required to receive clinical supervision to ensure that I am meeting the practice standards required from practitioner psychologists and CBT psychotherapists. Supervision is provided by a qualified and registered supervisor who abides by the same professional guidelines that I do. Information discussed in supervision is anonymised and only information relevant to supervision will be shared.
How will information about you be kept?
Information about you will be stored securely and confidentially, in line with GDPR. Professional bodies generally advise that clinical information is kept for 7 years after the end of an intervention, or 7 years after a child turns 18 in the case of children, from the last session.
Your right to access information about you
You have the right to ask for a copy of your personal information, free of charge, in electronic or paper format. You also have the right to request that any incorrect information about you be amended.
Your right to change your mind regarding consent to keep information about you
You have the right to withdraw your consent to hold all or part of your information and request a change of any aspect of prior arrangements. (e.g. regarding communication). Please contact me using the details provided below should you wish to change our consent agreement.
Your right to be forgotten
You have the right to ask to have any information held about you deleted. This includes your personal information. In all cases and when considering such requests, this right is obligatory unless it is information that I have a professional legal obligation to retain.
In order to provide my therapy services, I will need to contact you in order to arrange and remind you of appointments, to send you material and resources relevant to the sessions and therapy, to notify changes in appointments and to send you invoices for the sessions. There are several ways in which we can communicate regarding the therapy: telephone, text messages, emails and post.
Emails: I use Gmail to communicate by email. Gmail uses an encrypted system that protects communication. For additional security, if I need to send a document attached to an email, the document will be password protected, and I will send you the password using a different medium. In addition, emails will be deleted from my inbox and bin and saved with clinical notes, in case my email account is unlawfully accessed.
Text messages: I will only send text messages to remind you of your appointments. All text messages will be deleted after the appointment date.
I am not responsible for data/information you hold at your end, if the means by which I sent you the information was in keeping with data protection regulations.
Who to contact if you have any questions
I am the Data Controller of any information held about you. If you have any further questions, you can contact me on 075 4771 7557 or firstname.lastname@example.org.
The right to lodge a complaint with a supervisory authority
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. They can be contacted on 0303 123 1113.