Data Protection and Privacy Policy

 

What personal information do I hold?

I hold personal and sensitive information about the individuals with whom I work, which may include the following information:

  • Name of individual (adult and/or child)

  • Date of birth of individual (adult and /or child)

  • Names of parents and siblings

  • Home address(es)

  • Contact telephone numbers and email addresses

  • Name and address of family doctor

  • Name and address of school or college

  • Name(s) of other involved professionals

  • Clinical information re psychological difficulties

  • Relevant medical history

  • Developmental history

  • Family history and circumstances

 

I gather information which may include some of the categories above, in the form of written notes, during my first telephone contact with the parent or carer of a child or young person who is enquiring about using my service. If we agree to work together, these notes become part of the personal information held on file. If there is no on-going contact, these notes are shredded after one month.

 

I keep an electronic record of all enquiries to my service for the purpose of audit, however no identifiable personal information is held in this record.

 

To ensure that personal information I hold is accurate and up to date, clients are asked to fill in the Information sheet at the beginning of each episode of care and to review the Information sheet periodically.

 

New clients are invited to read this Data Protection and Privacy Policy and will be sent an electronic copy for their records.

 

Why do I hold this personal information?

This information is used for the purposes of clinical psychological assessment and intervention and in the preparation of report letters, formal psychological reports and summaries of psychological work where required. Consent to hold personal data is sought from all adults and children aged 12 years or over, young people and their parents or guardians at the first clinical psychology assessment meeting and at regular intervals thereafter.

 

With whom do I share personal information?

Personal information is never shared with third parties, unless explicitly requested by the individual, including children aged 12 years or older, young people and their parents or guardians who may give permission for me to speak with another professional involved, such as a teacher or doctor, or request that a written report of psychological assessment or intervention is shared. The notable exception to this arises if there are safe-guarding concerns, when it is my legal duty to share information with the relevant services.

 

How do I hold personal information?

Personal information is held in both paper and electronic formats. All personal information is held in compliance with the ICO’s General Data Protection Regulations. Paper records are stored in a locked filing cabinet in a secure building and are held for seven years beyond the 18th birthday of the young person to whom they pertain. After this period they are securely shredded. This is standard practice for medical records and is in accordance with the guidance given by my registering professional bodies, the BPS and HCPC.

 

Electronic information is stored on a password protected laptop which is held securely in my possession. Personal information held electronically will similarly be held for seven years beyond a young person’s 18th birthday at which point it will be securely deleted.

 

I hold personal contact details on a mobile phone which is kept in my sole possession and is password protected.

 

How do I share written reports and summaries?

Clinical psychology report letters, formal psychological reports and summaries of psychological work are shared in the first instance only with the people to whom they pertain via email. Thereafter individuals may choose to share report letters and summaries as they wish. It is a young person’s and parents’ responsibility to hold securely written and electronic versions of report letters and summaries, which will necessarily contain personal and sensitive information.  I will not share written material with any other professional or other people unless specifically requested by the client to whom the material pertains.  The exception to this is where there are safeguarding issues and my professional responsibility to share pertinent information prevails.

 

If your sessions are funded through insurance, then I will provide brief written summaries of our work to confirm therapy has been provided and to inform decisions about future funding.  The sharing of confidential information is kept to a minimum and is made freely available to you if requested.

 

What if you no longer wish me to hold your personal information?

I will immediately delete/destroy personal information I hold if requested by a child aged 12 years or over, a young person or his/her parents or guardians. The exception to this is if I am obliged by “legal interest” to keep medical/healthcare notes, for example in the case of safeguarding concerns.

 

Subject access requests

You can ask to review the personal information that I hold on you at any time. Subject access requests are processed as quickly as possible and always within a month of application.

 

What if there is a breach of data security?

Any breaches of data security, whether due to hacking or lapses in security, will be reported to the ICO immediately, investigated in a thorough and timely manner, managed and resolved.

 

 

updated February 2019