Therapy Client Data GDPR

 

Therapy client data GDPR: for new and current therapy clients.

Therapy client data GDPR: As from 25th May 2018, under the General Data Protection Regulations (GDPR) I (Anna Colquhoun, Therapeutic Counsellor) am required by law to inform you (as my current therapy client, or potential therapy client) about how I process and keep safe the data I hold that pertains to you. 

I am also required to gain your explicit consent to my holding and processing your data in certain ways (which are detailed below). 

As an Integrative Counsellor and Psychotherapist, I take confidentiality and privacy seriously and am bound by a code of ethics.

If you are my current therapy client, or are about to become my therapy client, here’s what you need to do…

Please read and sign to indicate your consent. You may print a paper copy or copy and paste digitally.

If you do not wish to give your consent, you have the option to discuss with me, and it may be possible to create a bespoke agreement between us.

You have the right to withdraw your consent at any time. We would need to discuss what this might mean in practice, with the primary aim being to keep you safe. However, there may be certain situations that require certain information to be retained, and I may need to seek legal advice in this case.

If you agree to give your consent for me to hold and process your data as stated, please sign, date and return to me by hand, or email to me at anna@annacolquhoun.co.uk.

What therapy client data GDPR is held about you?

I keep certain data so that I can work safely and professionally with you, in line with the guidelines of professional organisations that I belong to, including BACP and BPsS.

The therapy client data GDPR I hold may include:

  1. Your name and address

  2. Your phone number and email address

  3. An emergency contact’s name and phone number

  4. Your GP name and contact details

  5. Relevant medical information

  6. Session notes

  7. Payment information

  8. My emails to you, and yours to me

  9. Invoices

 

You have the right to know what therapy client data GDPR I hold, why I hold it, and for how long I hold it.

You also have the right to view it, and to ask for changes to be made.

When sensitive data is to be destroyed, it is shredded.

If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you as soon as possible.

How, why, and for how long is your data held?

To try and make things as clear as I can, I’ve divided this into ten sections. You’ll need to consider each section individually, and if you consent then sign and date where indicated at the bottom of the page.

1. Your name and address

How I keep this data

I keep your name and address in paper form in a locked filing cabinet. These are kept separate from your session notes.

My clinical supervisor has your name, email address and phone number in paper form, kept in their locked filing cabinet.

Why I keep this data

This is required by my professional liability insurer and by my professional organisations (BACP and BPsS).

How long I keep this data

My professional liability insurer advises that I keep this data for seven years. After that time it is destroyed.

My clinical supervisor will destroy the data when you and I finish our work.

Who sees the data

Myself. My clinical supervisor will see your name and contact details, but not your postal address.

 

2. Your phone number and email address

How I keep this data

I keep your phone number in my mobile phone under an identifying code, not your name. My phone is locked with a passcode when I am not using it. Your email address is held in my EMail account, which uses two factor identification security.

Neither my computer nor my phone are shared with anyone else, unless it is required by a technician for maintenance.

I also keep your phone number and email address in paper form in a locked filing cabinet. These are kept separate from your session notes.

My clinical supervisor has your name and contact details in paper form, kept in a locked filing cabinet.

Why I keep this data

This is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice).

My clinical supervisor keeps this data so that you could be contacted in case I became suddenly incapacitated through a health crisis or other emergency, as required by my clinical will.

How long I keep this data

I will remove this data when we have finished our work, unless you tell me that you would like me to retain it in case we work together again in the future.

Who sees the data

Myself and my clinical supervisor.

3. Emergency contact’s name and phone number

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

It is unlikely that I would ever use this information, but I hold it in case I become concerned for your welfare and I cannot get hold of you. You and I may agree together on some other reason that I might contact this person, based on your best welfare.

How long I keep this data

When we finish working together, I will delete this data, unless you and I decide to make other arrangements.

Who sees the data

Only myself.

4. Your GP name and contact details

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

You and I may agree together on some reason that I might contact your GP, based on your best welfare, for example discussing diagnosis, treatment plan or safety procedures.

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data

Only myself.

5. Relevant medical information

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

It may be relevant to share certain medical information when:

(a) Your mental health history, diagnoses etc may inform my treatment plan to make it more appropriate for you or in case of referral to someone who can better support you

(b) There is any risk that health conditions such as seizures, diabetes, etc may impact a session

(c) Your medications may affect our work

(d) You have any allergies that I should be aware of in order to keep you safe

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data

Only myself.

6. Session notes

Notes may include dates and times of attendance, and brief notes on important themes from the session. I do not keep detailed session notes. I keep a ‘clear desk’ policy, which means that session notes and other information are not left unattended.

How I keep this data

I keep brief session notes that are password protected in electronic form. Your name or other identifying details are not kept with your session notes; only a code is used.

Why I keep this data

Brief notes may remind me of important points I want to be sure to remember to discuss in our next session, and/or in supervision.

How long I keep this data

After the work has been discussed in supervision, I may destroy any notes (or parts of notes) that my supervisor and I do not consider necessary to keep for longer.

My current policy is to destroy session records three years after our work finishes. If you would like me to retain them for a longer period, please discuss this with me.

Who sees the data

Only myself.

7. Payment information

How I keep this data

I make a note of payments you have made, on a password-protected financial spreadsheet for my business. I may also outline invoices and record payments in my paper diary, but under a code rather than your name.

Why I keep this data

As a small business owner, I am required by law to retain certain financial information, primarily for tax purposes.

How long I keep this data

I keep financial information for 7 years as advised by HMRC.

Who sees the data

Payment by bank transfer will be processed by my bank, but your account name will not be visible on my bank statements.

Banking transactions may be viewed by employees of the bank, my accountant, my financial advisor, and tax officers (HMRC).

When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.

 

8. Your emails and texts

How I keep this data

I may delete emails after I have noted the contents (for example, emails around scheduling). Any emails that I consider it necessary to keep are retained in my email account. Please only email me about scheduling due to email confidentiality and privacy issues.

If you would like to communicate via text, for example regarding rescheduling appointments, you will need to do this via an app called Signal. This can be downloaded to your mobile phone, it’s free and is straightforward to use.

Please note that normal texts, and related applications such as FaceTime, WhatsApp and Messenger, are not recommended due to confidentiality and privacy issues. I do not use these with clients.

Why I keep this data

I may keep emails if I consider it clinically necessary.

How long I keep this data

I will delete emails when our work ends.

Who sees the data

Only myself.

 

9. Invoices

How I keep this data

I create invoices on my laptop, and then export as pdf. Invoices are kept as password protected documents on my computer, and are sent via EMail.

Why I keep this data

I use the invoice to create the next one (in the case of ongoing work) so that I can revise and update it with new information.

How long I keep this data

I keep the invoice for a short time whilst I monitor payments (usually this is one month). Once payment has been made, and any further invoice has been created, I delete the invoice.

Who sees the data

Only myself.

Please sign and date below if you consent to the therapy client data GDPR points above. A digital signature (or simply your printed name) is acceptable.

 

If you have any other questions regarding how your therapy client data GDPR is processed and handled, please do not hesitate to discuss with me.

This document regarding therapy client data GDPR is subject to regular review and will be updated as I see fit.

Anna Colquhoun, Therapeutic Counsellor.

Information on this website is meant for informational purposes only and is not a substitute for medical or psychological evaluation or treatment. If you are concerned about your mental or physical health, please see a medical doctor or mental health professional to address your concerns. If you are experiencing suicidal thoughts or impulses, please dial 999 to seek emergency treatment immediately. Anna Colquhoun does not provide emergency mental health treatment.

©2019 by Anna Colquhoun, MSc, BSc, MBACP, MBPsS, Therapeutic Counselling. All content my own. Please ask my permission before using any content from this site. Created with Wix.com

  • Instagram

Information on this website is meant for informational purposes only and is not a substitute for medical or psychological evaluation or treatment. If you are concerned about your mental or physical health, please see a medical doctor or mental health professional to address your concerns. If you are experiencing suicidal thoughts or impulses, please dial 999 or 911 to seek emergency treatment immediately. The Samaritans can be contacted on 116 123. and Befrienders Worldwide can be contacted here: https://www.befrienders.org/. Anna Colquhoun does not provide emergency mental health treatment. All text and images on this site ©Anna Colquhoun, 2019, 2020 and may not be copied, published or used without permission. ©Anna Colquhoun All Rights Reserved