Privacy policy.
GDPR (General Data Protection Regulation) is the most significant piece of privacy and data protection in twenty years. It took effect on 25th May 2018 and from that date we are required to ensure that we gain a new data protection and privacy consent from all clients. In it (amongst other things) we confirm what information we hold about you and how we are permitted to use it.
The basics
Our professional registration requires that we keep information about clients and the work that is carried out. We cannot offer a service if we cannot keep a record of the work that we do together.
We follow the law and codes of practice set down by the Health and Care Professionals Council (HCPC) and the British Psychological Society (BPS).
We have systems in place to protect your data.
You are entitled to request a copy of your data, free of charge, and to have inaccurate information corrected.
We aspire to the highest data privacy standards. If you have any questions, concerns or feedback, please let us know so that we can address them
You can complain to the Information Commissioners Office (ICO) if you think that we have acted unlawfully: visit ico.org.uk/concerns, or telephone 0303 123 1113.
The legal basis
We have what is known as legitimate interest for keeping data. We are all registered with the ICO in order to do so. We follow the rules outlined by our professional regulators, the HCPC and the BPS.
The information that is kept
We keep personal data e.g. your name, address, date of birth, GP and phone number. We also keep sensitive data e.g. notes from assessment and subsequent sessions, outcome measures and reports. If you are referred by your insurance provider, then we will also collect and process data provided by that organisation. This includes basic contact information, referral information, health insurance policy number and authorisation for psychological treatment.
The data that is collected is used for three reasons: (1) to provide you with a service, (2) for billing and processing payments, (3) to prevent serious harm.
How long the information is kept
As a healthcare professional, we are required to keep any medical data for up to seven years after your last appointment, or up to seven years after your 18th birthday. Notes are then destroyed by incineration. Information both during and following treatment can only be accessed by your Clinical Psychologist (or at your request).
You are able to have access to the full file, subject to a data request (triggering withdrawal of the notes from secure storage) and review of notes by your Clinical Psychologist to remove any third party information.
Who we may share your information with
We hold information about each of our clients and the therapy they receive in confidence, complying with all laws and regulations. We will not normally share your personal information with anyone else. However, there are exceptions to this, when there may be a need for liaison with other parties:
If you are referred by your health insurance provider, or otherwise claiming through a health insurance provider to fund therapy, then I will share appointment dates with that organisation for the purpose of billing. I may also need to provide treatment updates / progress reports, for the purpose of continuation of funding, or authorising subsequent sessions.
In exceptional circumstances, we may need to share personal information with relevant authorities:
When there is need to know information for another healthcare provider, such as your GP.
When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
When the information concerns risk of harm to the client, or risk of harm to another adult or child. We will discuss such a proposed disclosure with you, unless we believe that to do so could increase the risk to you or someone else.
What we will not do with your data
I will not share your personal information with third parties for marketing purposes.
Where data is stored
Dr Burton uses Writeupp, which is a cloud based practice management system designed for healthcare professionals. Writeupp is GDPR compliant. For more information please visit: https://help.writeupp.com/en/a...
Dr Burton and Dr Ridel use Google Workspace, which is cloud-based administration system and is GDPR compliant
In paper files
In mobile phones (initials only)
In email systems
How is data kept safely?
Personal information is minimised in phone (initials only) and email communication.
Sensitive personal information will be sent in a password protected document via email, or through an encrypted email system.
Paper notes and laptops are stored at all times in a locked cabinet, when not in use. Laptops are encrypted; password protected and kept up to date with firewalls and antivirus software.
Mobile phones are passcode protected.
We will always respect your personal information and comply with all data protection laws, including the new GDPR, effective from 25th May 2018.